From a1f9bb0116df23d20740fdf25d35f5ad836425a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= <ulisesgascongonzalez@gmail.com>
Date: Tue, 21 Nov 2023 08:30:52 +0100
Subject: [PATCH] tools: add macOS notarization verification step

PR-URL: https://github.com/nodejs/node/pull/50833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
---
 tools/osx-notarize.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tools/osx-notarize.sh b/tools/osx-notarize.sh
index 292ce5af1d7dc2..d860074bf7d64e 100755
--- a/tools/osx-notarize.sh
+++ b/tools/osx-notarize.sh
@@ -48,5 +48,12 @@ else
   exit 1
 fi
 
+if ! xcrun spctl --assess --type install --context context:primary-signature --ignore-cache --verbose=2 "node-$pkgid.pkg"; then
+  echo "error: Signature will not be accepted by Gatekeeper!" 1>&2
+  exit 1
+else
+  echo "Verification was successful."
+fi
+
 xcrun stapler staple "node-$pkgid.pkg"
 echo "Stapler was successful."
\ No newline at end of file