From cea0fb0864c14218ff796ec60170d918cbd94111 Mon Sep 17 00:00:00 2001
From: Keith Smiley <keithbsmiley@gmail.com>
Date: Wed, 15 Jun 2022 21:26:15 -0700
Subject: [PATCH] [sh] Add script for resigning a binary and fixing rpaths

Originally from Dave Lee
---
 bin/resigned-copy | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100755 bin/resigned-copy

diff --git a/bin/resigned-copy b/bin/resigned-copy
new file mode 100755
index 00000000..b0262a32
--- /dev/null
+++ b/bin/resigned-copy
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -euo pipefail
+
+readonly orig_exe="$1"
+orig_dir=$(dirname "$orig_exe")
+readonly dest_dir="$2"
+new_exe="$dest_dir/$(basename "$orig_exe")"
+
+echo "cp \"$orig_exe\" \"$dest_dir\""
+cp "$orig_exe" "$dest_dir"
+
+extract_rpath() {
+  awk '/cmd LC_RPATH/,/path/ { if ($1 == "path") print $2 }'
+}
+orig_rpath=$(otool -l "$orig_exe" | extract_rpath)
+
+if [[ "$orig_rpath" =~ "@executable_path" ]]; then
+  readonly new_rpath="${orig_rpath/@executable_path/$orig_dir}"
+  echo "install_name_tool -rpath \"$orig_rpath\" \"$new_rpath\" \"$new_exe\""
+  install_name_tool -rpath "$orig_rpath" "$new_rpath" "$new_exe"
+fi
+
+# resign executable with "ad-hoc signing"
+set -x
+codesign --force --sign - "$new_exe"