I have a project that generates static libraries, which need to be code-signed, as the package including them needs to get notarized.
I have a set of custom targets that correctly sign the static libraries, and that works fine. Static libraries are not Mach-O binaries, so macOS will sign them using extended attributes. However, install(TARGETS) on the static library seems to wipe out extended attributes of every file it installs, including the signatures.
Is there any way to instruct install(TARGETS) to NOT wipe the extended attributes of the static library it is installing?
I just found out that CPack’s ZIP generator also wipes out extended attributes, as it likely uses plain zip(1) on macOS rather than ditto(1), which implements ZIP with extended attributes support for macOS ZIP deployments.
Actually, after some more experimentation, CPack will clear the extended attributes while staging the files into _CPack_Packages. So probably the staging logic needs to be updated to at least preserve the extended attributes that corresponds to code-signing (which start with com.apple.cs.* as far as I can see), and then the zipping logic might need to be tweaked too.