OSX local code signing and entitlements file to fix incoming connections prompt

Author: dave-gray101

Entitlements.plist

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.network.client</key>
+    <true/>
+    <key>com.apple.security.network.server</key>
+    <true/>
+</dict>
+</plist>

Makefile

@@ -106,6 +106,12 @@ ifeq ($(BUILD_TYPE),clblas)
 	CGO_LDFLAGS+=-lOpenCL -lclblast
 endif
 
+ifeq ($(OS),Darwin)
+	ifeq ($(OSX_SIGNING_IDENTITY),)
+		OSX_SIGNING_IDENTITY := $(shell security find-identity -v -p codesigning | grep '"' | head -n 1 | sed -E 's/.*"(.*)"/\1/')
+	endif
+endif
+
 # glibc-static or glibc-devel-static required
 ifeq ($(STATIC),true)
 	LD_FLAGS=-linkmode external -extldflags -static
@@ -273,18 +279,8 @@ dist: build
 	mkdir -p release
 	cp $(BINARY_NAME) release/$(BINARY_NAME)-$(BUILD_ID)-$(OS)-$(ARCH)
 
-build-signed: build
-	if [ "$(OS)" != "Darwin" ]; then \
-		exit 1; \
-	fi
-	echo "OSX: Signing Binary"; \
-	if [ -z "$(SIGNING_IDENTITY)" ]; then \
-		echo "Setting SIGNING_IDENTITY to the first available signing identity..."; \
-		SIGNING_IDENTITY=$(security find-identity -v -p codesigning | grep '"' | head -n 1 | sed -E 's/.*"(.*\)".*/\1/'); \
-		export SIGNING_IDENTITY; \
-	fi
-	echo "Signing as $(SIGNING_IDENTITY)";
-	codesign -s "$(SIGNING_IDENTITY)" "./$(BINARY_NAME)"; \
+osx-signed: build
+	codesign --deep --force --sign "$(OSX_SIGNING_IDENTITY)" --entitlements "./Entitlements.plist" "./$(BINARY_NAME)"
 
 ## Run
 run: prepare ## run local-ai