Please sign macOS binaries

[fulldecent]

Affected version 1.4.0.

Currently there is a "unidentified developer" warning. This is an unacceptable shortcoming for applications that involve physical health or monetary value.

[jrick]

This is not fixed by 174. We are getting dcrinstall signed and notarized for macos in this release, but the regular archive of unsigned executables will not run if you downloaded them from a browser.

[hermanlim]

They will run, but you have to manually open (using right click or command click - double click will not work) all the executables and individually approve it (macOS will prompt for admin user/password) to get it around the built in security measures.

Not an elegant look or approach for such a classy project ;P

[jrick]

dcrinstall is properly signed and notarized and it can be used to install all of the remaining decred cli tools to ~/decred. There has been some talk about extending our macos .pkg files to install the entire decred distribution, rather than only installing dcrinstall and requiring the user to run it as an extra step, but that has not happened yet.

One major annoyance for us is that signing the binaries breaks the build reproducibility, even if you remove the added signature you don't get the same file back.

[fulldecent]

Here is a general solution to making reproducible builds for open source projects: https://stackoverflow.com/a/70836033/300224