CPACK/IFW: allow signing of the installer binary
I am using CPACK/IFW to generate a .dmg disk image installer on macOS. This disk image contains a self-extracting binary. In order to run binaries, they need (a) to be signed and (b) notarised by Apple to avoid scary popups by gatekeeper. I can sign my own binaries inside the installer prior to packing, and the .dmg itself after "make package" finishes. But not the generated installer binary. That said, signing is a major prerequisite for notarisation.
The QtIFW binarytool has the option
-s|--sign identity Sign generated app bundle using the given code signing identity
where identity should probably be the same as used for "codesign" on macOS.
Unfortunately, cpack does not seem to support this yet. At least there's nothing obvious in the manual [1].