Allow finishing build on OS X <10.13.6

Building on OS X versions prior to 10.13.6 fails at the very end when
running `codesign`.
The `-options runtime`-argument isn't available on these earlier
versions of the OS.

Simply running codesign without that argument (on OS X <10.13.6) seems
to produce a runnable binary with no security warnings.

CHANGELOG.md

@@ -33,6 +33,7 @@
 
 ### For distributors and developers
 - fish source tarballs are now distributed using the XZ compression method (#5460).
+- Allow finishing builds on OS X <10.13.6 (previously builds would fail at the `codesign` step)
 
 ---
 

cmake/Mac.cmake

@@ -9,16 +9,27 @@ set(MAC_INJECT_GET_TASK_ALLOW ON CACHE BOOL "Inject get-task-allow on Mac")
 
 function(CODESIGN_ON_MAC target)
   if(APPLE)
+    execute_process(COMMAND sw_vers "-productVersion" OUTPUT_VARIABLE OSX_VERSION)
     if(MAC_INJECT_GET_TASK_ALLOW)
       set(ENTITLEMENTS "--entitlements" "${CMAKE_SOURCE_DIR}/osx/fish_debug.entitlements")
     else()
       set(ENTITLEMENTS "")
     endif(MAC_INJECT_GET_TASK_ALLOW)
-    add_custom_command(
-      TARGET ${target}
-      POST_BUILD
-      COMMAND codesign --force --deep --options runtime ${ENTITLEMENTS} --sign "${MAC_CODESIGN_ID}" $<TARGET_FILE:${target}>
-      VERBATIM
-    )
+    if(OSX_VERSION VERSION_LESS "10.13.6")
+      # `-options runtime` is only available in OS X from 10.13.6 and up
+      add_custom_command(
+        TARGET ${target}
+        POST_BUILD
+        COMMAND codesign --force --deep ${ENTITLEMENTS} --sign "${MAC_CODESIGN_ID}" $<TARGET_FILE:${target}>
+        VERBATIM
+      )
+    else()
+      add_custom_command(
+        TARGET ${target}
+        POST_BUILD
+        COMMAND codesign --force --deep --options runtime ${ENTITLEMENTS} --sign "${MAC_CODESIGN_ID}" $<TARGET_FILE:${target}>
+        VERBATIM
+      )
+    endif()
   endif()
 endfunction(CODESIGN_ON_MAC target)