Make macOS notarization optional for packaging

cmd/package/package.go

@@ -66,6 +66,11 @@ func main() {
 			Usage:       "Identity to use for codesigning",
 			Destination: &opt.SignIdentity,
 		},
+		&cli.BoolFlag{
+			Name:        "notarize",
+			Usage:       "Whether to notarize macOS packages",
+			Destination: &opt.Notarize,
+		},
 		&cli.BoolFlag{
 			Name:  "debug",
 			Usage: "Enable debug logging",

pkg/packaging/macos.go

@@ -102,8 +102,10 @@ func BuildPkg(opt Options) error {
 		}
 	}
 
-	if err := notarizePkg(generatedPath); err != nil {
-		return err
+	if opt.Notarize {
+		if err := notarizePkg(generatedPath); err != nil {
+			return err
+		}
 	}
 
 	filename := fmt.Sprintf("orbit-osquery_%s_amd64.pkg", opt.Version)

pkg/packaging/packaging.go

@@ -27,6 +27,8 @@ type Options struct {
 	Insecure bool
 	// SignIdentity is the codesigning identity to use (only macOS at this time)
 	SignIdentity string
+	// Notarize sets whether macOS packages should be Notarized.
+	Notarize bool
 }
 
 func copyFile(srcPath, dstPath string, perm os.FileMode) error {