OSX: Code-sign executable to avoid firewall warning dialog

OSX El Capitan and Go 1.6

What I want is simpler than it sounds from the title.

The OSX firewall disallows any unknown application from accepting connections. When any such program starts, the user is presented with a dialog whether or not the said executable should be permitted to receive connections. The user's choice is then remembered.

The above works fine when for example one develops with node where the actual executable is a single binary and the user just needs to allow/deny it once.

When developing in go (and any other compiled language) the created executable is different every time. Which means I get the dialog every single time I start my server.

One way to avoid this dialog is to sign the executable with a self-signed certificate one generates in OSX itself. Once we have the certificate we simply sign the executable and allow/deny it once. Code signatures are always remembered even if the executable binary changes.

So, my question is:

Is there a way to make go run the signing command before running the compiled binary?

Even easier: start the server explicitly on localhost, like:

http.ListenAndServe("localhost:8080", nil)

I wrote a little piece on this recently:

suppressing-accept-incoming-network-connections-warnings-on-osx

Silly me. Took me 5 minutes to write the question and 2 minutes to find the answer and write the script that solves it. I'll post it here in case anybody stumbles on the same problem.

binary=$GOPATH/pkg/kliron/hiss/hiss.a   
go build -o $binary hiss/main.go
codesign -f -s klironCode $binary --deep   
$binary "$@"

Just use go build.