diff --git a/configure.in b/configure.in
index 527b0762053e38af39c72ad137f52195f81a722b..bf31ecbecd1fbee614152c7fc4ffd709618765da 100644
*** a/configure.in
--- b/configure.in
*************** AC_CHECK_PROGS(OSX, [osx sgml2xml sx])
*** 1877,1882 ****
--- 1877,1912 ----
  #
  AC_CHECK_PROGS(PROVE, prove)
  
+ #
+ # Do code-signing? (currently only for OS X)
+ #
+ PGAC_ARG_REQ(with, codesigning, [STRING],
+             [use certificate STRING to code-sign binaries])
+ AC_SUBST(with_codesigning)
+ 
+ if test ! -z "$with_codesigning"; then
+   if test "$PORTNAME" = "darwin"; then
+ 
+     AC_CHECK_PROGS(SECURITY, security)
+     AC_CHECK_PROGS(CODESIGN, codesign)
+ 
+     AC_MSG_CHECKING([valid identity for codesigning])
+     cs_valid_identities=`$SECURITY find-identity -p codesigning | sed -n -E -e '/Valid identities only/,$ p' | sed '1 d' | grep "\"$with_codesigning\"" | wc -l`
+     if test $cs_valid_identities -lt 1; then
+       AC_MSG_ERROR([No valid identity '$with_codesigning' found.])
+     elif test $cs_valid_identities -gt 1; then
+       AC_MSG_ERROR([Ambiguous identity '$with_codesigning'.])
+     else
+       AC_MSG_RESULT([$with_codesigning])
+     fi;
+ 
+   else
+ 
+     AC_MSG_ERROR([--with-codesigning is not supported for $PORTNAME port])
+ 
+   fi;
+ fi;
+ 
  # Thread testing
  
  # We have to run the thread test near the end so we have all our symbols
diff --git a/configure b/configure
index f0580ceb5e5dcb3fdae2789f29eaf3bc757d08ae..f222fd30a7c68457f7d614597f81e9d9425e3a3e 100755
*** a/configure
--- b/configure
*************** ac_includes_default="\
*** 627,632 ****
--- 627,635 ----
  
  ac_subst_vars='LTLIBOBJS
  vpath_build
+ CODESIGN
+ SECURITY
+ with_codesigning
  PROVE
  OSX
  XSLTPROC
*************** with_gnu_ld
*** 838,843 ****
--- 841,847 ----
  enable_largefile
  enable_float4_byval
  enable_float8_byval
+ with_codesigning
  '
        ac_precious_vars='build_alias
  host_alias
*************** Optional Packages:
*** 1524,1529 ****
--- 1528,1535 ----
                            use system time zone data in DIR
    --without-zlib          do not use Zlib
    --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
+   --with-codesigning=STRING
+                           use certificate STRING to code-sign binaries
  
  Some influential environment variables:
    CC          C compiler command
*************** fi
*** 14785,14790 ****
--- 14791,14929 ----
  done
  
  
+ #
+ # Do code-signing? (currently only for OS X)
+ #
+ 
+ 
+ 
+ # Check whether --with-codesigning was given.
+ if test "${with_codesigning+set}" = set; then :
+   withval=$with_codesigning;
+   case $withval in
+     yes)
+       as_fn_error $? "argument required for --with-codesigning option" "$LINENO" 5
+       ;;
+     no)
+       as_fn_error $? "argument required for --with-codesigning option" "$LINENO" 5
+       ;;
+     *)
+ 
+       ;;
+   esac
+ 
+ fi
+ 
+ 
+ 
+ 
+ if test ! -z "$with_codesigning"; then
+   if test "$PORTNAME" = "darwin"; then
+ 
+     for ac_prog in security
+ do
+   # Extract the first word of "$ac_prog", so it can be a program name with args.
+ set dummy $ac_prog; ac_word=$2
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+ $as_echo_n "checking for $ac_word... " >&6; }
+ if ${ac_cv_prog_SECURITY+:} false; then :
+   $as_echo_n "(cached) " >&6
+ else
+   if test -n "$SECURITY"; then
+   ac_cv_prog_SECURITY="$SECURITY" # Let the user override the test.
+ else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ for as_dir in $PATH
+ do
+   IFS=$as_save_IFS
+   test -z "$as_dir" && as_dir=.
+     for ac_exec_ext in '' $ac_executable_extensions; do
+   if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+     ac_cv_prog_SECURITY="$ac_prog"
+     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+     break 2
+   fi
+ done
+   done
+ IFS=$as_save_IFS
+ 
+ fi
+ fi
+ SECURITY=$ac_cv_prog_SECURITY
+ if test -n "$SECURITY"; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SECURITY" >&5
+ $as_echo "$SECURITY" >&6; }
+ else
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ $as_echo "no" >&6; }
+ fi
+ 
+ 
+   test -n "$SECURITY" && break
+ done
+ 
+     for ac_prog in codesign
+ do
+   # Extract the first word of "$ac_prog", so it can be a program name with args.
+ set dummy $ac_prog; ac_word=$2
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+ $as_echo_n "checking for $ac_word... " >&6; }
+ if ${ac_cv_prog_CODESIGN+:} false; then :
+   $as_echo_n "(cached) " >&6
+ else
+   if test -n "$CODESIGN"; then
+   ac_cv_prog_CODESIGN="$CODESIGN" # Let the user override the test.
+ else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ for as_dir in $PATH
+ do
+   IFS=$as_save_IFS
+   test -z "$as_dir" && as_dir=.
+     for ac_exec_ext in '' $ac_executable_extensions; do
+   if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+     ac_cv_prog_CODESIGN="$ac_prog"
+     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+     break 2
+   fi
+ done
+   done
+ IFS=$as_save_IFS
+ 
+ fi
+ fi
+ CODESIGN=$ac_cv_prog_CODESIGN
+ if test -n "$CODESIGN"; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CODESIGN" >&5
+ $as_echo "$CODESIGN" >&6; }
+ else
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ $as_echo "no" >&6; }
+ fi
+ 
+ 
+   test -n "$CODESIGN" && break
+ done
+ 
+ 
+     { $as_echo "$as_me:${as_lineno-$LINENO}: checking valid identity for codesigning" >&5
+ $as_echo_n "checking valid identity for codesigning... " >&6; }
+     cs_valid_identities=`$SECURITY find-identity -p codesigning | sed -n -E -e '/Valid identities only/,$ p' | sed '1 d' | grep "\"$with_codesigning\"" | wc -l`
+     if test $cs_valid_identities -lt 1; then
+       as_fn_error $? "No valid identity '$with_codesigning' found." "$LINENO" 5
+     elif test $cs_valid_identities -gt 1; then
+       as_fn_error $? "Ambiguous identity '$with_codesigning'." "$LINENO" 5
+     else
+       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_codesigning" >&5
+ $as_echo "$with_codesigning" >&6; }
+     fi;
+ 
+   else
+ 
+     as_fn_error $? "--with-codesigning is not supported for $PORTNAME port" "$LINENO" 5
+ 
+   fi;
+ fi;
+ 
  # Thread testing
  
  # We have to run the thread test near the end so we have all our symbols
diff --git a/src/Makefile.global.in b/src/Makefile.global.in
index e76b22fb2d2ec652acb85035827948bc365ffac0..e80cb27060a81b27aa96b2e7a96ec8c1123eed76 100644
*** a/src/Makefile.global.in
--- b/src/Makefile.global.in
*************** pgxsdir = $(pkglibdir)/pgxs
*** 159,164 ****
--- 159,165 ----
  #
  # Records the choice of the various --enable-xxx and --with-xxx options.
  
+ with_codesigning = @with_codesigning@
  with_perl	= @with_perl@
  with_python	= @with_python@
  with_tcl	= @with_tcl@
*************** perl_embed_ldflags	= @perl_embed_ldflags
*** 283,288 ****
--- 284,290 ----
  # Miscellaneous
  
  AWK	= @AWK@
+ CODESIGN = @CODESIGN@
  LN_S	= @LN_S@
  MSGFMT  = @MSGFMT@
  MSGFMT_FLAGS = @MSGFMT_FLAGS@
diff --git a/src/backend/Makefile b/src/backend/Makefile
index 870a02292fcc9ce4f4f99cade49836d8f8876a51..114f2e58e3a642a693e85b64a265501117a157a4 100644
*** a/src/backend/Makefile
--- b/src/backend/Makefile
*************** ifneq ($(PORTNAME), aix)
*** 55,60 ****
--- 55,63 ----
  
  postgres: $(OBJS)
  	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_EX) $(export_dynamic) $(call expand_subsys,$^) $(LIBS) -o $@
+ ifneq (,$(with_codesigning))
+ 	$(CODESIGN) --sign "$(with_codesigning)" $@ --force --verbose
+ endif
  
  endif
  endif