diff --git a/build-release.sh b/build-release.sh
index 343c1c2..18a9c5f 100755
--- a/build-release.sh
+++ b/build-release.sh
@@ -145,6 +145,33 @@ if [ "${build_classical}" == "1" ]; then
   zip -q -9 -r "${reldir}/${binname}.zip" Godot.app
   rm -rf Godot.app
 
+  if [ ! -z "${OSX_HOST}" ]; then
+    osx_tmpdir=$(ssh "${OSX_HOST}" "mktemp -d")
+    
+    scp "${reldir}/${binname}.zip" "${OSX_HOST}:${osx_tmpdir}"
+    ssh "${OSX_HOST}" "
+              cd ${osx_tmpdir} && \
+              unzip ${binname}.zip &&\
+              codesign --timestamp --options=runtime -s ${OSX_KEY_ID} -v Godot.app/Contents/MacOS/Godot && \
+              zip -r ${binname}_signed.zip Godot.app"
+    
+    request_uuid=$(ssh "${OSX_HOST}" "xcrun altool --notarize-app --primary-bundle-id \"${OSX_BUNDLE_ID}\" --username \"${APPLE_ID}\" --password \"${APPLE_ID_PASSWORD}\" --file ${osx_tmpdir}/${binname}_signed.zip")
+    request_uuid=$(echo ${request_uuid} | sed -e 's/.*RequestUUID = //')
+    ssh "${OSX_HOST}" "while xcrun altool --notarization-history 0 -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q ${request_uuid}.*in\ progress; do echo Waiting on Apple signature; sleep 30s; done"
+    if ! ssh "${OSX_HOST}" "xcrun altool --notarization-history 0 -u \"${APPLE_ID}\" -p \"${APPLE_ID_PASSWORD}\" | grep -q ${request_uuid}.*success"; then
+      echo "Signing failed?"
+      ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
+      exit 1
+    else
+      ssh "${OSX_HOST}" "
+              cd ${osx_tmpdir} && \
+              xcrun stapler staple Godot.app && \
+              zip -r ${binname}_stapled.zip Godot.app"
+      scp "${OSX_HOST}:${osx_tmpdir}/${binname}_stapled.zip" ${reldir}/${binname}.zip
+      ssh "${OSX_HOST}" "rm -rf ${osx_tmpdir}"
+    fi
+  fi
+
   # Templates
   rm -rf osx_template.app
   cp -r git/misc/dist/osx_template.app .
diff --git a/config.sh.in b/config.sh.in
index c5b560b..ec4300b 100644
--- a/config.sh.in
+++ b/config.sh.in
@@ -27,3 +27,15 @@ export SIGN_PASSWORD=""
 # Use your own when making a thirdparty build.
 export SIGN_NAME=""
 export SIGN_URL=""
+
+# Hostname or IP address of an OSX host (Needed for signing)
+# eg "user@10.1.0.10"
+export OSX_HOST=""
+# ID of the Apple certificate used to sign
+export OSX_KEY_ID=""
+# Bundle id for the signed app
+export OSX_BUNDLE_ID=""
+# Username/password for Apple's signing APIs (used for atltool)
+export APPLE_ID=""
+export APPLE_ID_PASSWORD=""
+