From 4c19d6717614c1c17fa6c557c9ef41d7ff068c1e Mon Sep 17 00:00:00 2001
From: danielnachun <daniel.nachun@gmail.com>
Date: Fri, 8 Apr 2022 18:09:25 -0700
Subject: [PATCH] extend/os/mac/keg.rb: move codesign_patched_binary here

---
 Library/Homebrew/extend/os/mac/keg.rb | 37 +++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/Library/Homebrew/extend/os/mac/keg.rb b/Library/Homebrew/extend/os/mac/keg.rb
index f41cd6c9e7..67abdc6ab3 100644
--- a/Library/Homebrew/extend/os/mac/keg.rb
+++ b/Library/Homebrew/extend/os/mac/keg.rb
@@ -25,4 +25,41 @@ class Keg
   def binary_executable_or_library_files
     mach_o_files
   end
+
+  def codesign_patched_binary(file)
+    return if MacOS.version < :big_sur
+    return unless Hardware::CPU.arm?
+
+    odebug "Codesigning #{file}"
+    # Use quiet_system to squash notifications about resigning binaries
+    # which already have valid signatures.
+    return if quiet_system("codesign", "--sign", "-", "--force",
+                           "--preserve-metadata=entitlements,requirements,flags,runtime",
+                           file)
+
+    # If the codesigning fails, it may be a bug in Apple's codesign utility
+    # A known workaround is to copy the file to another inode, then move it back
+    # erasing the previous file. Then sign again.
+    #
+    # TODO: remove this once the bug in Apple's codesign utility is fixed
+    Dir::Tmpname.create("workaround") do |tmppath|
+      FileUtils.cp file, tmppath
+      FileUtils.mv tmppath, file, force: true
+    end
+
+    # Try signing again
+    odebug "Codesigning (2nd try) #{file}"
+    result = system_command("codesign", args: [
+      "--sign", "-", "--force",
+      "--preserve-metadata=entitlements,requirements,flags,runtime",
+      file
+    ], print_stderr: false)
+    return if result.success?
+
+    # If it fails again, error out
+    onoe <<~EOS
+      Failed applying an ad-hoc signature to #{file}:
+      #{result.stderr}
+    EOS
+  end
 end