extend/os/mac/keg.rb: move codesign_patched_binary here

2022-04-08 18:09:25 -07:00 · 2022-04-08 18:09:25 -07:00 · 4c19d67176
commit 4c19d67176
parent 3b089ee901
1 changed files with 37 additions and 0 deletions
--- a/Library/Homebrew/extend/os/mac/keg.rb
+++ b/Library/Homebrew/extend/os/mac/keg.rb
@ -25,4 +25,41 @@ class Keg
  def binary_executable_or_library_files
    mach_o_files
  end
+
+  def codesign_patched_binary(file)
+    return if MacOS.version < :big_sur
+    return unless Hardware::CPU.arm?
+
+    odebug "Codesigning #{file}"
+    # Use quiet_system to squash notifications about resigning binaries
+    # which already have valid signatures.
+    return if quiet_system("codesign", "--sign", "-", "--force",
+                           "--preserve-metadata=entitlements,requirements,flags,runtime",
+                           file)
+
+    # If the codesigning fails, it may be a bug in Apple's codesign utility
+    # A known workaround is to copy the file to another inode, then move it back
+    # erasing the previous file. Then sign again.
+    #
+    # TODO: remove this once the bug in Apple's codesign utility is fixed
+    Dir::Tmpname.create("workaround") do |tmppath|
+      FileUtils.cp file, tmppath
+      FileUtils.mv tmppath, file, force: true
+    end
+
+    # Try signing again
+    odebug "Codesigning (2nd try) #{file}"
+    result = system_command("codesign", args: [
+      "--sign", "-", "--force",
+      "--preserve-metadata=entitlements,requirements,flags,runtime",
+      file
+    ], print_stderr: false)
+    return if result.success?
+
+    # If it fails again, error out
+    onoe <<~EOS
+      Failed applying an ad-hoc signature to #{file}:
+      #{result.stderr}
+    EOS
+  end
 end