extend/os/mac: ensure writable file for codesign

2022-10-03 22:55:26 -04:00 · 2022-10-03 22:55:26 -04:00 · 5a4840dbc8
commit 5a4840dbc8
parent 77311e4045
1 changed files with 47 additions and 24 deletions
--- a/Library/Homebrew/extend/os/mac/keg.rb
+++ b/Library/Homebrew/extend/os/mac/keg.rb
@ -31,6 +31,7 @@ class Keg
    return unless Hardware::CPU.arm?

    odebug "Codesigning #{file}"
+    prepare_codesign_writable_files(file) do
      # Use quiet_system to squash notifications about resigning binaries
      # which already have valid signatures.
      return if quiet_system("codesign", "--sign", "-", "--force",
@ -62,6 +63,28 @@ class Keg
        #{result.stderr}
      EOS
    end
+  end
+
+  def prepare_codesign_writable_files(file)
+    result = system_command("codesign", args: [
+      "--display", "--file-list", "-", file
+    ], print_stderr: false)
+    return unless result.success?
+
+    files = result.stdout.lines.map { |f| Pathname(f.chomp) }
+    saved_perms = {}
+    files.each do |f|
+      unless f.writable_real?
+        saved_perms[f] = f.stat.mode
+        FileUtils.chmod "u+rw", f.to_path
+      end
+    end
+    yield
+  ensure
+    saved_perms&.each do |f, p|
+      f.chmod p if p
+    end
+  end

  def prepare_debug_symbols
    binary_executable_or_library_files.each do |file|