From 8e912feb2939866ef68d57fc00bab73b5f84f7c1 Mon Sep 17 00:00:00 2001 From: Simon Žlender Date: Sat, 8 Jul 2023 11:44:20 +0200 Subject: codesign_allocate: reference cctools --- pkgs/build-support/writers/scripts.nix | 7 +------ .../darwin/signing-utils/post-link-sign-hook.nix | 13 +++++++++++++ pkgs/stdenv/darwin/default.nix | 4 ++++ pkgs/top-level/darwin-packages.nix | 14 ++------------ 4 files changed, 20 insertions(+), 18 deletions(-) create mode 100644 pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix diff --git a/pkgs/build-support/writers/scripts.nix b/pkgs/build-support/writers/scripts.nix index 7fc47fbcdf9..a5b24abf0f2 100644 --- a/pkgs/build-support/writers/scripts.nix +++ b/pkgs/build-support/writers/scripts.nix @@ -79,16 +79,11 @@ rec { let name = last (builtins.split "/" nameOrPath); in - pkgs.runCommand name ((if (types.str.check content) then { + pkgs.runCommand name (if (types.str.check content) then { inherit content; passAsFile = [ "content" ]; } else { contentPath = content; - }) // lib.optionalAttrs (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) { - # post-link-hook expects codesign_allocate to be in PATH - # https://github.com/NixOS/nixpkgs/issues/154203 - # https://github.com/NixOS/nixpkgs/issues/148189 - nativeBuildInputs = [ stdenv.cc.bintools ]; }) '' ${compileScript} ${lib.optionalString strip diff --git a/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix b/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix new file mode 100644 index 00000000000..13595e3771a --- /dev/null +++ b/pkgs/os-specific/darwin/signing-utils/post-link-sign-hook.nix @@ -0,0 +1,13 @@ +{ writeTextFile, cctools, sigtool }: + +writeTextFile { + name = "post-link-sign-hook"; + executable = true; + + text = '' + if [ "$linkerOutput" != "/dev/null" ]; then + CODESIGN_ALLOCATE=${cctools}/bin/${cctools.targetPrefix}codesign_allocate \ + ${sigtool}/bin/codesign -f -s - "$linkerOutput" + fi + ''; +} diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix index 418cc915fdc..25a80fd11aa 100644 --- a/pkgs/stdenv/darwin/default.nix +++ b/pkgs/stdenv/darwin/default.nix @@ -464,6 +464,10 @@ in inherit (selfDarwin) sigtool; }; + postLinkSignHook = prevStage.darwin.postLinkSignHook.override { + inherit (selfDarwin) sigtool; + }; + binutils = superDarwin.binutils.override { inherit (self) coreutils; inherit (selfDarwin) postLinkSignHook signingUtils; diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix index ef4240955b9..ee962d36671 100644 --- a/pkgs/top-level/darwin-packages.nix +++ b/pkgs/top-level/darwin-packages.nix @@ -133,20 +133,10 @@ impure-cmds // appleSourcePackages // chooseLibs // { sigtool = callPackage ../os-specific/darwin/sigtool { }; - postLinkSignHook = pkgs.writeTextFile { - name = "post-link-sign-hook"; - executable = true; - - text = '' - if [ "$linkerOutput" != "/dev/null" ]; then - CODESIGN_ALLOCATE=${targetPrefix}codesign_allocate \ - ${self.sigtool}/bin/codesign -f -s - "$linkerOutput" - fi - ''; - }; - signingUtils = callPackage ../os-specific/darwin/signing-utils { }; + postLinkSignHook = callPackage ../os-specific/darwin/signing-utils/post-link-sign-hook.nix { }; + autoSignDarwinBinariesHook = pkgs.makeSetupHook { name = "auto-sign-darwin-binaries-hook"; propagatedBuildInputs = [ self.signingUtils ]; -- cgit 1.4.1