Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't patch shebangs #18

Merged
merged 3 commits into from
Feb 6, 2025
Merged

Conversation

LukeChannings
Copy link
Contributor

Nix derivations naturally find any scripts and nixify the shebang.

When Nix does this to code-signed apps it invalidates the signature.
Since it's not really desirable for the shebang to be patched anyway I've raised this PR to disable this behaviour.

@LukeChannings
Copy link
Contributor Author

Apologies for the merge commits. It it's a blocker I can rebase.

@BatteredBunny
Copy link
Owner

The commits are fine, i will squash the PR :)
Just curious, did you notice this affecting any packages?

@LukeChannings
Copy link
Contributor Author

I originally used Apparency to diagnose code signing issues and it modified some .framework's Resources that included a shell script. I don't remember which app it was though, I can investigate if you think it's important.

Any app that has a script contained anywhere will automatically have its shebang patched by Nix, which will invalidate code signing.

@BatteredBunny
Copy link
Owner

BatteredBunny commented Feb 6, 2025

I guess if you don't have any examples its fine, just wanted to see if it actually fixed the issue but it probably does since the change looks fine.

@BatteredBunny BatteredBunny merged commit 33113e8 into BatteredBunny:main Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants