From 4a99da7bde05cca44f55a819ee89cc997c8a2e44 Mon Sep 17 00:00:00 2001 From: Jan Funke Date: Mon, 18 Aug 2025 18:59:21 +0200 Subject: [PATCH] Added: macOS fix script --- dot_config/bin/fix-macos-executable.tmpl | 56 ++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100755 dot_config/bin/fix-macos-executable.tmpl diff --git a/dot_config/bin/fix-macos-executable.tmpl b/dot_config/bin/fix-macos-executable.tmpl new file mode 100755 index 0000000..6ac3635 --- /dev/null +++ b/dot_config/bin/fix-macos-executable.tmpl @@ -0,0 +1,56 @@ +{{ if eq .chezmoi.os "darwin" -}} +#!/usr/bin/env bash + +# A simple script to remove the quarantine attribute from a downloaded file +# and apply an ad-hoc signature if it doesn't have a valid one. +# +# Usage: ./fix-app.sh /path/to/your/application + +# --- 1. Input Validation --- +# Check if the user provided exactly one argument. +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +FILE_PATH="$1" + +# Check if the file actually exists at the given path. +if [ ! -e "$FILE_PATH" ]; then + echo "Error: File not found at '$FILE_PATH'" + exit 1 +fi + +echo "✅ Processing file: $FILE_PATH" +echo "-------------------------------------" + +# --- 2. Remove Quarantine Attribute --- +# The 'com.apple.quarantine' attribute is added by macOS to files +# downloaded from the internet. We remove it to bypass Gatekeeper checks. +echo "🔎 Checking for quarantine flag..." +if xattr "$FILE_PATH" | grep -q "com.apple.quarantine"; then + echo "- Quarantine flag found. Removing..." + xattr -d com.apple.quarantine "$FILE_PATH" + echo " Done." +else + echo "- No quarantine flag found. Skipping." +fi + +# --- 3. Check and Apply Code Signature --- +# On Apple Silicon, all native executables must be signed. +# We first verify the existing signature. If it's invalid or missing, +# we apply a simple "ad-hoc" signature. +echo "🔎 Checking code signature..." +if codesign -v "$FILE_PATH" &> /dev/null; then + echo "- File already has a valid signature. No action needed." +else + echo "- Signature is missing or invalid. Applying ad-hoc signature..." + codesign --force --deep --sign - "$FILE_PATH" + echo " Done." +fi + +echo "-------------------------------------" +echo "🎉 File should now be runnable." + +{{ end -}} +