Added: macOS fix script

dot_config/bin/fix-macos-executable.tmpl

@@ -0,0 +1,56 @@
+{{ if eq .chezmoi.os "darwin" -}}
+#!/usr/bin/env bash
+
+# A simple script to remove the quarantine attribute from a downloaded file
+# and apply an ad-hoc signature if it doesn't have a valid one.
+#
+# Usage: ./fix-app.sh /path/to/your/application
+
+# --- 1. Input Validation ---
+# Check if the user provided exactly one argument.
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 <path_to_file>"
+    exit 1
+fi
+
+FILE_PATH="$1"
+
+# Check if the file actually exists at the given path.
+if [ ! -e "$FILE_PATH" ]; then
+    echo "Error: File not found at '$FILE_PATH'"
+    exit 1
+fi
+
+echo "✅ Processing file: $FILE_PATH"
+echo "-------------------------------------"
+
+# --- 2. Remove Quarantine Attribute ---
+# The 'com.apple.quarantine' attribute is added by macOS to files
+# downloaded from the internet. We remove it to bypass Gatekeeper checks.
+echo "🔎 Checking for quarantine flag..."
+if xattr "$FILE_PATH" | grep -q "com.apple.quarantine"; then
+    echo "- Quarantine flag found. Removing..."
+    xattr -d com.apple.quarantine "$FILE_PATH"
+    echo "  Done."
+else
+    echo "- No quarantine flag found. Skipping."
+fi
+
+# --- 3. Check and Apply Code Signature ---
+# On Apple Silicon, all native executables must be signed.
+# We first verify the existing signature. If it's invalid or missing,
+# we apply a simple "ad-hoc" signature.
+echo "🔎 Checking code signature..."
+if codesign -v "$FILE_PATH" &> /dev/null; then
+    echo "- File already has a valid signature. No action needed."
+else
+    echo "- Signature is missing or invalid. Applying ad-hoc signature..."
+    codesign --force --deep --sign - "$FILE_PATH"
+    echo "  Done."
+fi
+
+echo "-------------------------------------"
+echo "🎉 File should now be runnable."
+
+{{ end -}}
+