{{ if eq .chezmoi.os "darwin" -}}
#!/usr/bin/env bash

# A simple script to remove the quarantine attribute from a downloaded file
# and apply an ad-hoc signature if it doesn't have a valid one.
#
# Usage: ./fix-app.sh /path/to/your/application

# --- 1. Input Validation ---
# Check if the user provided exactly one argument.
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <path_to_file>"
    exit 1
fi

FILE_PATH="$1"

# Check if the file actually exists at the given path.
if [ ! -e "$FILE_PATH" ]; then
    echo "Error: File not found at '$FILE_PATH'"
    exit 1
fi

echo "✅ Processing file: $FILE_PATH"
echo "-------------------------------------"

# --- 2. Remove Quarantine Attribute ---
# The 'com.apple.quarantine' attribute is added by macOS to files
# downloaded from the internet. We remove it to bypass Gatekeeper checks.
echo "🔎 Checking for quarantine flag..."
if xattr "$FILE_PATH" | grep -q "com.apple.quarantine"; then
    echo "- Quarantine flag found. Removing..."
    xattr -d com.apple.quarantine "$FILE_PATH"
    echo "  Done."
else
    echo "- No quarantine flag found. Skipping."
fi

# --- 3. Check and Apply Code Signature ---
# On Apple Silicon, all native executables must be signed.
# We first verify the existing signature. If it's invalid or missing,
# we apply a simple "ad-hoc" signature.
echo "🔎 Checking code signature..."
if codesign -v "$FILE_PATH" &> /dev/null; then
    echo "- File already has a valid signature. No action needed."
else
    echo "- Signature is missing or invalid. Applying ad-hoc signature..."
    codesign --force --deep --sign - "$FILE_PATH"
    echo "  Done."
fi

echo "-------------------------------------"
echo "🎉 File should now be runnable."

{{ end -}}