From 507663e575794cb96371679421b9c6487306c80d Mon Sep 17 00:00:00 2001
From: Ben Boeckel <ben.boeckel@kitware.com>
Date: Tue, 4 Mar 2025 15:25:37 +0100
Subject: [PATCH 1/2] fixup_bundle.apple: re-sign with adhoc signature if
 invalidated

---
 cmake/scripts/fixup_bundle.apple.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/cmake/scripts/fixup_bundle.apple.py b/cmake/scripts/fixup_bundle.apple.py
index 909756eb9..216b595b5 100755
--- a/cmake/scripts/fixup_bundle.apple.py
+++ b/cmake/scripts/fixup_bundle.apple.py
@@ -773,14 +773,27 @@ def _fix_installed_binaries(installed, dry_run=False):
                 ])
             install_name_tool()
 
-        print('Removing signatures from %s' % binary.path)
         if not dry_run:
-            codesign = Pipeline([
+            codesign_check = Pipeline([
                     'codesign',
-                    '--remove-signature',
+                    '-v',
                     installed_path,
                 ])
-            codesign()
+            is_valid = True
+            try:
+                codesign_check()
+            except RuntimeError:
+                is_valid = False
+            if not is_valid:
+                print('Using an adhoc signature for %s' % binary.path)
+                codesign = Pipeline([
+                        'codesign',
+                        '--force',
+                        '--sign',
+                        '-', # adhoc signature identity
+                        installed_path,
+                    ])
+                codesign()
 
 
 def _update_manifest(manifest, installed, path):
-- 
GitLab


From 15d558acf9a9f0993d16799e562180c0302cf70b Mon Sep 17 00:00:00 2001
From: Ben Boeckel <ben.boeckel@kitware.com>
Date: Sat, 1 Mar 2025 01:07:29 +0100
Subject: [PATCH 2/2] fixup_bundle.apple: ignore modifying files via symlinks

---
 cmake/scripts/fixup_bundle.apple.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cmake/scripts/fixup_bundle.apple.py b/cmake/scripts/fixup_bundle.apple.py
index 216b595b5..363d60d5e 100755
--- a/cmake/scripts/fixup_bundle.apple.py
+++ b/cmake/scripts/fixup_bundle.apple.py
@@ -747,6 +747,11 @@ def _fix_installed_binaries(installed, dry_run=False):
     for binary_info in installed.values():
         binary, installed_path = binary_info
 
+        # Do not try to manipulate symlink files. Except frameworks because the
+        # binaries are symlinks into `Versions/…`
+        if os.path.islink(binary.path) and not binary.is_framework:
+            continue
+
         print('Fixing binary references in %s' % binary.path)
 
         if not dry_run and binary.installed_id:
-- 
GitLab