From cdbc300fd89d503a95d1c8564de31a93d7b0a0ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20Qui=C3=B1ones?= Date: Sun, 11 Jan 2026 20:58:02 -0500 Subject: [PATCH] =?UTF-8?q?revert:=20"fix(darwin):=20skip=20stripping=20to?= =?UTF-8?q?=20preserve=20code=20signatures=20instead=20of=20ad=E2=80=A6"?= =?UTF-8?q?=20(#198)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- package.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package.nix b/package.nix index 5998f11..338c551 100644 --- a/package.nix +++ b/package.nix @@ -72,6 +72,12 @@ mkdir -p "$out/Applications/${applicationName}.app/Contents/Resources/distribution" ln -s ${policiesJson} "$out/Applications/${applicationName}.app/Contents/Resources/distribution/policies.json" + # Re-sign with correct identifier to maintain AdGuard compatibility + # AdGuard uses code signing identifier (not CFBundleIdentifier) to recognize apps + /usr/bin/codesign --force --deep --sign - \ + --identifier "app.zen-browser.zen" \ + "$out/Applications/${applicationName}.app" + # Use symlink path to avoid installs.ini accumulation on Nix rebuilds # The symlink is created by home-manager and remains stable across rebuilds cat > "$out/bin/${binaryName}" << EOF @@ -213,12 +219,6 @@ in # Firefox uses "relrhack" to manually process relocations from a fixed offset patchelfFlags = ["--no-clobber-old-sections"]; - # Stripping invalidates macOS code signatures. We avoid strip-and-re-sign - # because /usr/bin/codesign is inaccessible in the Nix sandbox. This also - # preserves the original code signing identifier that tools like AdGuard - # use (not CFBundleIdentifier) to recognize apps. - dontStrip = stdenv.hostPlatform.isDarwin; - preFixup = '' gappsWrapperArgs+=( --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ffmpeg_7]}"