nixpkgs/pkgs/build-support/bintools-wrapper
Randy Eckenrode c922cb27b6
bintools-wrapper: drop postLinkSignHook
When the linker signs a Mach-O binary, it sets a flag in the signature’s code directory indicating that the signature was generated by a linker. Tools such as `strip` and `install_name_tool` read this flag and will
update ad hoc signatures after they perform their modifications.

The updated l64 supports signing binaries automatically. Both the updated cctools and LLVM will check for the linker-signed flag and resign binaries they modify automatically when it’s present. Given that, use of postLinkSignHook is unnecessary and potentially harmful.

In particular, if the hook is used and an unwrapped `strip` or `install_name_tool` is on the user’s path, they will not automatically update an ad hoc signature. Instead, they will issue a warning and create a binary with a broken signature.

It is more robust to let the tools handled this since the only time a signature would not be linker-signed is when the user is manually invoking `codesign` (or another tool such as `sigtool` or `rcodesign`), which by nature of the invocation updates the signature to a valid  one.

Since `strip` no longer needs to be wrapped for code-signing, binutils-wrapper now uses the GNU strip wrapper on Darwin.

Fixes https://github.com/NixOS/nixpkgs/issues/208951.
2024-07-13 17:54:36 -04:00
..
add-darwin-ldflags-before.sh
add-flags.sh
add-hardening.sh
darwin-install_name_tool-wrapper.sh
darwin-strip-wrapper.sh
default.nix bintools-wrapper: drop postLinkSignHook 2024-07-13 17:54:36 -04:00
gnu-binutils-strip-wrapper.sh
ld-solaris-wrapper.sh
ld-wrapper.sh ld-wrapper: use a temporary file for reponse file 2024-07-13 10:59:41 -04:00
macos-sierra-reexport-hack.bash
setup-hook.sh