From 6e6b3e3f75b58785bf2c49da08f9121cb3fc2e45 Mon Sep 17 00:00:00 2001
From: David Anthoff <anthoff@berkeley.edu>
Date: Sat, 26 Oct 2024 12:01:17 -0700
Subject: [PATCH 1/2] Code sign pr binaries on macOS

---
 Cargo.lock        |  1 +
 Cargo.toml        |  1 +
 src/operations.rs | 16 ++++++++++++++++
 3 files changed, 18 insertions(+)

diff --git a/Cargo.lock b/Cargo.lock
index 8da1f8df..59f3d8cc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1032,6 +1032,7 @@ dependencies = [
  "tempfile",
  "thiserror",
  "url",
+ "walkdir",
  "windows",
  "winres",
 ]
diff --git a/Cargo.toml b/Cargo.toml
index 3aabf44d..ee541a2a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -66,6 +66,7 @@ windows = { version = "0.58.0", features = ["Win32_Foundation", "Win32_UI_Shell"
 
 [target.'cfg(target_os = "macos")'.dependencies]
 reqwest = { version = "0.12", default-features = false, features = ["blocking", "native-tls", "socks"] }
+walkdir = "2.5"
 
 [target.'cfg(all(not(target_os = "macos"),not(windows)))'.dependencies]
 reqwest = { version = "0.12", default-features = false, features = ["blocking", "rustls-tls-native-roots", "socks"] }
diff --git a/src/operations.rs b/src/operations.rs
index 9a78dbc5..901d70f2 100644
--- a/src/operations.rs
+++ b/src/operations.rs
@@ -580,6 +580,22 @@ pub fn install_from_url(
         }
     };
 
+    #[cfg(target_os = "macos")]
+    {
+        // TODO Add prompt that asks users to confirm this
+        eprintln!("Code signing");
+        for entry in walkdir::WalkDir::new(temp_dir.path()).into_iter().filter_map(|e| e.ok()) {
+            // TODO We also need to check for the correct permissions
+            if entry.metadata()?.is_file() {
+                std::process::Command::new("codesign")
+                    .arg("--sign")
+                    .arg("-")
+                    .arg(entry.path())
+                    .status()?;
+            }
+        }
+    }
+
     // Query the actual version
     let julia_path = temp_dir
         .path()

From 2bd9793b235c86d869d464e851064ce0684ddece Mon Sep 17 00:00:00 2001
From: David Anthoff <anthoff@berkeley.edu>
Date: Sat, 26 Oct 2024 12:12:50 -0700
Subject: [PATCH 2/2] Extract file permissions mode for each file

---
 src/operations.rs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/operations.rs b/src/operations.rs
index 901d70f2..a6672b81 100644
--- a/src/operations.rs
+++ b/src/operations.rs
@@ -582,11 +582,14 @@ pub fn install_from_url(
 
     #[cfg(target_os = "macos")]
     {
+        use std::os::unix::fs::PermissionsExt;
+
         // TODO Add prompt that asks users to confirm this
         eprintln!("Code signing");
         for entry in walkdir::WalkDir::new(temp_dir.path()).into_iter().filter_map(|e| e.ok()) {
-            // TODO We also need to check for the correct permissions
-            if entry.metadata()?.is_file() {
+            // TODO Instead of comparing > 0 we need to change this to check for the right permissions on exectuable files and only
+            // sign those
+            if entry.metadata()?.is_file() && entry.metadata()?.permissions().mode() > 0 {
                 std::process::Command::new("codesign")
                     .arg("--sign")
                     .arg("-")