diff options
author | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-04-29 17:19:49 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-29 17:19:49 +0200 |
commit | 00c13ab0343547d361f06204add0f1fdce11e7db (patch) | |
tree | cc020d874f300f249c8fc810fd16c801ac1a7c34 /pkgs/os-specific | |
parent | 116994febdb52b319617538459907355011a23ca (diff) | |
parent | 3b692c3ed0ba5a9bb71d6481077f57a16150e045 (diff) |
Merge pull request #254330 from alexfmpe/verify-xip
Use rcodesign verification on Xcode
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/darwin/xcode/default.nix | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/pkgs/os-specific/darwin/xcode/default.nix b/pkgs/os-specific/darwin/xcode/default.nix index 54250001d9eb0..1b7949dcb124d 100644 --- a/pkgs/os-specific/darwin/xcode/default.nix +++ b/pkgs/os-specific/darwin/xcode/default.nix @@ -3,7 +3,7 @@ let requireXcode = version: sha256: let xip = "Xcode_" + version + ".xip"; - # TODO(alexfmpe): Find out how to validate the .xip signature in Linux + unxip = if stdenv.buildPlatform.isDarwin then '' open -W ${xip} @@ -14,7 +14,9 @@ let requireXcode = version: sha256: rm -rf ${xip} pbzx -n Content | cpio -i rm Content Metadata + rcodesign verify Xcode.app/Contents/MacOS/Xcode ''; + app = requireFile rec { name = "Xcode.app"; url = "https://developer.apple.com/services-account/download?path=/Developer_Tools/Xcode_${version}/${xip}"; @@ -83,4 +85,3 @@ in lib.makeExtensible (self: { xcode_15_1 = requireXcode "15.1" "sha256-0djqoSamU87rCpjo50Un3cFg9wKf+pSczRko6uumGM0="; xcode = self."xcode_${lib.replaceStrings ["."] ["_"] (if (stdenv.targetPlatform ? xcodeVer) then stdenv.targetPlatform.xcodeVer else "12.3")}"; }) - |