about summary refs log tree commit diff
path: root/pkgs/development/compilers/dotnet/build-dotnet.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/compilers/dotnet/build-dotnet.nix')
-rw-r--r--pkgs/development/compilers/dotnet/build-dotnet.nix28
1 files changed, 27 insertions, 1 deletions
diff --git a/pkgs/development/compilers/dotnet/build-dotnet.nix b/pkgs/development/compilers/dotnet/build-dotnet.nix
index f6802e62c70d1..11ece53971662 100644
--- a/pkgs/development/compilers/dotnet/build-dotnet.nix
+++ b/pkgs/development/compilers/dotnet/build-dotnet.nix
@@ -26,6 +26,7 @@ assert if type == "sdk" then packages != null else true;
 , mkNugetDeps
 , callPackage
 , dotnetCorePackages
+, xmlstarlet
 }:
 
 let
@@ -47,6 +48,9 @@ let
 
   targetRid = dotnetCorePackages.systemToDotnetRid stdenv.targetPlatform.system;
 
+  sigtool = callPackage ./sigtool.nix {};
+  signAppHost = callPackage ./sign-apphost.nix {};
+
 in
 mkCommon type rec {
   inherit pname version;
@@ -54,7 +58,11 @@ mkCommon type rec {
   # Some of these dependencies are `dlopen()`ed.
   nativeBuildInputs = [
     makeWrapper
-  ] ++ lib.optional stdenv.isLinux autoPatchelfHook;
+  ] ++ lib.optional stdenv.isLinux autoPatchelfHook
+  ++ lib.optionals (type == "sdk" && stdenv.isDarwin) [
+    xmlstarlet
+    sigtool
+  ];
 
   buildInputs = [
     stdenv.cc.cc
@@ -71,6 +79,16 @@ mkCommon type rec {
 
   sourceRoot = ".";
 
+  postPatch = if type == "sdk" && stdenv.isDarwin then ''
+    xmlstarlet ed \
+      --inplace \
+      -s //_:Project -t elem -n Import \
+      -i \$prev -t attr -n Project -v "${signAppHost}" \
+      sdk/*/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.Sdk.targets
+
+    codesign --remove-signature packs/Microsoft.NETCore.App.Host.osx-*/*/runtimes/osx-*/native/{apphost,singlefilehost}
+  '' else null;
+
   dontPatchELF = true;
   noDumpEnvVars = true;
 
@@ -108,6 +126,14 @@ mkCommon type rec {
       $out/packs/Microsoft.NETCore.App.Host.${targetRid}/*/runtimes/${targetRid}/native/*host
   '';
 
+  # fixes: Could not load ICU data. UErrorCode: 2
+  propagatedSandboxProfile = lib.optionalString stdenv.isDarwin ''
+    (allow file-read* (subpath "/usr/share/icu"))
+    (allow file-read* (subpath "/private/var/db/mds/system"))
+    (allow mach-lookup (global-name "com.apple.SecurityServer")
+                       (global-name "com.apple.system.opendirectoryd.membership"))
+  '';
+
   passthru = {
     inherit icu;
   } // lib.optionalAttrs (type == "sdk") {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-01 19:03:04 +0000