diff --git a/.gitignore b/.gitignore index b0ba50a2..62536e9e 100644 --- a/.gitignore +++ b/.gitignore @@ -6,9 +6,6 @@ # Local environment (secrets) .env -# Local-only scripts -script/local-release - # App specific (root-level; huskies subdirectory patterns live in .huskies/.gitignore) store.json _merge_parsed.json diff --git a/script/local-release b/script/local-release new file mode 100644 index 00000000..836b2f0a --- /dev/null +++ b/script/local-release @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# Install huskies locally on macOS: the underlying binary + a codesign-heal wrapper. +# +# After a `cp` or download the binary loses its ad-hoc signature and macOS +# SIGKILLs it silently on Apple Silicon. This script installs the binary as +# ~/bin/huskies-bin and installs a thin wrapper at ~/bin/huskies that +# re-signs the underlying binary whenever codesign validation fails, then +# execs it. Normal launches (already signed) are silent and zero-overhead. +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "$0")/.." && pwd)" +BINARY_PATH="${SCRIPT_DIR}/target/release/huskies" +BIN_DIR="${HOME}/bin" +UNDERLYING="${BIN_DIR}/huskies-bin" +WRAPPER="${BIN_DIR}/huskies" + +if [ ! -f "${BINARY_PATH}" ]; then + echo "Error: binary not found at ${BINARY_PATH}" + echo "Run: cargo build --release" + exit 1 +fi + +mkdir -p "${BIN_DIR}" + +cp "${BINARY_PATH}" "${UNDERLYING}" +chmod +x "${UNDERLYING}" +echo "==> Installed binary: ${UNDERLYING}" + +cat > "${WRAPPER}" << 'WRAPPER_EOF' +#!/usr/bin/env bash +# Codesign-heal wrapper — re-signs ~/bin/huskies-bin if the signature is +# missing or invalid, then execs the binary. Logs only when it re-signs. +BIN="${HOME}/bin/huskies-bin" + +if ! codesign --verify --quiet "${BIN}" 2>/dev/null; then + codesign -s - "${BIN}" + echo "[codesign-heal] re-signed ~/bin/huskies-bin" >&2 +fi + +exec "${BIN}" "$@" +WRAPPER_EOF +chmod +x "${WRAPPER}" +echo "==> Installed wrapper: ${WRAPPER}" diff --git a/start.sh b/start.sh new file mode 100644 index 00000000..693eac9d --- /dev/null +++ b/start.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +# Start huskies via the codesign-heal wrapper. +# +# The wrapper at ~/bin/huskies re-signs the underlying binary if needed before +# exec-ing it, so a missed re-sign after a build/copy never produces a silent +# SIGKILL on Apple Silicon. +exec "${HOME}/bin/huskies" "$@"