Skip to content

fix(release): generate signed Homebrew frameworks#34

Merged
cameroncooke merged 1 commit intomainfrom
fix/homebrew-framework-signing
Mar 5, 2026
Merged

fix(release): generate signed Homebrew frameworks#34
cameroncooke merged 1 commit intomainfrom
fix/homebrew-framework-signing

Conversation

@cameroncooke
Copy link
Copy Markdown
Owner

@cameroncooke cameroncooke commented Mar 5, 2026
edited by cursor bot
Loading

Summary

  • update the Homebrew formula generator to re-sign installed framework bundles
  • keep future releases aligned with the formula fix already pushed to the tap repo
  • prevent regenerated formulas from restoring the broken post_install signing logic

Verification

  • bash -n scripts/generate-homebrew-formula.sh
  • generated formula includes framework bundle re-signing
  • verified Homebrew-installed AXe works against a real booted simulator
  • verified installed AXe binary remains universal (x86_64 + arm64)

Note

Medium Risk
Changes the generated Homebrew formula post_install codesigning behavior, which can affect end-user installation/runtime on macOS. Scope is small but errors here would break the Homebrew-installed binary and embedded frameworks.

Overview
Updates scripts/generate-homebrew-formula.sh so the generated formula post_install explicitly re-signs each Frameworks/*.framework bundle, instead of attempting to recursively detect and sign Mach-O files.

Also adds an explicit codesign step for the installed axe binary after frameworks are signed, to keep regenerated formulas aligned with the tap’s signing fix.

Written by Cursor Bugbot for commit aa26b10. This will update automatically on new commits. Configure here.

@cameroncooke @codex
fix(release): Generate signed Homebrew frameworks
aa26b10 
Update the Homebrew formula generator so future releases re-sign
installed framework bundles instead of individual files.

This matches the formula fix that was validated against a clean
Homebrew install and real simulator interaction, and prevents future
releases from regenerating the broken post_install signing logic.

Co-Authored-By: Codex <noreply@openai.com>
@cameroncooke cameroncooke merged commit 53bf441 into main Mar 5, 2026
3 of 4 checks passed
@cameroncooke cameroncooke deleted the fix/homebrew-framework-signing branch March 5, 2026 23:42
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 5, 2026

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 59c12ee5-3719-4c8b-b9b5-18ed8bf544be

📥 Commits

Reviewing files that changed from the base of the PR and between 5fa61b7 and aa26b10.

📒 Files selected for processing (1)
  • scripts/generate-homebrew-formula.sh

Walkthrough

The pull request modifies the post_install function in scripts/generate-homebrew-formula.sh to change the signing approach for frameworks and binaries. The previous implementation iterated through files in libexec, performed file type checks using the file command, maintained a signed_paths cache, and avoided signing framework binaries within nested paths. The new implementation replaces this logic with two explicit signing commands targeting frameworks at libexec/Frameworks/*.framework and the binary at libexec/axe. Per-file iteration, file command invocations, and Mach-O qualification checks have been removed. The net change comprises 4 lines added and 15 lines removed.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cameroncooke