Skip to content

koodo-reader: set mac signing identity to null#432381

Merged
pbsds merged 1 commit intoNixOS:masterfrom
TomaSajt:koodo-reader
Aug 11, 2025
Merged

koodo-reader: set mac signing identity to null#432381
pbsds merged 1 commit intoNixOS:masterfrom
TomaSajt:koodo-reader

Conversation

@TomaSajt
Copy link
Contributor

@TomaSajt TomaSajt commented Aug 9, 2025
edited
Loading

Followup to #395560 (comment)

I just made this blindly, so please try to build this on your aarch64-darwin machine.

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@ofborg ofborg bot added the 6.topic: darwin Running or building packages on Darwin label Aug 9, 2025
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels Aug 9, 2025
@ghost
Copy link

ghost commented Aug 9, 2025

build good

koodo-reader> npm verbose cli /nix/store/s7dd5qi3fzjj8q5mmygi8pasp91n727c-nodejs-22.17.0/bin/node /nix/store/s7dd5qi3fzjj8q5mmygi8pasp91n727c-nodejs-22.17.0/bin/npm
koodo-reader> npm info using npm@10.9.2
koodo-reader> npm info using node@v22.17.0
koodo-reader> npm verbose title npm rebuild cpu-features
koodo-reader> npm verbose argv "rebuild" "--loglevel" "verbose" "cpu-features"
koodo-reader> npm verbose logfile logs-max:10 dir:/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/tmp.8tKV5Dbv5I/.npm/_logs/2025-08-09T23_35_55_152Z-
koodo-reader> npm verbose logfile /nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/tmp.8tKV5Dbv5I/.npm/_logs/2025-08-09T23_35_55_152Z-debug-0.log
koodo-reader> npm http fetch GET https://registry.npmjs.org/npm attempt 1 failed with ENOTFOUND
koodo-reader> \|/-\|npm info run cpu-features@0.0.10 install node_modules/cpu-features node buildcheck.js > buildcheck.gypi && node-gyp rebuild
koodo-reader> /-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-\npm info run cpu-features@0.0.10 install { code: 0, signal: null }
koodo-reader> \rebuilt dependencies successfully
koodo-reader> \npm verbose cwd /nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/source
koodo-reader> \npm verbose os Darwin 23.6.0
koodo-reader> \npm verbose node v22.17.0
koodo-reader> \npm verbose npm  v10.9.2
koodo-reader> \npm verbose exit 0
koodo-reader> \npm info ok
koodo-reader> \
koodo-reader> > koodo-reader@2.0.9 postinstall
koodo-reader> > sed 's/^#include .nan_scriptorigin\.h./\/\/ #include nan_scriptorigin.h/' ./node_modules/nan/nan.h > ./node_modules/nan/nan.h.new && mv ./node_modules/nan/nan.h.new ./node_modules/nan/nan.h && electron-builder install-app-deps
koodo-reader> 
koodo-reader>   • injecting environment  envFile=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/source/electron-builder.env
koodo-reader>   • electron-builder  version=26.0.12
koodo-reader>   • loaded configuration  file=package.json ("build" field)
koodo-reader>   • executing @electron/rebuild  electronVersion=34.1.1 arch=arm64 buildFromSource=false appDir=./
koodo-reader>   • installing native dependencies  arch=arm64
koodo-reader>   • preparing       moduleName=better-sqlite3 arch=arm64
koodo-reader>   • finished        moduleName=better-sqlite3 arch=arm64
koodo-reader>   • preparing       moduleName=cpu-features arch=arm64
koodo-reader>   • finished        moduleName=cpu-features arch=arm64
koodo-reader>   • completed installing native dependencies
koodo-reader> \yarn run v1.22.22
koodo-reader> $ /nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/source/node_modules/.bin/electron-builder --dir -c.electronDist=electron-dist -c.electronVersion=35.7.4
koodo-reader>   • injecting environment  envFile=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/source/electron-builder.env
koodo-reader>   • electron-builder  version=26.0.12 os=23.6.0
koodo-reader>   • loaded configuration  file=package.json ("build" field)
koodo-reader>   • @electron/rebuild already used by electron-builder, please consider to remove excess dependency from devDependencies
koodo-reader> 
koodo-reader> To ensure your native dependencies are always matched electron version, simply add script `"postinstall": "electron-builder install-app-deps" to your `package.json`
koodo-reader>   • writing effective config  file=dist/builder-effective-config.yaml
koodo-reader>   • executing @electron/rebuild  electronVersion=35.7.4 arch=arm64 buildFromSource=false appDir=./
koodo-reader>   • installing native dependencies  arch=arm64
koodo-reader>   • preparing       moduleName=better-sqlite3 arch=arm64
koodo-reader>   • finished        moduleName=better-sqlite3 arch=arm64
koodo-reader>   • preparing       moduleName=cpu-features arch=arm64
koodo-reader>   • finished        moduleName=cpu-features arch=arm64
koodo-reader>   • completed installing native dependencies
koodo-reader>   • packaging       platform=darwin arch=arm64 electron=35.7.4 appOutDir=dist/mac-arm64
koodo-reader>   • custom electronDist provided but no zip found; assuming unpacked electron directory.  electronDist=electron-dist expectedFile=electron-v35.7.4-darwin-arm64.zip
koodo-reader>   • copying Electron  source=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/source/electron-dist/Electron.app destination=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/source/dist/mac-arm64/Electron.app
koodo-reader>   • skipped macOS application code signing  reason=, see https://electron.build/code-signing CSC_IDENTITY_AUTO_DISCOVERY=false
koodo-reader> ✨  Done in 39.30s.
koodo-reader> buildPhase completed in 1 minutes 53 seconds
koodo-reader> Running phase: installPhase
koodo-reader> Running phase: fixupPhase
koodo-reader> checking for references to /nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-17219-1408698715/ in /nix/store/js0dwj9zd44n93hvfd5w6f6mfd6d0hx5-koodo-reader-2.0.9...
koodo-reader> patching script interpreter paths in /nix/store/js0dwj9zd44n93hvfd5w6f6mfd6d0hx5-koodo-reader-2.0.9
koodo-reader> stripping (with command strip and flags -S) in  /nix/store/js0dwj9zd44n93hvfd5w6f6mfd6d0hx5-koodo-reader-2.0.9/bin /nix/store/js0dwj9zd44n93hvfd5w6f6mfd6d0hx5-koodo-reader-2.0.9/Applications

@TomaSajt
Copy link
Contributor Author

TomaSajt commented Aug 9, 2025

okay, let me check if I can reduce the patch to just notarize: false

@TomaSajt
Copy link
Contributor Author

TomaSajt commented Aug 9, 2025

could you try now?

@ghost
Copy link

ghost commented Aug 10, 2025 

oodo-reader> To ensure your native dependencies are always matched electron version, simply add script `"postinstall": "electron-builder install-app-deps" to your `package.json`
koodo-reader>   • writing effective config  file=dist/builder-effective-config.yaml
koodo-reader>   • executing @electron/rebuild  electronVersion=35.7.4 arch=arm64 buildFromSource=false appDir=./
koodo-reader>   • installing native dependencies  arch=arm64
koodo-reader>   • preparing       moduleName=better-sqlite3 arch=arm64
koodo-reader>   • finished        moduleName=better-sqlite3 arch=arm64
koodo-reader>   • preparing       moduleName=cpu-features arch=arm64
koodo-reader>   • finished        moduleName=cpu-features arch=arm64
koodo-reader>   • completed installing native dependencies
koodo-reader>   • packaging       platform=darwin arch=arm64 electron=35.7.4 appOutDir=dist/mac-arm64
koodo-reader>   • custom electronDist provided but no zip found; assuming unpacked electron directory.  electronDist=electron-dist expectedFile=electron-v35.7.4-darwin-arm64.zip
koodo-reader>   • copying Electron  source=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/electron-dist/Electron.app destination=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/dist/mac-arm64/Electron.app
koodo-reader>   ⨯ spawn EPERM     failedTask=build stackTrace=Error: spawn EPERM
koodo-reader>     at ChildProcess.spawn (node:internal/child_process:420:11)
koodo-reader>     at spawn (node:child_process:754:9)
koodo-reader>     at execFile (node:child_process:347:17)
koodo-reader>     at /nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/builder-util/src/util.ts:99:13
koodo-reader>     at new Promise (<anonymous>)
koodo-reader>     at exec (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/builder-util/src/util.ts:98:10)
koodo-reader>     at getValidIdentities (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/codeSign/macCodeSign.ts:234:11)
koodo-reader>     at _findIdentity (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/codeSign/macCodeSign.ts:269:23)
koodo-reader>     at findIdentity (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/codeSign/macCodeSign.ts:332:12)
koodo-reader>     at MacPackager.sign (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/macPackager.ts:257:36)
koodo-reader> error Command failed with exit code 1.
koodo-reader> info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error: Cannot build '/nix/store/wh0xzyc3ab8mx1qlw6z4kxxq00qky0sk-koodo-reader-2.0.9.drv'.
       Reason: builder failed with exit code 1.
       Output paths:
         /nix/store/rd9q9v35cfayqlf4da58cczdwww6vagd-koodo-reader-2.0.9
       Last 25 log lines:
       > To ensure your native dependencies are always matched electron version, simply add script `"postinstall": "electron-builder install-app-deps" to your `package.json`
       >   • writing effective config  file=dist/builder-effective-config.yaml
       >   • executing @electron/rebuild  electronVersion=35.7.4 arch=arm64 buildFromSource=false appDir=./
       >   • installing native dependencies  arch=arm64
       >   • preparing       moduleName=better-sqlite3 arch=arm64
       >   • finished        moduleName=better-sqlite3 arch=arm64
       >   • preparing       moduleName=cpu-features arch=arm64
       >   • finished        moduleName=cpu-features arch=arm64
       >   • completed installing native dependencies
       >   • packaging       platform=darwin arch=arm64 electron=35.7.4 appOutDir=dist/mac-arm64
       >   • custom electronDist provided but no zip found; assuming unpacked electron directory.  electronDist=electron-dist expectedFile=electron-v35.7.4-darwin-arm64.zip
       >   • copying Electron  source=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/electron-dist/Electron.app destination=/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/dist/mac-arm64/Electron.app
       >   ⨯ spawn EPERM     failedTask=build stackTrace=Error: spawn EPERM
       >     at ChildProcess.spawn (node:internal/child_process:420:11)
       >     at spawn (node:child_process:754:9)
       >     at execFile (node:child_process:347:17)
       >     at /nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/builder-util/src/util.ts:99:13
       >     at new Promise (<anonymous>)
       >     at exec (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/builder-util/src/util.ts:98:10)
       >     at getValidIdentities (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/codeSign/macCodeSign.ts:234:11)
       >     at _findIdentity (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/codeSign/macCodeSign.ts:269:23)
       >     at findIdentity (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/codeSign/macCodeSign.ts:332:12)
       >     at MacPackager.sign (/nix/var/nix/builds/nix-build-koodo-reader-2.0.9.drv-4718-2285463589/source/node_modules/app-builder-lib/src/macPackager.ts:257:36)
       > error Command failed with exit code 1.
       > info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
       For full logs, run:
         nix log /nix/store/wh0xzyc3ab8mx1qlw6z4kxxq00qky0sk-koodo-reader-2.0.9.drv

@TomaSajt
Copy link
Contributor Author

TomaSajt commented Aug 10, 2025

Alright, if it's not the notarize variable, it has to be the identity variable.
Could you try now?

@pbsds
Copy link
Member

pbsds commented Aug 10, 2025
edited
Loading

seems to build, but i cannot test it since i don't have a physical darwin machine

please squash

@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 1 This PR was reviewed and approved by one person. and removed 9.needs: reviewer This PR currently has no reviewers requested and needs attention. labels Aug 10, 2025
@TomaSajt
Copy link
Contributor Author

TomaSajt commented Aug 10, 2025

Please don't merge yet.

The main question is: does it build fine even without this PR?
I'll try to do some testing (though I don't have an aarch64-darwin machine either)

@TomaSajt TomaSajt changed the title koodo-reader: disable notarization on darwin koodo-reader: set mac signing identity to null Aug 10, 2025
@TomaSajt
Copy link
Contributor Author

TomaSajt commented Aug 10, 2025

I checked via github-actions and this is the message without this PR:

   • skipped macOS application code signing  reason=Identity name is specified, but no valid identity with this name in the keychain identity=Liang Guo allIdentities=     0 identities found
                                                 Valid identities only
      0 valid identities found

the same thing happens with both x86_64-darwin and aarch64-darwin

I guess the failure only happens if we have a valid signing identity.

But after this PR, this is the message:

   • skipped macOS code signing  reason=identity explicitly is set to null

So I think this is working fine.

@pbsds
Copy link
Member

pbsds commented Aug 11, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 432381
Commit: aee7acd461cd30b6e54748feced6b1b57d776259

x86_64-linux

✅ 1 package built:
  • koodo-reader

aarch64-linux

✅ 1 package built:
  • koodo-reader

x86_64-darwin

✅ 1 package built:
  • koodo-reader

aarch64-darwin

✅ 1 package built:
  • koodo-reader

@pbsds pbsds merged commit a75a062 into NixOS:master Aug 11, 2025
25 of 27 checks passed
@teutat3s teutat3s mentioned this pull request Sep 30, 2025
Merged
13 tasks
@TomaSajt TomaSajt deleted the koodo-reader branch January 20, 2026 18:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pbsds pbsds pbsds approved these changes

Assignees

No one assigned

Labels

6.topic: darwin Running or building packages on Darwin 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-linux: 1 This PR causes 1 package to rebuild on Linux. 11.by: package-maintainer This PR was created by a maintainer of all the package it changes. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TomaSajt @pbsds