Merge pull request #160417 from steinybot/fix/iterm2-signing

maintainers/maintainer-list.nix

@@ -11682,6 +11682,17 @@
       githubId = 55607356;
       name = "Stephan Heßelmann";
   };
+  steinybot = {
+    name = "Jason Pickens";
+    email = "jasonpickensnz@gmail.com";
+    matrix = "@steinybot:matrix.org";
+    github = "steinybot";
+    githubId = 4659562;
+    keys = [{
+      longkeyid = "ed25519/0x21DE1CAE59762A0F";
+      fingerprint = "2709 1DEC CC42 4635 4299  569C 21DE 1CAE 5976 2A0F";
+    }];
+  };
   stelcodes = {
     email = "stel@stel.codes";
     github = "stelcodes";

pkgs/applications/terminal-emulators/iterm2/default.nix

@@ -1,48 +1,42 @@
-{ lib, stdenvNoCC, fetchFromGitHub }:
+{ fetchzip, lib, stdenvNoCC }:
 
  /*
- This derivation is impure: it relies on an Xcode toolchain being installed
- and available in the expected place. The values of sandboxProfile
- are copied pretty directly from the MacVim derivation, which
- is also impure. In order to build you at least need the `sandbox`
- option set to `relaxed` or `false`.
+ This cannot be built from source as it requires entitlements and
+ for that it needs to be code signed. Automatic updates will have
+ to be disabled via preferences instead of at build time. To do
+ that edit $HOME/Library/Preferences/com.googlecode.iterm2.plist
+ and add:
+ SUEnableAutomaticChecks = 0;
  */
 
 stdenvNoCC.mkDerivation rec {
   pname = "iterm2";
-  version = "3.4.14";
+  version = "3.4.15";
 
-  src = fetchFromGitHub {
-    owner = "gnachman";
-    repo = "iTerm2";
-    rev = "v${version}";
-    sha256 = "sha256-sDCnBO7xDpecu2cSjpHwync2DVsj9EKUmgpqEVLtxRM=";
+  src = fetchzip {
+    url = "https://iterm2.com/downloads/stable/iTerm2-${lib.replaceStrings ["."] ["_"] version}.zip";
+    sha256 = "sha256-ZE/uYBKB2popdIdZWA8AvyJiwMzt32u6u/H/AyNcoVo=";
   };
 
-  patches = [ ./disable_updates.patch ];
-  postPatch = ''
-    sed -i -e 's/CODE_SIGN_IDENTITY = "Developer ID Application"/CODE_SIGN_IDENTITY = ""/g' ./iTerm2.xcodeproj/project.pbxproj
-  '';
-
-  preConfigure = "LD=$CC";
-  makeFlagsArray = ["Nix"];
   installPhase = ''
-    mkdir -p $out/Applications
-    mv Build/Products/Deployment/iTerm2.app $out/Applications/iTerm.app
-  '';
-
-  sandboxProfile = ''
-     (allow file-read* file-write* process-exec mach-lookup)
-     ; block homebrew dependencies
-     (deny file-read* file-write* process-exec mach-lookup (subpath "/usr/local") (with no-log))
+    runHook preInstall
+    APP_DIR="$out/Applications/iTerm2.app"
+    mkdir -p "$APP_DIR"
+    cp -r . "$APP_DIR"
+    mkdir -p "$out/bin"
+    cat << EOF > "$out/bin/iterm2"
+    #!${stdenvNoCC.shell}
+    open -na "$APP_DIR" --args "$@"
+    EOF
+    chmod +x "$out/bin/iterm2"
+    runHook postInstall
   '';
 
   meta = with lib; {
     description = "A replacement for Terminal and the successor to iTerm";
     homepage = "https://www.iterm2.com/";
     license = licenses.gpl2;
-    maintainers = with maintainers; [ tricktron ];
-    platforms = platforms.darwin;
-    hydraPlatforms = [];
+    maintainers = with maintainers; [ steinybot tricktron ];
+    platforms = [ "x86_64-darwin" "aarch64-darwin" ];
   };
 }