Macos: nixpkgs-24.11 qtdeclarative-6.8.3 result in `/bin/sh: codesign: command not found`

OlivierLDff · April 27, 2025, 10:36am

Following the PR discussion, everything makes now sense:

github.com/NixOS/nixpkgs

[Backport release-24.11] qt6.qtdeclarative: add sigtool on Darwin

NixOS:release-24.11 ← vcunat:p/qtdeclarative-darwin

opened 06:08AM - 27 Apr 25 UTC

vcunat

+5 -0

Needed since 6.9 (cherry picked from commit 5ee44006365d2b2f184eef6dd6a2ec645…61d8a4a) See https://github.com/NixOS/nixpkgs/pull/398849#issuecomment-2832612995 ## Things done - Built on platform(s) - [x] no rebuild except on .isDarwin - [ ] x86_64-darwin - [x] aarch64-darwin - For non-Linux: Is sandboxing enabled in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html)) - [ ] `sandbox = relaxed` - [ ] `sandbox = true` - [ ] Tested, as applicable: - [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) - and/or [package tests](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#package-tests) - or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test) - made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages - [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage) - [ ] Tested basic functionality of all binary files (usually in `./result/bin/`) - [25.05 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) Release notes) - [ ] (Package updates) Added a release notes entry if the change is major or breaking - [ ] (Module updates) Added a release notes entry if the change is significant - [ ] (Module addition) Added a release notes entry if adding a new NixOS module - [x] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).  --- Add a :+1: [reaction] to [pull requests you find important]. [reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ [pull requests you find important]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc

So adding darwin.sigtool was indeed the key for the builder to access codesign.

Coming back to my original questions:

Is it some kind of bug in upstream nixpkgs: Yes since Qt6.9 codesign was required in the build but missing.
Or is there an extra undocumented step to codesign: I haven’t tried that on my system but maybe sandboxing should be disabled?