Skip to content

fix(macos): make GraalVM Mach-O post-processing safe with validation and rollback (#247)#248

Open
RavenLiao wants to merge 1 commit into
NucleusFramework:mainfrom
RavenLiao:fix-macos-macho-safe-postprocess-247
Open

fix(macos): make GraalVM Mach-O post-processing safe with validation and rollback (#247)#248
RavenLiao wants to merge 1 commit into
NucleusFramework:mainfrom
RavenLiao:fix-macos-macho-safe-postprocess-247

Conversation

@RavenLiao
Copy link
Copy Markdown
Contributor

@RavenLiao RavenLiao commented May 18, 2026

🚀 Description

Refactored macOS GraalVM post-processing to use a safe, transactional mutation flow instead of destructive in-place edits.

Main changes:

  • Added SafeMachOFileMutation helper for copy → mutate → validate → replace flow.
  • Updated Mach-O build version patching (vtool) to use safe mutation + validation (otool -l, vtool -show-build).
  • Reworked stripDylibs to per-file Kotlin processing via the same safe path.
  • Added operation summaries in logs (total/success/kept-original).
  • Added unit tests for success/failure/rollback behaviors.

📄 Motivation and Context

Fixes macOS packaging issue #247 where in-place Mach-O mutation could leave corrupted binaries inside .app bundles when tool execution failed.

This change ensures:

  • Original binary is preserved on mutation/validation failure.
  • Only validated results replace original files.
  • Single-file failures degrade to warnings instead of poisoning the whole bundle.

🧪 How Has This Been Tested?

Local verification (Windows/static):

  • ./gradlew :plugin-build:plugin:test --tests "io.github.kdroidfilter.nucleus.desktop.application.internal.SafeMachOFileMutationTest" --tests "io.github.kdroidfilter.nucleus.desktop.application.tasks.AotArgFileSupportTest"
  • ./gradlew :plugin-build:plugin:check

Added tests cover:

  • successful replacement path
  • mutation failure keeps original
  • validation failure keeps original
  • remove-signature failure is non-fatal
  • extra validation failure keeps original

Note:

  • Real toolchain/runtime validation with vtool/otool/codesign/strip still needs a macOS environment.

📦 Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

✅ Checklist

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RavenLiao