docs: update §2A codesign hook snippet to the fail-loud form#53
Merged
Conversation
The canonical §2A snippet showed the original simple hook, but all six family CLIs ship the hardened fail-loud form. Match the doc to reality: CODESIGN_DARWIN_SCRIPT unset → skip (local/opt-out); set but missing or non-executable → error and fail the build instead of silently shipping an unsigned binary. Also clarify the surrounding prose to spell out the three cases.
Contributor
Author
|
Codex architect review (continuity session from the signing initiative) The §2A snippet now matches the shipped convention, and the prose correctly distinguishes unset env from broken configured env. No contradiction with the self-gated signing/check-signature model. STATUS: blockers=0 majors=0 minors=0 nits=0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The canonical
distribution.md §2Asnippet still showed the original simple hook, but all six family CLIs (cfl/jtk/gro/nrq/cr/slck) ship the hardened fail-loud form. This aligns the doc with what's actually deployed:CODESIGN_DARWIN_SCRIPTunset → skip (local build / opt-out).Snippet + surrounding prose updated; docs only.