From 1a737e8f106a88e6374e95eb97b32a3ae7abb6af Mon Sep 17 00:00:00 2001 From: dvcdsys Date: Thu, 7 May 2026 15:24:22 +0100 Subject: [PATCH] fix(server): re-sign bundled llama-server on darwin to survive macOS amfid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit macOS Sequoia (26+) tightened the amfid (AppleMobileFileIntegrity) policy: ad-hoc-signed binaries whose linked dylibs carry stale signatures or a com.apple.provenance xattr from the previous bundle get SIGKILL'd within milliseconds of execve. Symptom in the supervisor: `signal: killed` with empty stderr (kill happens before the child can write a single byte), followed by exhausted restart budget and the boot path failing with "embeddings: llama-server not ready: context deadline exceeded". Root cause is that `cp -R $(LLAMA_DIR)/. $(BUNDLE_DIR)/llama/` in the existing `bundle:` target creates new files macOS treats as untrusted; whatever blessing the previous bundle had does not carry over. So the fix has to run on every bundle, not just first install. Wraps the strip + deep re-sign in `ifeq ($(OS),darwin)` so other platforms are unaffected. Tested with two consecutive `make bundle` + direct llama-server invocation cycles — both stay alive past the first metal_library_init log line where the previous behaviour died. Co-Authored-By: Claude Opus 4.7 --- server/Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/server/Makefile b/server/Makefile index 22f3f0e..e3360dc 100644 --- a/server/Makefile +++ b/server/Makefile @@ -95,6 +95,16 @@ bundle: fetch-llama build @# filepath.Dir(os.Executable())/llama default resolves correctly. mkdir -p $(BUNDLE_DIR)/llama cp -R $(LLAMA_DIR)/. $(BUNDLE_DIR)/llama/ +ifeq ($(OS),darwin) + @# macOS Sequoia (26+) tightened amfid: ad-hoc-signed binaries whose + @# linked dylibs carry stale signatures or a com.apple.provenance + @# xattr from the previous bundle get SIGKILL'd within milliseconds + @# of execve — supervisor sees "signal: killed" with empty stderr. + @# `cp -R` creates new files macOS treats as untrusted, so the strip + @# + deep re-sign must run on every bundle, not just first install. + @xattr -cr $(BUNDLE_DIR)/llama/ + @codesign --force --deep --sign - $(BUNDLE_DIR)/llama/llama-server +endif @echo "Bundle ready: $(BUNDLE_DIR)" @echo "Optional: tar czf $(DIST_DIR)/$(BUNDLE_NAME).tar.gz -C $(DIST_DIR) $(BUNDLE_NAME)"