From 2f7667136ee95ce07dde23c49d2de526b45e3293 Mon Sep 17 00:00:00 2001
From: Giacomo Cusinato <7659518+giacomocusinato@users.noreply.github.com>
Date: Wed, 5 Nov 2025 11:06:14 +0100
Subject: [PATCH 1/2] chore: remove `allow-dyld-environment-variables`
 entitlement

---
 electron-app/resources/entitlements.mac.plist | 2 --
 1 file changed, 2 deletions(-)

diff --git a/electron-app/resources/entitlements.mac.plist b/electron-app/resources/entitlements.mac.plist
index be8b7163d..46f675661 100644
--- a/electron-app/resources/entitlements.mac.plist
+++ b/electron-app/resources/entitlements.mac.plist
@@ -8,7 +8,5 @@
     <true/>
     <key>com.apple.security.cs.disable-library-validation</key>
     <true/>
-    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
-    <true/>
 </dict>
 </plist>

From 5d282f38496e96dcba02818536c0835bd684ec98 Mon Sep 17 00:00:00 2001
From: Giacomo Cusinato <7659518+giacomocusinato@users.noreply.github.com>
Date: Wed, 5 Nov 2025 16:37:01 +0100
Subject: [PATCH 2/2] fix: bundle theia native dependencies with stricter
 permissions

---
 electron-app/webpack.config.js | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/electron-app/webpack.config.js b/electron-app/webpack.config.js
index d259e150e..4b18cc3be 100644
--- a/electron-app/webpack.config.js
+++ b/electron-app/webpack.config.js
@@ -1,5 +1,7 @@
 const path = require('node:path');
+const fs = require('fs');
 const webpack = require('webpack');
+const TheiaNativeWebpackPlugin = require('@theia/native-webpack-plugin');
 const frontend = require('./gen-webpack.config');
 const backend = require('./gen-webpack.node.config');
 const {
@@ -39,6 +41,27 @@ backend.config.entry['parcel-watcher'] = {
   },
 };
 
+// Override Theia native dependency bundler to assign stricter file permissions (chmod 755)
+// https://github.com/eclipse-theia/theia/blob/9a52544fb4c1ea1d3d0d6bcbe106b97184279030/dev-packages/native-webpack-plugin/src/native-webpack-plugin.ts#L149
+class NativeWebpackPlugin extends TheiaNativeWebpackPlugin {
+  // Override the method that writes/copies files
+  async copyExecutable(source, target) {
+    const targetDirectory = path.dirname(target);
+    await fs.promises.mkdir(targetDirectory, { recursive: true });
+    await fs.promises.copyFile(source, target);
+    await fs.promises.chmod(target, 0o755);
+  }
+}
+backend.config.plugins.push(new NativeWebpackPlugin({
+  out: 'native',
+  trash: true,
+  ripgrep: true,
+  pty: true,
+  nativeBindings: {
+    drivelist: 'drivelist/build/Release/drivelist.node',
+  },
+}));
+
 // Use a customized backend main that can enable the file logger in bundled mode.
 backend.config.entry['main'] = require.resolve('./arduino-ide-backend-main.js');