fix(conda): fix hardcoded library paths in conda packages#7713
Merged
Conversation
Conda packages often contain hardcoded library paths from the build environment (e.g., /Users/runner/miniforge3/conda-bld/...) that don't exist on users' machines. This causes runtime failures when binaries try to load shared libraries. This commit adds post-extraction library path fixing: **macOS:** - Uses `otool -L` to find library dependencies with hardcoded paths - Uses `install_name_tool -change` to rewrite paths to @rpath - Adds appropriate rpaths (@executable_path/../lib, @loader_path) - Re-signs binaries with ad-hoc signatures (required after modification) - Removes quarantine/provenance attributes that can block execution - Verifies original signatures before modification to detect tampering **Linux:** - Uses `patchelf --set-rpath` to set $ORIGIN-relative paths - Gracefully skips if patchelf is not installed Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Tests that conda:postgresql installs and runs correctly, verifying that hardcoded library paths are properly patched. PostgreSQL has ~23 dependencies including ncurses, readline, and openssl which require library path fixes to work. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes runtime failures in conda packages caused by hardcoded library paths from the build environment. The solution implements platform-specific binary patching: on macOS using install_name_tool and codesign, on Linux using patchelf, to rewrite library paths and ensure binaries can locate their dependencies in the actual installation directory.
Changes:
- Added
fix_library_paths()method with platform-specific implementations for macOS and Linux - Added helper functions to identify Mach-O (macOS) and ELF (Linux) binary files
- Integrated library path fixing into the installation process after package extraction
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/backend/conda.rs
Outdated
Comment on lines
+462
to
+475
| .args([ | ||
| "-r", | ||
| "-d", | ||
| "com.apple.quarantine", | ||
| install_dir.to_str().unwrap_or(""), | ||
| ]) | ||
| .output(); | ||
| let _ = Command::new("xattr") | ||
| .args([ | ||
| "-r", | ||
| "-d", | ||
| "com.apple.provenance", | ||
| install_dir.to_str().unwrap_or(""), | ||
| ]) |
There was a problem hiding this comment.
The empty string fallback in to_str().unwrap_or("") will cause xattr to silently fail when the path contains invalid UTF-8. Consider propagating an error or logging a warning when path conversion fails.
Suggested change
| .args([ | |
| "-r", | |
| "-d", | |
| "com.apple.quarantine", | |
| install_dir.to_str().unwrap_or(""), | |
| ]) | |
| .output(); | |
| let _ = Command::new("xattr") | |
| .args([ | |
| "-r", | |
| "-d", | |
| "com.apple.provenance", | |
| install_dir.to_str().unwrap_or(""), | |
| ]) | |
| .arg("-r") | |
| .arg("-d") | |
| .arg("com.apple.quarantine") | |
| .arg(install_dir) | |
| .output(); | |
| let _ = Command::new("xattr") | |
| .arg("-r") | |
| .arg("-d") | |
| .arg("com.apple.provenance") | |
| .arg(install_dir) |
src/backend/conda.rs
Outdated
| // Verify the original binary has a valid signature before modifying | ||
| // This ensures the download wasn't corrupted or tampered with | ||
| let verify_result = Command::new("codesign") | ||
| .args(["--verify", file_path.to_str().unwrap_or("")]) |
There was a problem hiding this comment.
Using an empty string fallback for file paths will cause command failures to be silent. When to_str() returns None, the command will fail but this won't be distinguished from actual signature verification failures. Consider handling the None case explicitly or propagating an error.
src/backend/conda.rs
Outdated
|
|
||
| // Get current library dependencies using otool | ||
| let output = match Command::new("otool") | ||
| .args(["-L", file_path.to_str().unwrap_or("")]) |
There was a problem hiding this comment.
Empty string fallback will cause otool to fail silently. When encountering non-UTF-8 paths, the command failure will be caught by the Err(_) => continue handler, but this masks the actual issue. Consider logging when path conversion fails.
src/backend/conda.rs
Outdated
Comment on lines
+527
to
+534
| let _ = Command::new("install_name_tool") | ||
| .args([ | ||
| "-change", | ||
| &old_path, | ||
| new_path.to_str().unwrap_or(""), | ||
| file_path.to_str().unwrap_or(""), | ||
| ]) | ||
| .output(); |
There was a problem hiding this comment.
Empty string fallbacks in critical path modification commands can cause silent failures. If path conversion fails, install_name_tool will receive invalid arguments but the error is discarded. Consider checking command success or logging failures.
src/backend/conda.rs
Outdated
Comment on lines
+615
to
+616
| // For other locations, use absolute path | ||
| lib_dir.to_str().unwrap_or("$ORIGIN/../lib") |
There was a problem hiding this comment.
This fallback is incorrect - when lib_dir path conversion fails, using the literal string '$ORIGIN/../lib' as an absolute path argument to patchelf --set-rpath will create a broken rpath. The fallback should either propagate an error or use a valid default rpath pattern.
Suggested change
| // For other locations, use absolute path | |
| lib_dir.to_str().unwrap_or("$ORIGIN/../lib") | |
| // For other locations, use absolute path; if conversion fails, skip this file | |
| match lib_dir.to_str() { | |
| Some(path) => path, | |
| None => { | |
| debug!( | |
| "lib directory path is not valid UTF-8, skipping RPATH fix for {:?}", | |
| file_path | |
| ); | |
| continue; | |
| } | |
| } |
src/backend/conda.rs
Outdated
Comment on lines
+619
to
+621
| let _ = Command::new("patchelf") | ||
| .args(["--set-rpath", rpath, file_path.to_str().unwrap_or("")]) | ||
| .output(); |
There was a problem hiding this comment.
Empty string fallback will cause patchelf to fail when processing files with non-UTF-8 paths. The error is silently discarded with let _ =, making it difficult to diagnose issues. Consider logging failures or checking command success.
Suggested change
| let _ = Command::new("patchelf") | |
| .args(["--set-rpath", rpath, file_path.to_str().unwrap_or("")]) | |
| .output(); | |
| match Command::new("patchelf") | |
| .arg("--set-rpath") | |
| .arg(rpath) | |
| .arg(&file_path) | |
| .output() | |
| { | |
| Ok(output) => { | |
| if !output.status.success() { | |
| warn!( | |
| "patchelf failed for {:?} with status {}: {}", | |
| file_path, | |
| output.status, | |
| String::from_utf8_lossy(&output.stderr) | |
| ); | |
| } | |
| } | |
| Err(e) => { | |
| warn!("failed to run patchelf for {:?}: {}", file_path, e); | |
| } | |
| } |
Moves macOS and Linux library path fixing code into separate modules: - conda_macos.rs: install_name_tool, codesign, xattr handling - conda_linux.rs: patchelf RPATH handling This improves code organization and makes platform-specific logic easier to maintain. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Skip binaries that don't have hardcoded conda paths to preserve their original checksums. This is important for tools like Santa (Google's binary authorization) that allowlist executables by checksum. Before: All Mach-O files were modified and re-signed, changing checksums After: Only files with hardcoded conda paths are modified Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
Fix inconsistent condition where is_dylib was used instead of needs_id_fix when actually applying the ID fix. This ensures dylibs outside lib_dir are handled consistently with the skip logic. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create conda_common.rs with shared binary detection utilities - Move magic number constants (Mach-O and ELF) to common module - Extract find_binary_files() generic function for walking directories - Simplify platform modules to use common utilities - Break up long functions into smaller, focused helper functions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
# Conflicts: # src/backend/conda.rs
Hyperfine Performance
|
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.3 x -- echo |
19.6 ± 0.4 | 18.9 | 24.6 | 1.00 |
mise x -- echo |
19.9 ± 2.4 | 19.1 | 72.3 | 1.01 ± 0.13 |
mise env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.3 env |
19.0 ± 0.3 | 18.4 | 23.1 | 1.00 |
mise env |
19.1 ± 0.3 | 18.4 | 20.7 | 1.01 ± 0.02 |
mise hook-env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.3 hook-env |
19.3 ± 0.4 | 18.6 | 23.1 | 1.00 |
mise hook-env |
19.5 ± 0.3 | 18.8 | 20.9 | 1.01 ± 0.03 |
mise ls
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.3 ls |
17.6 ± 0.2 | 17.1 | 18.5 | 1.00 |
mise ls |
17.9 ± 0.5 | 17.2 | 20.5 | 1.02 ± 0.03 |
xtasks/test/perf
| Command | mise-2026.1.3 | mise | Variance |
|---|---|---|---|
| install (cached) | 110ms | 110ms | +0% |
| ls (cached) | 67ms | 67ms | +0% |
| bin-paths (cached) | 71ms | 71ms | +0% |
| task-ls (cached) | 278ms | -61% |
jdx
pushed a commit
that referenced
this pull request
Jan 17, 2026
### 🚀 Features - **(conda)** add dependency locking for reproducible installations by @jdx in [#7708](#7708) - **(http)** add JSON filter syntax for version extraction by @jdx in [#7707](#7707) - **(http)** add version_expr support and Tera templating by @jdx in [#7723](#7723) - **(task)** add [monorepo].config_roots for explicit config root listing by @jdx in [#7705](#7705) - **(task)** support env vars in task dependencies by @jdx in [#7724](#7724) ### 🐛 Bug Fixes - **(conda)** fix hardcoded library paths in conda packages by @jdx in [#7713](#7713) - **(env)** avoid venv/go backend deadlock during env resolution by @stk0vrfl0w in [#7696](#7696) - **(python)** sort CPython versions at end of ls-remote output by @jdx in [#7721](#7721) - **(task)** resolve remote task files before display and validation commands by @yannrouillard in [#7681](#7681) - **(task)** support monorepo paths in `mise tasks deps` by @chadxz in [#7699](#7699) - **(task)** resolve all monorepo path hints in deps by @chadxz in [#7698](#7698) ### 📚 Documentation - remove outdated roadmap page by @jdx in [#7726](#7726) ### ⚡ Performance - **(task)** fix task-ls cached performance regression by @jdx in [#7716](#7716) ### 📦️ Dependency Updates - replace dependency @tsconfig/node22 with @tsconfig/node24 by @renovate[bot] in [#7618](#7618) ### 📦 Registry - add aqua backend for smithy by @jdx in [#7661](#7661) - remove low-usage asdf plugins by @jdx in [#7701](#7701) - disable mirrord test by @jdx in [#7703](#7703) - use vfox-dotnet as default backend by @jdx in [#7704](#7704) - use vfox-lua as default lua backend by @jdx in [#7706](#7706) - add vfox backend for redis by @jdx in [#7709](#7709) - use vfox-postgres as default postgres backend by @jdx in [#7710](#7710) - use github backend for kotlin by @jdx in [#7711](#7711) - add vfox backend for leiningen by @jdx in [#7714](#7714) - use pipx backend for meson by @jdx in [#7712](#7712) - use github backend for crystal by @jdx in [#7715](#7715) - use conda backend for sqlite by @jdx in [#7718](#7718) - use conda backend for make by @jdx in [#7719](#7719) - swift-package-list use github backend by @jdx in [#7720](#7720) ### Chore - increase macos release build timeout to 90 minutes by @jdx in [#7725](#7725) ### New Contributors - @yannrouillard made their first contribution in [#7681](#7681) - @stk0vrfl0w made their first contribution in [#7696](#7696) ## 📦 Aqua Registry Updates #### New Packages (4) - [`chevdor/tera-cli`](https://github.com/chevdor/tera-cli) - [`goforj/wire`](https://github.com/goforj/wire) - [`gravitational/teleport`](https://github.com/gravitational/teleport) - [`jackchuka/mdschema`](https://github.com/jackchuka/mdschema) #### Updated Packages (2) - [`ollama/ollama`](https://github.com/ollama/ollama) - [`twpayne/chezmoi`](https://github.com/twpayne/chezmoi)
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Jan 22, 2026
## [2026.1.5](https://github.com/jdx/mise/compare/v2026.1.4..v2026.1.5) - 2026-01-19 ### 🚀 Features - **(complete)** add PowerShell completion support by @jdx in [#7746](jdx/mise#7746) - **(release)** add LLM-generated prose summary to release notes by @jdx in [#7737](jdx/mise#7737) - **(vfox)** add semver Lua module for version sorting by @jdx in [#7739](jdx/mise#7739) - **(vfox)** add rolling release support with checksum tracking by @jdx in [#7757](jdx/mise#7757) - dry filetask parsing and validation by @makp0 in [#7738](jdx/mise#7738) ### 🐛 Bug Fixes - **(completions)** bump usage-cli to 2.13.1 for PowerShell support by @jdx in [#7756](jdx/mise#7756) - schema missing env required string variant by @vadimpiven in [#7734](jdx/mise#7734) - validate unknown fields in filetask headers by @makp0 in [#7733](jdx/mise#7733) - disable schemacrawler test by @jdx in [#7743](jdx/mise#7743) - replace double forward slash with single slash in get_task_lists by @collinstevens in [#7744](jdx/mise#7744) - require LLM for release notes and include aqua section by @jdx in [#7745](jdx/mise#7745) - preserve {{ version }} in tool options during config load by @jdx in [#7755](jdx/mise#7755) ### 📚 Documentation - add documentation URL structure guidance to CLAUDE.md by @jdx in [#7740](jdx/mise#7740) - add pitchfork promotion by @jdx in [#7747](jdx/mise#7747) ### 📦️ Dependency Updates - relax version constraints and update dependencies by @jdx in [#7736](jdx/mise#7736) - lock file maintenance by @renovate[bot] in [#7749](jdx/mise#7749) ### Chore - bump xx to 2.3.1 by @jdx in [#7753](jdx/mise#7753) ### New Contributors - @collinstevens made their first contribution in [#7744](jdx/mise#7744) - @makp0 made their first contribution in [#7738](jdx/mise#7738) - @vadimpiven made their first contribution in [#7734](jdx/mise#7734) ## [2026.1.4](https://github.com/jdx/mise/compare/v2026.1.3..v2026.1.4) - 2026-01-17 ### 🚀 Features - **(conda)** add dependency locking for reproducible installations by @jdx in [#7708](jdx/mise#7708) - **(http)** add JSON filter syntax for version extraction by @jdx in [#7707](jdx/mise#7707) - **(http)** add version_expr support and Tera templating by @jdx in [#7723](jdx/mise#7723) - **(task)** add [monorepo].config_roots for explicit config root listing by @jdx in [#7705](jdx/mise#7705) - **(task)** support env vars in task dependencies by @jdx in [#7724](jdx/mise#7724) ### 🐛 Bug Fixes - **(conda)** fix hardcoded library paths in conda packages by @jdx in [#7713](jdx/mise#7713) - **(env)** avoid venv/go backend deadlock during env resolution by @stk0vrfl0w in [#7696](jdx/mise#7696) - **(locked)** exempt tool stubs from lockfile requirements by @jdx in [#7729](jdx/mise#7729) - **(python)** sort CPython versions at end of ls-remote output by @jdx in [#7721](jdx/mise#7721) - **(task)** resolve remote task files before display and validation commands by @yannrouillard in [#7681](jdx/mise#7681) - **(task)** support monorepo paths in `mise tasks deps` by @chadxz in [#7699](jdx/mise#7699) - **(task)** resolve all monorepo path hints in deps by @chadxz in [#7698](jdx/mise#7698) ### 📚 Documentation - remove outdated roadmap page by @jdx in [#7726](jdx/mise#7726) ### ⚡ Performance - **(task)** fix task-ls cached performance regression by @jdx in [#7716](jdx/mise#7716) ### 📦️ Dependency Updates - replace dependency @tsconfig/node22 with @tsconfig/node24 by @renovate[bot] in [#7618](jdx/mise#7618) ### 📦 Registry - add aqua backend for smithy by @jdx in [#7661](jdx/mise#7661) - remove low-usage asdf plugins by @jdx in [#7701](jdx/mise#7701) - disable mirrord test by @jdx in [#7703](jdx/mise#7703) - use vfox-dotnet as default backend by @jdx in [#7704](jdx/mise#7704) - use vfox-lua as default lua backend by @jdx in [#7706](jdx/mise#7706) - add vfox backend for redis by @jdx in [#7709](jdx/mise#7709) - use vfox-postgres as default postgres backend by @jdx in [#7710](jdx/mise#7710) - use github backend for kotlin by @jdx in [#7711](jdx/mise#7711) - add vfox backend for leiningen by @jdx in [#7714](jdx/mise#7714) - use pipx backend for meson by @jdx in [#7712](jdx/mise#7712) - use github backend for crystal by @jdx in [#7715](jdx/mise#7715) - use conda backend for sqlite by @jdx in [#7718](jdx/mise#7718) - use conda backend for make by @jdx in [#7719](jdx/mise#7719) - swift-package-list use github backend by @jdx in [#7720](jdx/mise#7720) ### Chore - increase macos release build timeout to 90 minutes by @jdx in [#7725](jdx/mise#7725) ### New Contributors - @yannrouillard made their first contribution in [#7681](jdx/mise#7681) - @stk0vrfl0w made their first contribution in [#7696](jdx/mise#7696) ## [2026.1.3](https://github.com/jdx/mise/compare/v2026.1.2..v2026.1.3) - 2026-01-16 ### 🚀 Features - **(s3)** add S3 backend for private artifact storage by @jdx in [#7668](jdx/mise#7668) - **(upgrade)** use installed_tool completer for mise upgrade by @jdx in [#7670](jdx/mise#7670) - **(upgrade)** add --exclude flag to mise upgrade command by @jdx in [#7669](jdx/mise#7669) - add no hooks and no env flags by @aacebedo in [#7560](jdx/mise#7560) ### 🐛 Bug Fixes - **(backend)** allow upgrading vfox backend tools with symlinked installations by @TyceHerrman in [#7012](jdx/mise#7012) - **(backend)** reject architecture mismatches in asset selection by @jdx in [#7672](jdx/mise#7672) - **(backend)** canonicalize symlink target before installs check by @jdx in [#7671](jdx/mise#7671) - **(npm)** avoid circular dependency when npm is in dependencies by @AprilNEA in [#7644](jdx/mise#7644) - **(self-update)** skip update when already at latest version by @jdx in [#7666](jdx/mise#7666) - fall back to GITHUB_TOKEN for github.com by @subdigital in [#7667](jdx/mise#7667) - GitHub token fallback by @subdigital in [#7673](jdx/mise#7673) - inherit tasks from parent configs in monorepos by @chadxz in [#7643](jdx/mise#7643) ### 📚 Documentation - **(contributing)** update registry examples by @scop in [#7660](jdx/mise#7660) - **(contributing)** update registry PR title rule by @scop in [#7663](jdx/mise#7663) - remove 404 link from contributing by @opswole in [#7692](jdx/mise#7692) - clarify that backend plugins should sort the version list by @ofalvai in [#7680](jdx/mise#7680) ### 📦️ Dependency Updates - update ghcr.io/jdx/mise:alpine docker digest to 11f659e by @renovate[bot] in [#7685](jdx/mise#7685) - update ghcr.io/jdx/mise:copr docker digest to 3adaea4 by @renovate[bot] in [#7686](jdx/mise#7686) - update ghcr.io/jdx/mise:deb docker digest to 8bbca53 by @renovate[bot] in [#7687](jdx/mise#7687) - update ghcr.io/jdx/mise:rpm docker digest to de81415 by @renovate[bot] in [#7688](jdx/mise#7688) - update mcr.microsoft.com/devcontainers/rust:1 docker digest to 282e805 by @renovate[bot] in [#7690](jdx/mise#7690) - update rust docker digest to bed2d7f by @renovate[bot] in [#7691](jdx/mise#7691) ### 📦 Registry - add oh-my-posh by @scop in [#7659](jdx/mise#7659) - add bibtex-tidy (npm:bibtex-tidy) by @3w36zj6 in [#7677](jdx/mise#7677) - remove misconfigured bin_path option from kscript by @risu729 in [#7693](jdx/mise#7693) ### New Contributors - @AprilNEA made their first contribution in [#7644](jdx/mise#7644) - @opswole made their first contribution in [#7692](jdx/mise#7692) - @subdigital made their first contribution in [#7673](jdx/mise#7673) - @aacebedo made their first contribution in [#7560](jdx/mise#7560)
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Jan 25, 2026
## [2026.1.5](https://github.com/jdx/mise/compare/v2026.1.4..v2026.1.5) - 2026-01-19 ### 🚀 Features - **(complete)** add PowerShell completion support by @jdx in [#7746](jdx/mise#7746) - **(release)** add LLM-generated prose summary to release notes by @jdx in [#7737](jdx/mise#7737) - **(vfox)** add semver Lua module for version sorting by @jdx in [#7739](jdx/mise#7739) - **(vfox)** add rolling release support with checksum tracking by @jdx in [#7757](jdx/mise#7757) - dry filetask parsing and validation by @makp0 in [#7738](jdx/mise#7738) ### 🐛 Bug Fixes - **(completions)** bump usage-cli to 2.13.1 for PowerShell support by @jdx in [#7756](jdx/mise#7756) - schema missing env required string variant by @vadimpiven in [#7734](jdx/mise#7734) - validate unknown fields in filetask headers by @makp0 in [#7733](jdx/mise#7733) - disable schemacrawler test by @jdx in [#7743](jdx/mise#7743) - replace double forward slash with single slash in get_task_lists by @collinstevens in [#7744](jdx/mise#7744) - require LLM for release notes and include aqua section by @jdx in [#7745](jdx/mise#7745) - preserve {{ version }} in tool options during config load by @jdx in [#7755](jdx/mise#7755) ### 📚 Documentation - add documentation URL structure guidance to CLAUDE.md by @jdx in [#7740](jdx/mise#7740) - add pitchfork promotion by @jdx in [#7747](jdx/mise#7747) ### 📦️ Dependency Updates - relax version constraints and update dependencies by @jdx in [#7736](jdx/mise#7736) - lock file maintenance by @renovate[bot] in [#7749](jdx/mise#7749) ### Chore - bump xx to 2.3.1 by @jdx in [#7753](jdx/mise#7753) ### New Contributors - @collinstevens made their first contribution in [#7744](jdx/mise#7744) - @makp0 made their first contribution in [#7738](jdx/mise#7738) - @vadimpiven made their first contribution in [#7734](jdx/mise#7734) ## [2026.1.4](https://github.com/jdx/mise/compare/v2026.1.3..v2026.1.4) - 2026-01-17 ### 🚀 Features - **(conda)** add dependency locking for reproducible installations by @jdx in [#7708](jdx/mise#7708) - **(http)** add JSON filter syntax for version extraction by @jdx in [#7707](jdx/mise#7707) - **(http)** add version_expr support and Tera templating by @jdx in [#7723](jdx/mise#7723) - **(task)** add [monorepo].config_roots for explicit config root listing by @jdx in [#7705](jdx/mise#7705) - **(task)** support env vars in task dependencies by @jdx in [#7724](jdx/mise#7724) ### 🐛 Bug Fixes - **(conda)** fix hardcoded library paths in conda packages by @jdx in [#7713](jdx/mise#7713) - **(env)** avoid venv/go backend deadlock during env resolution by @stk0vrfl0w in [#7696](jdx/mise#7696) - **(locked)** exempt tool stubs from lockfile requirements by @jdx in [#7729](jdx/mise#7729) - **(python)** sort CPython versions at end of ls-remote output by @jdx in [#7721](jdx/mise#7721) - **(task)** resolve remote task files before display and validation commands by @yannrouillard in [#7681](jdx/mise#7681) - **(task)** support monorepo paths in `mise tasks deps` by @chadxz in [#7699](jdx/mise#7699) - **(task)** resolve all monorepo path hints in deps by @chadxz in [#7698](jdx/mise#7698) ### 📚 Documentation - remove outdated roadmap page by @jdx in [#7726](jdx/mise#7726) ### ⚡ Performance - **(task)** fix task-ls cached performance regression by @jdx in [#7716](jdx/mise#7716) ### 📦️ Dependency Updates - replace dependency @tsconfig/node22 with @tsconfig/node24 by @renovate[bot] in [#7618](jdx/mise#7618) ### 📦 Registry - add aqua backend for smithy by @jdx in [#7661](jdx/mise#7661) - remove low-usage asdf plugins by @jdx in [#7701](jdx/mise#7701) - disable mirrord test by @jdx in [#7703](jdx/mise#7703) - use vfox-dotnet as default backend by @jdx in [#7704](jdx/mise#7704) - use vfox-lua as default lua backend by @jdx in [#7706](jdx/mise#7706) - add vfox backend for redis by @jdx in [#7709](jdx/mise#7709) - use vfox-postgres as default postgres backend by @jdx in [#7710](jdx/mise#7710) - use github backend for kotlin by @jdx in [#7711](jdx/mise#7711) - add vfox backend for leiningen by @jdx in [#7714](jdx/mise#7714) - use pipx backend for meson by @jdx in [#7712](jdx/mise#7712) - use github backend for crystal by @jdx in [#7715](jdx/mise#7715) - use conda backend for sqlite by @jdx in [#7718](jdx/mise#7718) - use conda backend for make by @jdx in [#7719](jdx/mise#7719) - swift-package-list use github backend by @jdx in [#7720](jdx/mise#7720) ### Chore - increase macos release build timeout to 90 minutes by @jdx in [#7725](jdx/mise#7725) ### New Contributors - @yannrouillard made their first contribution in [#7681](jdx/mise#7681) - @stk0vrfl0w made their first contribution in [#7696](jdx/mise#7696) ## [2026.1.3](https://github.com/jdx/mise/compare/v2026.1.2..v2026.1.3) - 2026-01-16 ### 🚀 Features - **(s3)** add S3 backend for private artifact storage by @jdx in [#7668](jdx/mise#7668) - **(upgrade)** use installed_tool completer for mise upgrade by @jdx in [#7670](jdx/mise#7670) - **(upgrade)** add --exclude flag to mise upgrade command by @jdx in [#7669](jdx/mise#7669) - add no hooks and no env flags by @aacebedo in [#7560](jdx/mise#7560) ### 🐛 Bug Fixes - **(backend)** allow upgrading vfox backend tools with symlinked installations by @TyceHerrman in [#7012](jdx/mise#7012) - **(backend)** reject architecture mismatches in asset selection by @jdx in [#7672](jdx/mise#7672) - **(backend)** canonicalize symlink target before installs check by @jdx in [#7671](jdx/mise#7671) - **(npm)** avoid circular dependency when npm is in dependencies by @AprilNEA in [#7644](jdx/mise#7644) - **(self-update)** skip update when already at latest version by @jdx in [#7666](jdx/mise#7666) - fall back to GITHUB_TOKEN for github.com by @subdigital in [#7667](jdx/mise#7667) - GitHub token fallback by @subdigital in [#7673](jdx/mise#7673) - inherit tasks from parent configs in monorepos by @chadxz in [#7643](jdx/mise#7643) ### 📚 Documentation - **(contributing)** update registry examples by @scop in [#7660](jdx/mise#7660) - **(contributing)** update registry PR title rule by @scop in [#7663](jdx/mise#7663) - remove 404 link from contributing by @opswole in [#7692](jdx/mise#7692) - clarify that backend plugins should sort the version list by @ofalvai in [#7680](jdx/mise#7680) ### 📦️ Dependency Updates - update ghcr.io/jdx/mise:alpine docker digest to 11f659e by @renovate[bot] in [#7685](jdx/mise#7685) - update ghcr.io/jdx/mise:copr docker digest to 3adaea4 by @renovate[bot] in [#7686](jdx/mise#7686) - update ghcr.io/jdx/mise:deb docker digest to 8bbca53 by @renovate[bot] in [#7687](jdx/mise#7687) - update ghcr.io/jdx/mise:rpm docker digest to de81415 by @renovate[bot] in [#7688](jdx/mise#7688) - update mcr.microsoft.com/devcontainers/rust:1 docker digest to 282e805 by @renovate[bot] in [#7690](jdx/mise#7690) - update rust docker digest to bed2d7f by @renovate[bot] in [#7691](jdx/mise#7691) ### 📦 Registry - add oh-my-posh by @scop in [#7659](jdx/mise#7659) - add bibtex-tidy (npm:bibtex-tidy) by @3w36zj6 in [#7677](jdx/mise#7677) - remove misconfigured bin_path option from kscript by @risu729 in [#7693](jdx/mise#7693) ### New Contributors - @AprilNEA made their first contribution in [#7644](jdx/mise#7644) - @opswole made their first contribution in [#7692](jdx/mise#7692) - @subdigital made their first contribution in [#7673](jdx/mise#7673) - @aacebedo made their first contribution in [#7560](jdx/mise#7560)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
install_name_toolto rewrite paths andcodesignto re-sign binariespatchelfto set $ORIGIN-relative rpathsProblem
Conda packages contain hardcoded library paths from the build environment (e.g.,
/Users/runner/miniforge3/conda-bld/...) that don't exist on users' machines:Test plan
conda:jq@1.7.1and verifyjq --versionworksconda:postgresql@17.2and verifypsql --versionworks🤖 Generated with Claude Code
Note
Introduces platform-specific post-install fixes so conda packages run without build-time path leaks.
conda_common.rsutilities and platform modules:conda_macos.rs(usesinstall_name_tool, adds rpaths, removes quarantine, re-signs withcodesign) andconda_linux.rs(usespatchelfto set $ORIGIN-based RPATHs)platform::fix_library_pathsafter extracting packages inconda.rsconda:postgresql@17.2to validate path patching across many depsWritten by Cursor Bugbot for commit 16b0196. This will update automatically on new commits. Configure here.