diff --git a/crates/language/src/language.rs b/crates/language/src/language.rs
index 73de5af12c..786b158551 100644
--- a/crates/language/src/language.rs
+++ b/crates/language/src/language.rs
@@ -260,8 +260,15 @@ impl Language {
 
             const ZED_BUNDLE: Option<&'static str> = option_env!("ZED_BUNDLE");
             let binary_path = if ZED_BUNDLE.map_or(Ok(false), |b| b.parse())? {
-                cx.platform()
-                    .path_for_resource(Some(&config.binary), None)?
+                let bundled_path = cx
+                    .platform()
+                    .path_for_resource(Some(&config.binary), None)?;
+                std::fs::set_permissions(
+                    &bundled_path,
+                    <std::fs::Permissions as std::os::unix::fs::PermissionsExt>::from_mode(0o755),
+                )
+                .unwrap();
+                bundled_path
             } else {
                 Path::new(&config.binary).to_path_buf()
             };
diff --git a/script/bundle b/script/bundle
index ecc295de9a..a9b0fe3dde 100755
--- a/script/bundle
+++ b/script/bundle
@@ -23,6 +23,7 @@ lipo -create target/x86_64-apple-darwin/release/Zed target/aarch64-apple-darwin/
 
 # Bundle rust-analyzer
 cp vendor/bin/rust-analyzer target/x86_64-apple-darwin/release/bundle/osx/Zed.app/Contents/Resources/
+chmod -x target/x86_64-apple-darwin/release/bundle/osx/Zed.app/Contents/Resources/rust-analyzer
 
 # Sign the app bundle with an ad-hoc signature so it runs on the M1. We need a real certificate but this works for now.
 if [[ -n $MACOS_CERTIFICATE && -n $MACOS_CERTIFICATE_PASSWORD && -n $APPLE_NOTARIZATION_USERNAME && -n $APPLE_NOTARIZATION_PASSWORD ]]; then
@@ -34,7 +35,6 @@ if [[ -n $MACOS_CERTIFICATE && -n $MACOS_CERTIFICATE_PASSWORD && -n $APPLE_NOTAR
     security import /tmp/zed-certificate.p12 -k zed.keychain -P $MACOS_CERTIFICATE_PASSWORD -T /usr/bin/codesign
     rm /tmp/zed-certificate.p12
     security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PASSWORD zed.keychain
-    /usr/bin/codesign --force --deep --timestamp --options runtime --sign "Zed Industries, Inc." target/x86_64-apple-darwin/release/bundle/osx/Zed.app/Contents/Resources/rust-analyzer -v
     /usr/bin/codesign --force --deep --timestamp --options runtime --sign "Zed Industries, Inc." target/x86_64-apple-darwin/release/bundle/osx/Zed.app -v
     security default-keychain -s login.keychain
 else