Added entitlements file for codesigning.

shannah · Jan 14, 2022 · 22070e7 · 22070e7
1 parent 3a318bf
commit 22070e7
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 2 deletions.
diff --git a/installer/src/main/java/ca/weblite/jdeploy/installer/Main.java b/installer/src/main/java/ca/weblite/jdeploy/installer/Main.java
@@ -80,7 +80,7 @@ private Document getAppXMLDocument() throws IOException {
             try (FileInputStream fis = new FileInputStream(appXml)) {
                 appXMLDocument = parseXml(fis);
             } catch (Exception ex) {
-                throw new IOException("Failed tyo parse app.xml: "+ex.getMessage(), ex);
+                throw new IOException("Failed to parse app.xml: "+ex.getMessage(), ex);
             }
         }
         return appXMLDocument;

diff --git a/shared/src/main/java/com/joshondesign/appbundler/mac/MacBundler.java b/shared/src/main/java/com/joshondesign/appbundler/mac/MacBundler.java
@@ -31,6 +31,7 @@
 import javax.imageio.ImageReader;
 import javax.imageio.stream.ImageInputStream;
 import net.coobird.thumbnailator.Thumbnails;
+import org.apache.commons.io.FileUtils;
 
 /**
  * Created by IntelliJ IDEA.
@@ -161,7 +162,23 @@ public static BundlerResult start(AppDescription app, String dest_dir, String re
             if (/*codesignClient == null &&*/ app.isMacCodeSigningEnabled()) {
                 //codesign --deep --verbose=4 -f -s "$CERT" "$1"
                 System.out.println("Signing "+appDir.getAbsolutePath());
-                ProcessBuilder pb = new ProcessBuilder("/usr/bin/codesign", "--deep", "--verbose=4", "-f", "--options", "runtime", "-s", app.getMacCertificateName(), appDir.getAbsolutePath());
+
+                File entitlementsFile = new File("jdeploy.mac.bundle.entitlements");
+                if (!entitlementsFile.exists()) {
+                    entitlementsFile = File.createTempFile("jdeploy.mac.bundle", ".entitlements");
+                    entitlementsFile.deleteOnExit();
+                    FileUtils.copyInputStreamToFile(MacBundler.class.getResourceAsStream("mac.bundle.entitlements"), entitlementsFile);
+                }
+                ProcessBuilder pb = new ProcessBuilder("/usr/bin/codesign",
+                            "--deep",
+                            "--verbose=4",
+                            "-f",
+                            "--options", "runtime",
+                            "-s", app.getMacCertificateName(),
+                            "--entitlements", entitlementsFile.getAbsolutePath(),
+                            appDir.getAbsolutePath());
+
+
                 pb.inheritIO();
                 Process p = pb.start();
                 int exitCode = p.waitFor();

diff --git a/shared/src/main/resources/com/joshondesign/appbundler/mac/mac.bundle.entitlements b/shared/src/main/resources/com/joshondesign/appbundler/mac/mac.bundle.entitlements
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+
+    <!-- Allow your application read/write access to the file selected by the user. -->
+    <key>com.apple.security.files.user-selected.read-write</key>
+    <true/>
+    <key>com.apple.security.files.bookmarks.app-scope</key>
+    <true/>
+    <key>com.apple.security.network.client</key>
+    <true/>
+    <key>com.apple.security.print</key>
+    <true/>
+
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.automation.apple-events</key>
+    <true/>
+
+</dict>
+</plist>