Skip to content

Commit

Permalink
add entitlements and sign framework dependencies of tray-electron
Browse files Browse the repository at this point in the history
all the suggested entitlements mentioned in the electron docs
and the entitlement required to run applescripts are added

sign the framework .dylib and executable files
  • Loading branch information
anjannath committed Mar 1, 2022
1 parent 4b00cd9 commit c76f3c2
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 1 deletion.
12 changes: 12 additions & 0 deletions packaging/CodeReady_Containers.app.entitlements
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.debugger</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
</dict>
</plist>
17 changes: 16 additions & 1 deletion packaging/package.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,21 @@ function sign() {
codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --force ${opts} "$1"
}

function signAppBundle() {
if [ "${NO_CODESIGN}" -eq "1" ]; then
return
fi
entitlements=$(sed -e 's| |_|g' <<< "${BASEDIR}/$(basename "$1").entitlements")
if [ ! -f "${entitlements}" ]; then
echo "ERROR: need entitlement file: ${entitlements}"
return
fi

frameworks=$(find "$1"/Contents/Frameworks -depth -type d -name "*.framework" -or -name "*.dylib" -or -type f -perm +111)
echo "${frameworks}" | xargs -t -I % codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime % || true
codesign --deep --sign "${CODESIGN_IDENTITY}" --options runtime --force --entitlements "${entitlements}" "$1"
}

binDir="${BASEDIR}/root/Applications/CodeReady Containers.app/Contents/Resources"

version=$(cat "${BASEDIR}/VERSION")
Expand All @@ -27,7 +42,7 @@ sign "${binDir}/crc"
sign "${binDir}/crc-admin-helper-darwin"
sign "${binDir}/crc-driver-hyperkit"

sign "${BASEDIR}/root/Applications/CodeReady Containers.app"
signAppBundle "${BASEDIR}/root/Applications/CodeReady Containers.app"

codesign --verify --verbose "${binDir}/hyperkit"
codesign --verify --verbose "${binDir}/qcow-tool"
Expand Down

0 comments on commit c76f3c2

Please sign in to comment.