From a56016c4fc223a3ebeb992704da8d9f43d473520 Mon Sep 17 00:00:00 2001
From: Opeyemi Alao <54288773+Eeebru@users.noreply.github.com>
Date: Mon, 7 Oct 2024 16:31:15 +0100
Subject: [PATCH 1/5] update mas hardened runtime to true

---
 apps/desktop/electron-builder.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json
index be30e063c1a..e5672bbdf7f 100644
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -141,7 +141,7 @@
     "entitlements": "resources/entitlements.mas.plist",
     "entitlementsInherit": "resources/entitlements.mas.inherit.plist",
     "entitlementsLoginHelper": "resources/entitlements.mas.loginhelper.plist",
-    "hardenedRuntime": false,
+    "hardenedRuntime": true,
     "extendInfo": {
       "LSMinimumSystemVersion": "12",
       "ElectronTeamID": "LTZ2PFU5D6"

From 8dabbd4ca44a5c5cb5647624bb99521440fd6b73 Mon Sep 17 00:00:00 2001
From: Opeyemi Alao <54288773+Eeebru@users.noreply.github.com>
Date: Mon, 7 Oct 2024 16:47:05 +0100
Subject: [PATCH 2/5] comment testflight and slack notif branch checks

---
 .github/workflows/build-desktop.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 5022184bd05..3a4cb3b8f42 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -1033,10 +1033,10 @@ jobs:
 
       - name: Deploy to TestFlight
         id: testflight-deploy
-        if: |
-            (github.ref == 'refs/heads/main'
-            || github.ref == 'refs/heads/rc'
-            || github.ref == 'refs/heads/hotfix-rc-desktop')
+        # if: |
+            # (github.ref == 'refs/heads/main'
+            # || github.ref == 'refs/heads/rc'
+            # || github.ref == 'refs/heads/hotfix-rc-desktop')
         env:
           APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
@@ -1050,10 +1050,10 @@ jobs:
 
       - name: Post message to a Slack channel
         id: slack-message
-        if: |
-            (github.ref == 'refs/heads/main'
-            || github.ref == 'refs/heads/rc'
-            || github.ref == 'refs/heads/hotfix-rc-desktop')
+        # if: |
+            # (github.ref == 'refs/heads/main'
+            # || github.ref == 'refs/heads/rc'
+            # || github.ref == 'refs/heads/hotfix-rc-desktop')
         uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
         with:
           channel-id: C074F5UESQ0

From 39efe243f2600e743be65789d8921331428b1f88 Mon Sep 17 00:00:00 2001
From: Opeyemi Alao <54288773+Eeebru@users.noreply.github.com>
Date: Fri, 27 Dec 2024 12:41:31 +0000
Subject: [PATCH 3/5] add more entitlement permissions

---
 .../resources/entitlements.desktop_proxy.inherit.plist        | 4 ++++
 apps/desktop/resources/entitlements.desktop_proxy.plist       | 4 ++++
 apps/desktop/resources/entitlements.mas.inherit.plist         | 2 +-
 apps/desktop/resources/entitlements.mas.plist                 | 4 ++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist b/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
index 794eada1cad..3ba8706380d 100644
--- a/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
+++ b/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
@@ -6,5 +6,9 @@
 	<true/>
 	<key>com.apple.security.inherit</key>
 	<true/>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
 </dict>
 </plist>
diff --git a/apps/desktop/resources/entitlements.desktop_proxy.plist b/apps/desktop/resources/entitlements.desktop_proxy.plist
index d5c7b8a2cc8..7f77c55f4fd 100644
--- a/apps/desktop/resources/entitlements.desktop_proxy.plist
+++ b/apps/desktop/resources/entitlements.desktop_proxy.plist
@@ -8,5 +8,9 @@
 	<array>
 		<string>LTZ2PFU5D6.com.bitwarden.desktop</string>
 	</array>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
 </dict>
 </plist>
diff --git a/apps/desktop/resources/entitlements.mas.inherit.plist b/apps/desktop/resources/entitlements.mas.inherit.plist
index 7e1674a8f16..3dd68db614e 100644
--- a/apps/desktop/resources/entitlements.mas.inherit.plist
+++ b/apps/desktop/resources/entitlements.mas.inherit.plist
@@ -8,7 +8,7 @@
 	<true/>
 	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
 	<true/>
-	<key>com.apple.security.cs.disable-library-validation</key>
+	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
 	<!--
 	<key>com.apple.developer.authentication-services.autofill-credential-provider</key>
diff --git a/apps/desktop/resources/entitlements.mas.plist b/apps/desktop/resources/entitlements.mas.plist
index 07cbd0efbab..771c3067334 100644
--- a/apps/desktop/resources/entitlements.mas.plist
+++ b/apps/desktop/resources/entitlements.mas.plist
@@ -34,5 +34,9 @@
 		<string>/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts/</string>
         <string>/Library/Application Support/Vivaldi/NativeMessagingHosts/</string>
 	</array>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
 </dict>
 </plist>

From f7e5e31a7e558faabe7369097eb236aafc7fe726 Mon Sep 17 00:00:00 2001
From: Opeyemi Alao <54288773+Eeebru@users.noreply.github.com>
Date: Fri, 27 Dec 2024 12:45:34 +0000
Subject: [PATCH 4/5] uncomment PR target

---
 .github/workflows/build-desktop.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index e554694c2ee..22ff5c49c6e 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -1174,8 +1174,8 @@ jobs:
 
       - name: Deploy to TestFlight
         id: testflight-deploy
-#         if: |
-#           github.event_name != 'pull_request_target'
+        if: |
+          github.event_name != 'pull_request_target'
 #           && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
         env:
           APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
@@ -1190,8 +1190,8 @@ jobs:
 
       - name: Post message to a Slack channel
         id: slack-message
-#         if: |
-#           github.event_name != 'pull_request_target'
+        if: |
+          github.event_name != 'pull_request_target'
 #           && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
         uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
         with:

From 694a90c14a80bff65115cc54a941cd41079e3956 Mon Sep 17 00:00:00 2001
From: Opeyemi Alao <54288773+Eeebru@users.noreply.github.com>
Date: Mon, 30 Dec 2024 16:21:25 +0000
Subject: [PATCH 5/5] update entitlements

---
 apps/desktop/resources/entitlements.desktop_proxy.inherit.plist | 2 --
 apps/desktop/resources/entitlements.desktop_proxy.plist         | 2 --
 apps/desktop/resources/entitlements.mas.inherit.plist           | 2 --
 apps/desktop/resources/entitlements.mas.plist                   | 2 --
 4 files changed, 8 deletions(-)

diff --git a/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist b/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
index 3ba8706380d..fca5f02d52d 100644
--- a/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
+++ b/apps/desktop/resources/entitlements.desktop_proxy.inherit.plist
@@ -8,7 +8,5 @@
 	<true/>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
-	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-	<true/>
 </dict>
 </plist>
diff --git a/apps/desktop/resources/entitlements.desktop_proxy.plist b/apps/desktop/resources/entitlements.desktop_proxy.plist
index 7f77c55f4fd..1a39a482389 100644
--- a/apps/desktop/resources/entitlements.desktop_proxy.plist
+++ b/apps/desktop/resources/entitlements.desktop_proxy.plist
@@ -10,7 +10,5 @@
 	</array>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
-	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-	<true/>
 </dict>
 </plist>
diff --git a/apps/desktop/resources/entitlements.mas.inherit.plist b/apps/desktop/resources/entitlements.mas.inherit.plist
index 3dd68db614e..7e957fce7ce 100644
--- a/apps/desktop/resources/entitlements.mas.inherit.plist
+++ b/apps/desktop/resources/entitlements.mas.inherit.plist
@@ -6,8 +6,6 @@
 	<true/>
 	<key>com.apple.security.inherit</key>
 	<true/>
-	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-	<true/>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
 	<!--
diff --git a/apps/desktop/resources/entitlements.mas.plist b/apps/desktop/resources/entitlements.mas.plist
index 771c3067334..0450111bebd 100644
--- a/apps/desktop/resources/entitlements.mas.plist
+++ b/apps/desktop/resources/entitlements.mas.plist
@@ -36,7 +36,5 @@
 	</array>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
-	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-	<true/>
 </dict>
 </plist>