diff --git a/CMakeLists.txt b/CMakeLists.txt
index ac4c8a9ac6..8375dff7bb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -334,12 +334,13 @@ if(MINGW)
set(PLUGIN_INSTALL_DIR ".")
set(DATA_INSTALL_DIR "share")
elseif(APPLE AND WITH_APP_BUNDLE)
- set(CMAKE_INSTALL_MANDIR "${PROGNAME}.app/Contents/Resources/man")
- set(CLI_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
- set(PROXY_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
- set(BIN_INSTALL_DIR "${PROGNAME}.app/Contents/MacOS")
- set(PLUGIN_INSTALL_DIR "${PROGNAME}.app/Contents/PlugIns")
- set(DATA_INSTALL_DIR "${PROGNAME}.app/Contents/Resources")
+ set(BUNDLE_INSTALL_DIR "${PROGNAME}.app/Contents")
+ set(CMAKE_INSTALL_MANDIR "${BUNDLE_INSTALL_DIR}/Resources/man")
+ set(CLI_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+ set(PROXY_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+ set(BIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
+ set(PLUGIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/PlugIns")
+ set(DATA_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/Resources")
else()
include(GNUInstallDirs)
diff --git a/release-tool b/release-tool
index 6d217ca9db..26fc7fae84 100755
--- a/release-tool
+++ b/release-tool
@@ -1200,9 +1200,14 @@ appsign() {
exitError "Unpacking failed!"
fi
- logInfo "Signing app..."
- xcrun codesign --sign "${key}" --verbose --deep --entitlements \
- "${real_src_dir}/share/macosx/keepassxc.entitlements" ./app/KeePassXC.app
+ logInfo "Signing app bundle..."
+ xcrun codesign --sign "${key}" --verbose --deep --options runtime ./app/KeePassXC.app
+
+ # Sign main binary and libraries independently so we can keep using the convenient --deep
+ # option while avoiding adding entitlements recursively
+ logInfo "Signing main binary..."
+ xcrun codesign --sign "${key}" --verbose --force --options runtime --entitlements \
+ "${real_src_dir}/share/macosx/keepassxc.entitlements" ./app/KeePassXC.app/Contents/MacOS/KeePassXC
if [ 0 -ne $? ]; then
cd "${orig_dir}"
diff --git a/share/macosx/Info.plist.cmake b/share/macosx/Info.plist.cmake
index b38ca2844c..53e4897422 100644
--- a/share/macosx/Info.plist.cmake
+++ b/share/macosx/Info.plist.cmake
@@ -15,7 +15,7 @@
CFBundleIconFile
keepassxc.icns
CFBundleIdentifier
- org.keepassx.keepassxc
+ org.keepassxc.keepassxc
CFBundleInfoDictionaryVersion
6.0
CFBundleName
@@ -25,11 +25,11 @@
CFBundleShortVersionString
${KEEPASSXC_VERSION}
CFBundleSignature
- KEPX
+ KPXC
CFBundleVersion
${KEEPASSXC_VERSION_NUM}
NSHumanReadableCopyright
- Copyright 2016-2018 KeePassXC Development Team
+ Copyright 2016-2020 KeePassXC Development Team
CFBundleDocumentTypes
diff --git a/share/macosx/embedded.provisionprofile b/share/macosx/embedded.provisionprofile
new file mode 100644
index 0000000000..6fb14fd57e
Binary files /dev/null and b/share/macosx/embedded.provisionprofile differ
diff --git a/share/macosx/keepassxc.entitlements b/share/macosx/keepassxc.entitlements
index 2645a2031c..7126b7ac5b 100644
--- a/share/macosx/keepassxc.entitlements
+++ b/share/macosx/keepassxc.entitlements
@@ -1,33 +1,12 @@
-
- com.apple.application-identifier
- org.keepassx.keepassxc
- com.apple.developer.aps-environment
- production
-
- keychain-access-groups
-
- org.keepassx.keepassxc
-
-
-
- com.apple.security.app-sandbox
-
- com.apple.security.app-sandbox
-
-
-
+
+ com.apple.application-identifier
+ G2S7P7J672.org.keepassxc.keepassxc
+ keychain-access-groups
+
+ G2S7P7J672.org.keepassxc.keepassxc
+
+
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index af9b9bb586..1982a3c4c4 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -354,6 +354,7 @@ target_link_libraries(${PROGNAME} keepassx_core)
set_target_properties(${PROGNAME} PROPERTIES ENABLE_EXPORTS ON)
if(APPLE AND WITH_APP_BUNDLE)
+ install(FILES ${CMAKE_SOURCE_DIR}/share/macosx/embedded.provisionprofile DESTINATION ${BUNDLE_INSTALL_DIR})
configure_file(${CMAKE_SOURCE_DIR}/share/macosx/Info.plist.cmake ${CMAKE_CURRENT_BINARY_DIR}/Info.plist)
set_target_properties(${PROGNAME} PROPERTIES
MACOSX_BUNDLE ON