From 72ea6740e1a9dff43bb85b03092831ada89986fa Mon Sep 17 00:00:00 2001 From: Bryan Phelps Date: Thu, 1 Aug 2019 11:04:15 -0700 Subject: [PATCH] Fix #510 - Part 3 - Enable 'hardened runtime' on OSX (#542) * Add hardened runtime * Create entitlements.plist file for node entitlements * Use entitlements file along with hardened runtime * Fix whitespace --- scripts/osx/publish.sh | 2 +- scripts/release.js | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/osx/publish.sh b/scripts/osx/publish.sh index a390482ac1..f72d4c11ca 100755 --- a/scripts/osx/publish.sh +++ b/scripts/osx/publish.sh @@ -23,7 +23,7 @@ else security find-identity -v echo "Starting codesign..." - codesign --deep --force --verbose --sign "Outrun Labs, LLC" _release/Onivim2.App + codesign --deep --force --verbose --sign "Outrun Labs, LLC" _release/Onivim2.App --options runtime --entitlements _release/entitlements.plist echo "Onivim2.App codesign complete!" # Validate diff --git a/scripts/release.js b/scripts/release.js index 7a8e8e3523..9dcde27a4e 100644 --- a/scripts/release.js +++ b/scripts/release.js @@ -95,7 +95,6 @@ if (process.platform == "linux") { fs.mkdirpSync(frameworksDirectory); fs.mkdirpSync(resourcesDirectory); - fs.writeFileSync(plistFile, require("plist").build(plistContents)); // Copy bins over @@ -114,6 +113,14 @@ if (process.platform == "linux") { shell(`dylibbundler -b -x "${path.join(binaryDirectory, "Oni2_editor")}" -d "${frameworksDirectory}" -p "@executable_path/../Frameworks/" -cd`); + const entitlementsPath = path.join(releaseDirectory, "entitlements.plist"); + const entitlementsContents = { + "com.apple.security.cs.allow-jit": true, + "com.apple.security.cs.allow-unsigned-executable-memory": true, + "com.apple.security.cs.disable-library-validation": true, + }; + fs.writeFileSync(entitlementsPath, require("plist").build(entitlementsContents)); + const dmgPath = path.join(releaseDirectory, "Onivim2.dmg"); const dmgJsonPath = path.join(releaseDirectory, "appdmg.json"); const basePath = releaseDirectory;