Skip to content

Commit 7c97ea7

Browse files
michalrusmichalrus
committed
[DDW-1198] Go back to force-signing, but add 2 new entitlements
1 parent 6306814 commit 7c97ea7

File tree

1 file changed

+19
-20
lines changed

1 file changed

+19
-20
lines changed

installers/common/MacInstaller.hs

Lines changed: 19 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -121,11 +121,6 @@ XML_PATH="$4"
121121
ABS_PATH="$(pwd)/$REL_PATH"
122122
TS="$(date +%Y-%m-%d_%H-%M-%S)"
123123
function sign_cmd() {
124-
for targetFile in "$@" ; do
125-
codesign --verbose=4 --deep --strict --timestamp --options=runtime --entitlements $XML_PATH --sign "$SIGN_ID" "$targetFile" 2>&1 | tee -a /tmp/codesign-output-${TS}.txt
126-
done
127-
}
128-
function sign_cmd_force() {
129124
for targetFile in "$@" ; do
130125
codesign --force --verbose=4 --deep --strict --timestamp --options=runtime --entitlements $XML_PATH --sign "$SIGN_ID" "$targetFile" 2>&1 | tee -a /tmp/codesign-output-${TS}.txt
131126
done
@@ -155,21 +150,21 @@ sign_cmd "$ABS_PATH/Contents/Frameworks/Electron Framework.framework/Versions/A/
155150
sign_cmd "$ABS_PATH/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libvk_swiftshader.dylib"
156151

157152
# Sign native electron bindings and supplementary binaries
158-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/build/usb_bindings.node"
159-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/build/HID.node"
160-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/build/detection.node"
161-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/prebuilds/darwin-x64/node.napi.node"
162-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/prebuilds/darwin-arm64/node.napi.node"
163-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/bin/darwin-x64-"*"/blake-hash.node"
164-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/bin/darwin-arm64-"*"/blake-hash.node"
165-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/build/Release/addon.node"
166-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/tiny-secp256k1/build/Release/secp256k1.node"
167-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/tiny-secp256k1/bin/darwin-x64-"*"/tiny-secp256k1.node"
168-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/tiny-secp256k1/bin/darwin-arm64-"*"/tiny-secp256k1.node"
169-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/usb-detection/build/Release/detection.node"
170-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/usb-detection/bin/darwin-arm64-"*"/usb-detection.node"
171-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/node-hid/bin/darwin-x64-"*"/node-hid.node"
172-
sign_cmd_force "$ABS_PATH/Contents/Resources/app/node_modules/node-hid/build/Release/HID.node"
153+
sign_cmd "$ABS_PATH/Contents/Resources/app/build/usb_bindings.node"
154+
sign_cmd "$ABS_PATH/Contents/Resources/app/build/HID.node"
155+
sign_cmd "$ABS_PATH/Contents/Resources/app/build/detection.node"
156+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/prebuilds/darwin-x64/node.napi.node"
157+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/prebuilds/darwin-arm64/node.napi.node"
158+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/bin/darwin-x64-"*"/blake-hash.node"
159+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/bin/darwin-arm64-"*"/blake-hash.node"
160+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/blake-hash/build/Release/addon.node"
161+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/tiny-secp256k1/build/Release/secp256k1.node"
162+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/tiny-secp256k1/bin/darwin-x64-"*"/tiny-secp256k1.node"
163+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/tiny-secp256k1/bin/darwin-arm64-"*"/tiny-secp256k1.node"
164+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/usb-detection/build/Release/detection.node"
165+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/usb-detection/bin/darwin-arm64-"*"/usb-detection.node"
166+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/node-hid/bin/darwin-x64-"*"/node-hid.node"
167+
sign_cmd "$ABS_PATH/Contents/Resources/app/node_modules/node-hid/build/Release/HID.node"
173168

174169
# Sign the whole component deeply
175170
sign_cmd "$ABS_PATH"
@@ -190,6 +185,10 @@ codeSignEntitlements = [r|<?xml version="1.0" encoding="UTF-8"?>
190185
<true/>
191186
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
192187
<true/>
188+
<key>com.apple.security.cs.disable-library-validation</key>
189+
<true/>
190+
<key>com.apple.security.cs.allow-jit</key>
191+
<true/>
193192
</dict>
194193
</plist>|]
195194

0 commit comments

Comments
 (0)