Compare commits

...

2 Commits

Author SHA1 Message Date
876388f686 fix(signing): remove entitlements which I believe caused the app to not launch 2021-11-28 13:43:34 +00:00
1be824cc49 feat(signing); add a number of additional entitlements
The list of additional entitlements have been picked mostly on a
best-guess basis of what's reasonable.
2021-11-27 23:55:30 +00:00
2 changed files with 31 additions and 16 deletions

View File

@@ -11,11 +11,14 @@ import (
// DefaultEmacsEntitlements is the default set of entitlements application // DefaultEmacsEntitlements is the default set of entitlements application
// bundles are signed with if no entitlements are provided. // bundles are signed with if no entitlements are provided.
var DefaultEmacsEntitlements = []string{ var DefaultEmacsEntitlements = []string{
"com.apple.security.cs.allow-jit", "com.apple.developer.mail-client",
"com.apple.security.network.client", "com.apple.developer.web-browser",
"com.apple.security.cs.disable-library-validation",
"com.apple.security.cs.allow-dyld-environment-variables",
"com.apple.security.automation.apple-events", "com.apple.security.automation.apple-events",
"com.apple.security.cs.allow-dyld-environment-variables",
"com.apple.security.cs.allow-jit",
"com.apple.security.cs.disable-library-validation",
"com.apple.security.network.client",
"com.apple.security.network.server",
} }
//go:embed entitlements.tpl //go:embed entitlements.tpl

View File

@@ -47,11 +47,14 @@ var entitlementsTestCases = []struct {
{ {
name: "many", name: "many",
entitlements: Entitlements{ entitlements: Entitlements{
"com.apple.security.cs.allow-jit", "com.apple.developer.mail-client",
"com.apple.security.network.client", "com.apple.developer.web-browser",
"com.apple.security.cs.disable-library-validation",
"com.apple.security.cs.allow-dyld-environment-variables",
"com.apple.security.automation.apple-events", "com.apple.security.automation.apple-events",
"com.apple.security.cs.allow-dyld-environment-variables",
"com.apple.security.cs.allow-jit",
"com.apple.security.cs.disable-library-validation",
"com.apple.security.network.client",
"com.apple.security.network.server",
}, },
//nolint:lll //nolint:lll
want: undent.String(` want: undent.String(`
@@ -59,15 +62,21 @@ var entitlementsTestCases = []struct {
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"> <plist version="1.0">
<dict> <dict>
<key>com.apple.security.cs.allow-jit</key> <key>com.apple.developer.mail-client</key>
<true/> <true/>
<key>com.apple.security.network.client</key> <key>com.apple.developer.web-browser</key>
<true/> <true/>
<key>com.apple.security.cs.disable-library-validation</key> <key>com.apple.security.automation.apple-events</key>
<true/> <true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key> <key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/> <true/>
<key>com.apple.security.automation.apple-events</key> <key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/> <true/>
</dict> </dict>
</plist>`, </plist>`,
@@ -78,11 +87,14 @@ var entitlementsTestCases = []struct {
func TestDefaultEmacsEntitlements(t *testing.T) { func TestDefaultEmacsEntitlements(t *testing.T) {
assert.Equal(t, assert.Equal(t,
[]string{ []string{
"com.apple.security.cs.allow-jit", "com.apple.developer.mail-client",
"com.apple.security.network.client", "com.apple.developer.web-browser",
"com.apple.security.cs.disable-library-validation",
"com.apple.security.cs.allow-dyld-environment-variables",
"com.apple.security.automation.apple-events", "com.apple.security.automation.apple-events",
"com.apple.security.cs.allow-dyld-environment-variables",
"com.apple.security.cs.allow-jit",
"com.apple.security.cs.disable-library-validation",
"com.apple.security.network.client",
"com.apple.security.network.server",
}, },
DefaultEmacsEntitlements, DefaultEmacsEntitlements,
) )