Files
build-emacs-for-macos/pkg/sign/entitlements.go
Jim Myhrberg 698756ac55 feat(sign): add sign command to sign Emacs.app bundles with codesign
The sign command signs Emacs.app application bundles with Apple's
codesign utility.

It does a few things outside of just executing codesign:

- Is aware of *.eln native-compilation files, which need to be
  explicitly searched for on disk and passed to codesign, as they are
  not detected when using the "--deep" option.
- Is aware of Contents/MacOS/bin/emacs CLI helper tool which we add into
  the application bundle, and specifically passed it to codesign as
  well.
- By default provides a set of entitlements which are relevant for Emacs
  when running codesign.
2021-06-22 00:08:36 +01:00

55 lines
1.0 KiB
Go

package sign
import (
"bytes"
_ "embed"
"io"
"os"
"text/template"
)
// DefaultEmacsEntitlements is the default set of entitlements application
// bundles are signed with if no entitlements are provided.
var DefaultEmacsEntitlements = []string{
"com.apple.security.cs.allow-jit",
"com.apple.security.network.client",
"com.apple.security.cs.disable-library-validation",
"com.apple.security.automation.apple-events",
}
//go:embed entitlements.tpl
var entitlementsTemplate string
type Entitlements []string
func (e Entitlements) XML() ([]byte, error) {
var buf bytes.Buffer
err := e.Write(&buf)
return buf.Bytes(), err
}
func (e Entitlements) Write(w io.Writer) error {
tpl, err := template.New("entitlements.plist").Parse(entitlementsTemplate)
if err != nil {
return err
}
return tpl.Execute(w, e)
}
func (e Entitlements) TempFile() (string, error) {
f, err := os.CreateTemp("", "*.entitlements.plist")
if err != nil {
return "", err
}
defer f.Close()
err = e.Write(f)
if err != nil {
return "", err
}
return f.Name(), nil
}