Add app entitlements + codesign script

Because I managed to leave them untracked in the last commit.
2025-08-14 02:45:34 +02:00 · 2020-11-16 04:40:41 -05:00 · 2020-11-16 04:40:41 -05:00 · cad320b4e0
commit cad320b4e0
parent 267a6ff62e
2 changed files with 34 additions and 0 deletions
--- a/macos/codesign.sh
+++ b/macos/codesign.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+
+IDENTITY="$1"
+if [[ $IDENTITY == "" ]]; then
+    IDENTITY=-
+fi
+
+  codesign -vfs $IDENTITY --entitlements "${MESON_SOURCE_ROOT}/macos/entitlements.plist" --deep -o runtime "${MESON_INSTALL_PREFIX}"
--- a/macos/entitlements.plist
+++ b/macos/entitlements.plist
@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<plist version="1.0">
+    <dict>
+        <!--App sandbox entitlements: https://developer.apple.com/documentation/security/app_sandbox?language=objc -->
+        <!--Hardened runtime entitlements: https://developer.apple.com/documentation/security/hardened_runtime?language=objc-->
+        <key>com.apple.security.app-sandbox</key>
+        <true/>
+
+        <key>com.apple.security.network.client</key>
+        <false/>
+        <key>com.apple.security.network.server</key>
+        <false/>
+        <key>com.apple.security.files.user-selected.read-write</key>
+        <true/>
+        <key>com.apple.security.files.downloads.read-write</key>
+        <true/>
+        <key>com.apple.security.assets.pictures.read-write</key>
+        <true/>
+        <key>com.apple.security.cs.disable-library-validation</key>
+        <true/>
+        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+        <false/>
+        <key>com.apple.security.cs.allow-jit</key>
+        <false/>
+    </dict>
+</plist>