Split entitlements files into child and parent, and try using them both

This commit is contained in:
Micah Lee 2018-11-25 15:52:36 -08:00
parent dac480f212
commit 0794d7fb90
No known key found for this signature in database
GPG Key ID: 403C2657CD994F73
3 changed files with 16 additions and 3 deletions

View File

@ -23,9 +23,12 @@ if [ "$1" = "--release" ]; then
PKG_PATH="$ROOT/dist/OnionShare.pkg" PKG_PATH="$ROOT/dist/OnionShare.pkg"
IDENTITY_NAME_APPLICATION="Developer ID Application: Micah Lee" IDENTITY_NAME_APPLICATION="Developer ID Application: Micah Lee"
IDENTITY_NAME_INSTALLER="Developer ID Installer: Micah Lee" IDENTITY_NAME_INSTALLER="Developer ID Installer: Micah Lee"
ENTITLEMENTS_CHILD_PATH="$ROOT/install/macos_sandbox/child.plist"
ENTITLEMENTS_PARENT_PATH="$ROOT/install/macos_sandbox/parent.plist"
echo "Codesigning the app bundle" echo "Codesigning the app bundle"
codesign --deep -s "$IDENTITY_NAME_APPLICATION" "$APP_PATH" --entitlements "$ROOT/install/OnionShare.entitlements" codesign --deep -s "$IDENTITY_NAME_APPLICATION" -f --entitlements "$ENTITLEMENTS_CHILD_PATH" "$APP_PATH"
codesign -s "$IDENTITY_NAME_APPLICATION" -f --entitlements "$ENTITLEMENTS_PARENT_PATH" "$APP_PATH"
echo "Creating an installer" echo "Creating an installer"
productbuild --sign "$IDENTITY_NAME_INSTALLER" --component "$APP_PATH" /Applications "$PKG_PATH" productbuild --sign "$IDENTITY_NAME_INSTALLER" --component "$APP_PATH" /Applications "$PKG_PATH"

View File

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>

View File

@ -4,10 +4,10 @@
<dict> <dict>
<key>com.apple.security.app-sandbox</key> <key>com.apple.security.app-sandbox</key>
<true/> <true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.network.client</key> <key>com.apple.security.network.client</key>
<true/> <true/>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key> <key>com.apple.security.temporary-exception.files.home-relative-path.read-write</key>
<array> <array>
<string>/OnionShare</string> <string>/OnionShare</string>