tdf#158038 fix opening pdf files in appstore ver (sandbox issue w/ helper tool)
https://developer.apple.com/documentation/xcode/embedding-a-helper-tool-in-a-sandboxed-app "Adding other entitlements to the tool can cause problems. If the tool immediately crashes with a code signing error when your app runs the tool, check that the tool is signed with just these two entitlements: com.apple.security.app-sandbox and com.apple.security.inherit." This is indeed what happened.. Change-Id: Id03948c03b7d453aae4ca58719f582576e30a16f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158790 Tested-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
This commit is contained in:
Christian Lohmaier
parent
c96680125f
commit
a2f298adf5
2 changed files with 15 additions and 1 deletions
|
|
@ -24,10 +24,13 @@ done
|
|||
|
||||
APP_BUNDLE="$1"
|
||||
entitlements=
|
||||
entitlements_helper=
|
||||
application_identifier=
|
||||
if test -n "$ENABLE_MACOSX_SANDBOX"; then
|
||||
# In a sandboxed build executables need the entitlements
|
||||
entitlements="--entitlements $BUILDDIR/lo.xcent"
|
||||
# helper utilities must be signed with only the sandbox and inherit entitlements
|
||||
entitlements_helper="--entitlements $SRCDIR/sysui/desktop/macosx/sandbox_inherit.entitlements"
|
||||
application_identifier=`/usr/libexec/PlistBuddy -c "print com.apple.application-identifier" $BUILDDIR/lo.xcent`
|
||||
# remove the key from the entitlement - only use it when signing the whole bundle in the final step
|
||||
/usr/libexec/PlistBuddy -c "delete com.apple.application-identifier" $BUILDDIR/lo.xcent
|
||||
|
|
@ -39,6 +42,7 @@ if test -n "$ENABLE_MACOSX_SANDBOX"; then
|
|||
else
|
||||
# We then want to sign data files, too, hmm.
|
||||
entitlements="--entitlements $BUILDDIR/hardened_runtime.xcent"
|
||||
entitlements_helper=$entitlements
|
||||
other_files="\
|
||||
-or -name '*.fodt' -or -name 'schema.strings' -or -name 'schema.xml' \
|
||||
-or -name '*.jar' -or -name 'LICENSE' -or -name 'LICENSE.html' \
|
||||
|
|
@ -127,7 +131,7 @@ while read file; do
|
|||
;;
|
||||
*)
|
||||
id=`echo ${file#${APP_BUNDLE}/Contents/} | sed -e 's,/,.,g'`
|
||||
codesign --force --timestamp --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements "$file" || exit 1
|
||||
codesign --force --timestamp --options=runtime --identifier=$MACOSX_BUNDLE_IDENTIFIER.$id --sign "$MACOSX_CODESIGNING_IDENTITY" $entitlements_helper "$file" || exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
|
|
|||
10
sysui/desktop/macosx/sandbox_inherit.entitlements
Normal file
10
sysui/desktop/macosx/sandbox_inherit.entitlements
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.app-sandbox</key>
|
||||
<true/>
|
||||
<key>com.apple.security.inherit</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
||||
Loading…
Reference in a new issue