From 776a275fc3e645d8176f7500af367c26bf578780 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Mon, 17 Jun 2024 15:02:43 +0100
Subject: [PATCH 1/7] Remove stale macos entitlement
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
build/entitlements.mac.plist | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist
index 3fdab97494..40db3d9e0b 100644
--- a/build/entitlements.mac.plist
+++ b/build/entitlements.mac.plist
@@ -12,8 +12,7 @@
com.apple.security.cs.allow-jit
- com.apple.security.cs.allow-unsigned-executable-memory
-
+
com.apple.security.cs.disable-library-validation
From 70ef8e1d362455a2de42d768bf6561a06734d8d0 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Mon, 17 Jun 2024 15:02:52 +0100
Subject: [PATCH 2/7] Enable app sandbox entitlement
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
---
build/entitlements.mac.plist | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist
index 40db3d9e0b..9b66d24bd1 100644
--- a/build/entitlements.mac.plist
+++ b/build/entitlements.mac.plist
@@ -2,13 +2,6 @@
-
com.apple.security.cs.allow-jit
@@ -17,8 +10,19 @@
com.apple.security.cs.disable-library-validation
-
+
+ com.apple.security.app-sandbox
+
+
+
+ com.apple.security.network.client
+
+
+
+ com.apple.security.files.user-selected.read-write
+
+
+
+ com.apple.security.cs.allow-jit
+
+
+
+ com.apple.security.cs.disable-library-validation
+
+
+
+ com.apple.security.app-sandbox
+
+ com.apple.security.inherit
+
+
+
+ com.apple.security.network.client
+
+
+
+ com.apple.security.files.user-selected.read-write
+
+
+
- com.apple.security.app-sandbox
-
-
com.apple.security.network.client
diff --git a/electron-builder.ts b/electron-builder.ts
index bfd6361188..e996979c1f 100644
--- a/electron-builder.ts
+++ b/electron-builder.ts
@@ -182,11 +182,13 @@ if (process.env.ED_SIGNTOOL_SUBJECT_NAME && process.env.ED_SIGNTOOL_THUMBPRINT)
/**
* Allow specifying ElectronTeamID via env vars
* @param {string} process.env.APPLE_TEAM_ID
+ * Workaround for https://github.com/electron-userland/electron-builder/issues/7995
*/
if (process.env.APPLE_TEAM_ID) {
config.mac.extendInfo = {
ElectronTeamID: process.env.APPLE_TEAM_ID,
};
+ config.mac.entitlements = "./build/entitlements-sandbox.mac.plist";
}
/**