Sign binaries after lipo-ing them since lipo drops signature added by the...

Sign binaries after lipo-ing them since lipo drops signature added by the linker. Also, use JIT entitlement for signing executables.

Sign binaries after lipo-ing them since lipo drops signature added by the...
Sign binaries after lipo-ing them since lipo drops signature added by the linker. Also, use JIT entitlement for signing executables.
7d91396f · Tautvydas Žilys · 0b64e534 · 7d91396f · 7d91396f
隐藏空白更改
内联并排

Showing with 22 addition and 4 deletion

external/buildscripts/build_all_osx.pl external/buildscripts/build_all_osx.pl +13 -4

external/buildscripts/entitlements.plist external/buildscripts/entitlements.plist +9 -0

未找到文件。
--- a/external/buildscripts/build_all_osx.pl
+++ b/external/buildscripts/build_all_osx.pl
@@ -110,7 +110,7 @@ if ($artifact)

 	for my $file ('mono')
 	{
-		MergeIntoFatBinary("$distDirSourceBinX64/$file", "$distDirSourceBinARM64/$file", "$distDirDestinationBin/$file");
+		MergeIntoFatBinary("$distDirSourceBinX64/$file", "$distDirSourceBinARM64/$file", "$distDirDestinationBin/$file", 1);
 	}

 	for my $file ('pedump')
@@ -121,7 +121,7 @@ if ($artifact)

 	for my $file ('libMonoPosixHelper.dylib')
 	{
-		MergeIntoFatBinary("$embedDirSourceX64/$file", "$embedDirSourceARM64/$file", "$distDirDestinationLib/$file");
+		MergeIntoFatBinary("$embedDirSourceX64/$file", "$embedDirSourceARM64/$file", "$distDirDestinationLib/$file", 0);
 	}

 	if ($buildMachine)
@@ -169,8 +169,17 @@ sub CopyEmbedRuntimeBinaries

 sub MergeIntoFatBinary
 {
-	my ($binary1, $binary2, $binaryOutput) = @_;
+	my ($binary1, $binary2, $binaryOutput, $isExe) = @_;

 	print(">>> Merging '$binary1' and '$binary2' into '$binaryOutput'\n\n");
 	system('lipo', "$binary1", "$binary2", "-create", "-output", "$binaryOutput") eq 0 or die("Failed to run lipo!");
-}
\ No newline at end of file
+
+	if ($isExe)
+	{
+		system("codesign", "--entitlements", $buildscriptsdir . "/entitlements.plist", "-s", "-", "$binaryOutput") eq 0 or die("Failed to codesign $binaryOutput!");
+	}
+	else
+	{
+		system("codesign", "-s", "-", "$binaryOutput") eq 0 or die("Failed to codesign $binaryOutput!");
+	}
+}
--- a/external/buildscripts/entitlements.plist
+++ b/external/buildscripts/entitlements.plist
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+</dict>
+</plist>
+