macOS: Integrate codesigning and enable hardened runtime #8909
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codex-
reviewed
Jul 5, 2020
trevor403
reviewed
Jan 20, 2021
| mmap(nullptr, size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE, -1, 0); | ||
| int flags = MAP_ANON | MAP_PRIVATE; | ||
| #ifdef __APPLE__ | ||
| flags |= MAP_JIT; |
There was a problem hiding this comment.
This has been available since Lion 10.7, I'm surprised that it is just being added now.
There was a problem hiding this comment.
The macOS version of Dolphin has been relatively unmaintained for a while, unfortunately.
|
Not sure if Dolphin still supports Sierra/High Sierra (10.12/10.13), but the README says it, so I figured I'd give a heads up: you may need to conditional the static inline int determine_macos_jit_flag()
{
static int jit_flag = -1;
if (jit_flag == -1)
{
struct utsname name;
uname(&name);
// Kernel version 18 = Mojave
jit_flag = (atoi(name.release) >= 18) ? MAP_JIT : 0;
}
return jit_flag;
}flags |= determine_macos_jit_flag(); |
|
@ryanmcgrath #9441 will probably supersede this PR, so I've forwarded your info there. Thanks for the heads up. |
|
Superseded by #9441! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR integrates codesigning into the build system. It also enables the hardened runtime and adds the appropriate entitlements to DolphinQt. These are prerequisites to notarization.
To build:
Codesigning is disabled by default. In addition, the optional setting
MACOS_CODE_SIGNING_IDENTITY_UPDATERcan be set if the updater needs a different identity.The entitlement
com.apple.security.automation.apple-eventsis activated because I noticedtccdwas raising an error about Dolphin attempting to use Apple Events. I couldn't spot any obvious usage of Apple Events in the codebase, so I'm not sure why it's complaining in the first place. Either way, I added the entitlement so functionality is not unintentionally broken.If this PR is merged, the next step would be to integrate notarization into the macOS buildbot if the project is willing to move forward with that. I can assist in any manner to get it up and running. I have already notarized some of my local Dolphin builds, and successfully tested them on macOS Catalina. Example binaries can be provided on request. (They have some personal information embedded in the app bundle, as I'm using my personal Apple Developer account, so I'd rather not have them be posted in a public forum.)