From 975ee76e2b29e03929c5857570a62978e8f059b5 Mon Sep 17 00:00:00 2001 From: bruvzg <7645683+bruvzg@users.noreply.github.com> Date: Thu, 18 Jul 2024 23:40:49 +0300 Subject: [PATCH] [macOS] Fix codesigning of .NET helper executables when sandboxing is disabled. --- platform/macos/export/export_plugin.cpp | 17 +++++++++-------- platform/macos/export/export_plugin.h | 4 ++-- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/platform/macos/export/export_plugin.cpp b/platform/macos/export/export_plugin.cpp index 73e2f2d45b2..a934e991a19 100644 --- a/platform/macos/export/export_plugin.cpp +++ b/platform/macos/export/export_plugin.cpp @@ -1213,6 +1213,7 @@ Error EditorExportPlatformMacOS::_code_sign_directory(const Ref extensions_to_sign; + bool sandbox = p_preset->get("codesign/entitlements/app_sandbox/enabled"); if (extensions_to_sign.is_empty()) { extensions_to_sign.push_back("dylib"); extensions_to_sign.push_back("framework"); @@ -1239,7 +1240,7 @@ Error EditorExportPlatformMacOS::_code_sign_directory(const Ref &dir_access const String &p_in_app_path, bool p_sign_enabled, const Ref &p_preset, const String &p_ent_path, const String &p_helper_ent_path, - bool p_should_error_on_non_code_sign) { + bool p_should_error_on_non_code_sign, bool p_sandbox) { static Vector extensions_to_sign; if (extensions_to_sign.is_empty()) { @@ -1368,7 +1369,7 @@ Error EditorExportPlatformMacOS::_copy_and_sign_files(Ref &dir_access if (extensions_to_sign.has(p_in_app_path.get_extension())) { String ent_path = p_ent_path; bool set_bundle_id = false; - if (FileAccess::exists(p_in_app_path)) { + if (p_sandbox && FileAccess::exists(p_in_app_path)) { int ftype = MachO::get_filetype(p_in_app_path); if (ftype == 2 || ftype == 5) { ent_path = p_helper_ent_path; @@ -1389,13 +1390,13 @@ Error EditorExportPlatformMacOS::_copy_and_sign_files(Ref &dir_access Error EditorExportPlatformMacOS::_export_macos_plugins_for(Ref p_editor_export_plugin, const String &p_app_path_name, Ref &dir_access, bool p_sign_enabled, const Ref &p_preset, - const String &p_ent_path, const String &p_helper_ent_path) { + const String &p_ent_path, const String &p_helper_ent_path, bool p_sandbox) { Error error{ OK }; const Vector &macos_plugins{ p_editor_export_plugin->get_macos_plugin_files() }; for (int i = 0; i < macos_plugins.size(); ++i) { String src_path{ ProjectSettings::get_singleton()->globalize_path(macos_plugins[i]) }; String path_in_app{ p_app_path_name + "/Contents/PlugIns/" + src_path.get_file() }; - error = _copy_and_sign_files(dir_access, src_path, path_in_app, p_sign_enabled, p_preset, p_ent_path, p_helper_ent_path, false); + error = _copy_and_sign_files(dir_access, src_path, path_in_app, p_sign_enabled, p_preset, p_ent_path, p_helper_ent_path, false, p_sandbox); if (error != OK) { break; } @@ -2168,11 +2169,11 @@ Error EditorExportPlatformMacOS::export_project(const Ref &p String src_path = ProjectSettings::get_singleton()->globalize_path(shared_objects[i].path); if (shared_objects[i].target.is_empty()) { String path_in_app = tmp_app_path_name + "/Contents/Frameworks/" + src_path.get_file(); - err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, hlp_ent_path, true); + err = _copy_and_sign_files(da, src_path, path_in_app, sign_enabled, p_preset, ent_path, hlp_ent_path, true, sandbox); } else { String path_in_app = tmp_app_path_name.path_join(shared_objects[i].target); tmp_app_dir->make_dir_recursive(path_in_app); - err = _copy_and_sign_files(da, src_path, path_in_app.path_join(src_path.get_file()), sign_enabled, p_preset, ent_path, hlp_ent_path, false); + err = _copy_and_sign_files(da, src_path, path_in_app.path_join(src_path.get_file()), sign_enabled, p_preset, ent_path, hlp_ent_path, false, sandbox); } if (err != OK) { break; @@ -2181,7 +2182,7 @@ Error EditorExportPlatformMacOS::export_project(const Ref &p Vector> export_plugins{ EditorExport::get_singleton()->get_export_plugins() }; for (int i = 0; i < export_plugins.size(); ++i) { - err = _export_macos_plugins_for(export_plugins[i], tmp_app_path_name, da, sign_enabled, p_preset, ent_path, hlp_ent_path); + err = _export_macos_plugins_for(export_plugins[i], tmp_app_path_name, da, sign_enabled, p_preset, ent_path, hlp_ent_path, sandbox); if (err != OK) { break; } diff --git a/platform/macos/export/export_plugin.h b/platform/macos/export/export_plugin.h index 6134d756b91..1929fc8d5fb 100644 --- a/platform/macos/export/export_plugin.h +++ b/platform/macos/export/export_plugin.h @@ -94,10 +94,10 @@ class EditorExportPlatformMacOS : public EditorExportPlatform { Error _code_sign_directory(const Ref &p_preset, const String &p_path, const String &p_ent_path, const String &p_helper_ent_path, bool p_should_error_on_non_code = true); Error _copy_and_sign_files(Ref &dir_access, const String &p_src_path, const String &p_in_app_path, bool p_sign_enabled, const Ref &p_preset, const String &p_ent_path, const String &p_helper_ent_path, - bool p_should_error_on_non_code_sign); + bool p_should_error_on_non_code_sign, bool p_sandbox); Error _export_macos_plugins_for(Ref p_editor_export_plugin, const String &p_app_path_name, Ref &dir_access, bool p_sign_enabled, const Ref &p_preset, - const String &p_ent_path, const String &p_helper_ent_path); + const String &p_ent_path, const String &p_helper_ent_path, bool p_sandbox); Error _create_dmg(const String &p_dmg_path, const String &p_pkg_name, const String &p_app_path_name); Error _create_pkg(const Ref &p_preset, const String &p_pkg_path, const String &p_app_path_name); Error _export_debug_script(const Ref &p_preset, const String &p_app_name, const String &p_pkg_name, const String &p_path);