From 6721bf40316acf895ee75480a0b4b4640bde7cdc Mon Sep 17 00:00:00 2001 From: ridiculousfish Date: Sat, 29 Feb 2020 15:28:28 -0800 Subject: [PATCH] Add the get-task-allow entitlement This allows Mac fish to be debugged. --- CMakeLists.txt | 11 ++++++++++- build_tools/make_pkg.sh | 2 +- osx/fish_debug.entitlements | 9 +++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 osx/fish_debug.entitlements diff --git a/CMakeLists.txt b/CMakeLists.txt index 50eaa1765..fadf3d1ce 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -168,12 +168,21 @@ INCLUDE(cmake/PCRE2.cmake) # Code signing ID on Mac. A default '-' is ad-hoc codesign. SET(MAC_CODESIGN_ID "-" CACHE STRING "Mac code-signing identity") +# Whether to inject the "get-task-allow" entitlement, which permits debugging +# on the Mac. +SET(MAC_INJECT_GET_TASK_ALLOW ON CACHE BOOL "Inject get-task-allow on Mac") + FUNCTION(CODESIGN_ON_MAC target) IF(APPLE) + IF(MAC_INJECT_GET_TASK_ALLOW) + SET(ENTITLEMENTS "--entitlements" "${CMAKE_SOURCE_DIR}/osx/fish_debug.entitlements") + ELSE() + SET(ENTITLEMENTS "") + ENDIF(MAC_INJECT_GET_TASK_ALLOW) ADD_CUSTOM_COMMAND( TARGET ${target} POST_BUILD - COMMAND codesign --force --deep --options runtime --sign "${MAC_CODESIGN_ID}" $ + COMMAND codesign --force --deep --options runtime ${ENTITLEMENTS} --sign "${MAC_CODESIGN_ID}" $ VERBATIM ) ENDIF() diff --git a/build_tools/make_pkg.sh b/build_tools/make_pkg.sh index edd17747a..4b07ad8a7 100755 --- a/build_tools/make_pkg.sh +++ b/build_tools/make_pkg.sh @@ -28,7 +28,7 @@ SRC_DIR=$PWD OUTPUT_PATH=${FISH_ARTEFACT_PATH:-~/fish_built} mkdir -p "$PKGDIR/build" "$PKGDIR/root" "$PKGDIR/intermediates" "$PKGDIR/dst" -{ cd "$PKGDIR/build" && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DMAC_CODESIGN_ID="${MAC_CODESIGN_ID}" "$SRC_DIR" && make -j 12 && env DESTDIR="$PKGDIR/root/" make install; } +{ cd "$PKGDIR/build" && cmake -DMAC_INJECT_GET_TASK_ALLOW=OFF -DCMAKE_BUILD_TYPE=RelWithDebInfo -DMAC_CODESIGN_ID="${MAC_CODESIGN_ID}" "$SRC_DIR" && make -j 12 && env DESTDIR="$PKGDIR/root/" make install; } pkgbuild --scripts "$SRC_DIR/build_tools/osx_package_scripts" --root "$PKGDIR/root/" --identifier 'com.ridiculousfish.fish-shell-pkg' --version "$VERSION" "$PKGDIR/intermediates/fish.pkg" productbuild --package-path "$PKGDIR/intermediates" --distribution "$SRC_DIR/build_tools/osx_distribution.xml" --resources "$SRC_DIR/build_tools/osx_package_resources/" "$OUTPUT_PATH/fish-$VERSION.pkg" productsign --sign "${MAC_PRODUCTSIGN_ID}" "$OUTPUT_PATH/fish-$VERSION.pkg" "$OUTPUT_PATH/fish-$VERSION-signed.pkg" && mv "$OUTPUT_PATH/fish-$VERSION-signed.pkg" "$OUTPUT_PATH/fish-$VERSION.pkg" diff --git a/osx/fish_debug.entitlements b/osx/fish_debug.entitlements new file mode 100644 index 000000000..cc5eb7b01 --- /dev/null +++ b/osx/fish_debug.entitlements @@ -0,0 +1,9 @@ + + + + + com.apple.security.get-task-allow + + + +