Remove use of entitlements field for santad

google · Sep 27, 2021 · b2b6cdc · b2b6cdc
1 parent 81049db
commit b2b6cdc
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/Source/santad/BUILD b/Source/santad/BUILD
@@ -93,7 +93,6 @@ macos_bundle(
     infoplists = ["Info.plist"],
     linkopts = ["-execute"],
     minimum_os_version = "10.9",
-    entitlements = "com.google.santa.daemon.systemextension.entitlements",
     codesignopts = [
         "--timestamp",
         "--force",

diff --git a/Source/santad/com.google.santa.daemon.systemextension.entitlements b/Source/santad/com.google.santa.daemon.systemextension.entitlements
@@ -2,6 +2,10 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+    <key>com.apple.application-identifier</key>
+	<string>$(TeamIdentifierPrefix)com.google.santa.daemon</string>
+	<key>com.apple.developer.team-identifier</key>
+	<string>EQHXZ8M8AV</string>
 	<key>com.apple.developer.endpoint-security.client</key>
 	<true/>
 </dict>

diff --git a/Testing/build_and_sign.sh b/Testing/build_and_sign.sh
@@ -3,20 +3,25 @@ set -e
 GIT_ROOT=$(git rev-parse --show-toplevel)
 
 SANTAD_PATH=Santa.app/Contents/Library/SystemExtensions/com.google.santa.daemon.systemextension/Contents/MacOS/com.google.santa.daemon
+SANTAD_ENTITLEMENTS="$GIT_ROOT/Source/santad/com.google.santa.daemon.systemextension.entitlements"
 SANTA_BIN_PATH=Santa.app/Contents/MacOS
 SIGNING_IDENTITY="localhost"
 
+
 function main() {
     sudo bazel build --ios_signing_cert_name=$SIGNING_IDENTITY --apple_generate_dsym -c opt --define=SANTA_BUILD_TYPE=ci --define=apple.propagate_embedded_extra_outputs=yes --macos_cpus=x86_64,arm64 //:release
 
     echo "> Build complete, installing santa"
     TMP_DIR=$(mktemp -d)
     tar xvf $GIT_ROOT/bazel-bin/santa-*.tar.gz -C $TMP_DIR
+    CS_ARGS="--prefix=EQHXZ8M8AV -fs $SIGNING_IDENTITY --timestamp --options library,kill,runtime"
 
-    for bin in $TMP_DIR/binaries/$SANTA_BIN_PATH/* $TMP_DIR/binaries/$SANTAD_PATH; do
-        sudo codesign --prefix=EQHXZ8M8AV --preserve-metadata=entitlements -fs $SIGNING_IDENTITY --timestamp --options library,kill,runtime $bin
+    for bin in $TMP_DIR/binaries/$SANTA_BIN_PATH/*; do
+        sudo codesign --preserve-metadata=entitlements ${CS_ARGS} $bin
     done
 
+    sudo codesign ${CS_ARGS} --entitlements $SANTAD_ENTITLEMENTS $TMP_DIR/binaries/$SANTAD_PATH
+
     echo "> Running install.sh"
     (
         cd $TMP_DIR