Entitlement to sign the QtWebEngineProcess with an exception. #2445
Conversation
camilasan
changed the title
camilasan
force-pushed
the
fix-mac-catalina-login
branch
from
122cdad
to
53e5c6d
Compare
There was a problem hiding this comment.
Great catch! :-)
Sad we have to opt-out from some protection here but of course that's not surprising.
Dropping this link for documentation:
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-executable-page-protection
|
/rebase |
Fix for #1793: The problem seems to be related enabling hardened runtime. This exception allows the webview to load. Signed-off-by: Camila San <hello@camila.codes>
github-actions
bot
force-pushed
the
fix-mac-catalina-login
branch
from
53e5c6d
to
9c5a51b
Compare
|
AppImage file: Nextcloud-PR-2445-9c5a51bb07bb2a1a1730bab9144d5d6e674edad5-x86_64.AppImage |
|
/backport to stable-3.0 |
| @@ -16,3 +16,4 @@ configure_file(create_mac.sh.cmake ${CMAKE_CURRENT_BINARY_DIR}/create_mac.sh) | |||
| configure_file(macosx.pkgproj.cmake ${CMAKE_CURRENT_BINARY_DIR}/macosx.pkgproj) | |||
| configure_file(pre_install.sh.cmake ${CMAKE_CURRENT_BINARY_DIR}/pre_install.sh) | |||
| configure_file(post_install.sh.cmake ${CMAKE_CURRENT_BINARY_DIR}/post_install.sh) | |||
| configure_file(QtWebEngineProcess.entitlements ${CMAKE_CURRENT_BINARY_DIR}/QtWebEngineProcess.entitlements) | |||
There was a problem hiding this comment.
I think this line is unneeded, cmake is not doing any processing on that file.
There was a problem hiding this comment.
to be honest I was following what is been done for the other files and this path in the build folder is what is being used in our daily build script and brander to execute the sh files and now to sign the QtWebEngineProcess. Or should I have also called it QtWebEngineProcess.entitlements.cmake? I am not sure I know why that is done with the other files.
There was a problem hiding this comment.
OK, I guess our build script and sh files are a bit limited then. It'd be better if they'd knew about the source dir as well.
As for the other files, if you got something .cmake used with configure_file, it will generate a new file (usually dropping the .cmake extension) in which CMake variables are expanded (@VARIABLE_NAME@ syntax). In this case it's a bit surprising to process a file containing no such variable.
Now looking at the doc, I see there's COPYONLY option I didn't know about which would have been fitting here. For details: https://cmake.org/cmake/help/latest/command/configure_file.html
Oh well, in that particular case no harm done apart from processing the file while it wasn't needed.
Fix for #1793: The problem seems to be related enabling hardened runtime.
This exception allows the webview to load.