Preserve entitlements in the HostWriter and bundler for apphost and singlefilehost #116284
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jtschuster
added
the
NO-MERGE
3 tasks
…titlements in other tests
|
This is likely not worth the risk for servicing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We can preserve the entitlements for the apphost and singlefile host in 9.0 for the customers hitting issues. We also need to add entitlements in the first place for the singlefile host. It's not a particularly large change, so I think it might be worth it, but it is fairly late and will be fixed in lts 10.0.
Customer Impact:
We've hit a few customers internally and externally who have apps that fail in the latest versions of MacOS, particularly when the app is signed with the "hardened runtime" option on MacOS. The hardened runtime restricts the use of a JIT without explicit entitlements in the signature of the binary. The apphost has it when built, but it is removed in the process of rewriting the apphost and re-signing it. The singlefilehost currently does not have any entitlements when built. The workaround has been to sign the app again with the same entitlements, but it's not obvious that this would be necessary.
Testing
Tests added to the managed codesigner that check for entitlements after writing the host have been ported.
Risk:
Low. There is more complexity to the host writer, but not significantly so. There's no expected behavioral change for scenarios that already work.