From 5ecdc93f8eab90fb95fc5012b331a0ea5fa470f3 Mon Sep 17 00:00:00 2001 From: David Chavez Date: Mon, 4 Nov 2024 15:52:15 +0100 Subject: [PATCH] Enable JIT entitlement --- .github/macos/entitlements.plist | 12 ++++++++++++ CMakeLists.txt | 15 ++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 .github/macos/entitlements.plist diff --git a/.github/macos/entitlements.plist b/.github/macos/entitlements.plist new file mode 100644 index 0000000..46f6756 --- /dev/null +++ b/.github/macos/entitlements.plist @@ -0,0 +1,12 @@ + + + + + com.apple.security.cs.allow-jit + + com.apple.security.cs.allow-unsigned-executable-memory + + com.apple.security.cs.disable-library-validation + + + diff --git a/CMakeLists.txt b/CMakeLists.txt index f21bdcc..bf0903e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -344,6 +344,14 @@ if (APPLE) # Copy required frameworks to bundle target_link_libraries(Zelda64Recompiled PRIVATE ${MOLTENVK_PATH} ${VULKAN_LOADER_PATH}) + # Define the path to the entitlements file + set(ENTITLEMENTS_FILE ${CMAKE_SOURCE_DIR}/.github/macos/entitlements.plist) + + # Ensure the entitlements file exists + if(NOT EXISTS ${ENTITLEMENTS_FILE}) + message(FATAL_ERROR "Entitlements file not found at ${ENTITLEMENTS_FILE}") + endif() + # Post-build steps for macOS bundle add_custom_command(TARGET Zelda64Recompiled POST_BUILD # Copy and fix frameworks first @@ -369,11 +377,8 @@ if (APPLE) COMMAND ${CMAKE_COMMAND} -E echo "Applying JIT compilation workaround" COMMAND /bin/bash -c "printf '\\x07' | dd of=$ bs=1 seek=160 count=1 conv=notrunc" - # Sign frameworks first - COMMAND /bin/bash -c "for f in $/Contents/Frameworks/*; do codesign --force --sign - \"$f\"; done" - - # Finally sign the whole bundle with runtime option - COMMAND codesign --deep --force --sign - --options runtime $ + # Finally sign the whole bundle with runtime option and entitlements + COMMAND codesign --deep --force --sign - --entitlements ${ENTITLEMENTS_FILE} $ COMMENT "Performing post-build steps for macOS bundle" VERBATIM