[Libreoffice-commits] core.git: configure.ac hardened_runtime.xcent hardened_runtime.xcent.in

Tor Lillqvist (via logerrit) logerrit at kemper.freedesktop.org
Wed Apr 29 19:45:55 UTC 2020 

 configure.ac              |    7 +++++++
 hardened_runtime.xcent.in |    1 +
 2 files changed, 8 insertions(+)

New commits:
commit 88453fd13a653963b394b8f865ff104b5545f137
Author:     Tor Lillqvist <tml at collabora.com>
AuthorDate: Wed Apr 29 15:23:02 2020 +0300
Commit:     Tor Lillqvist <tml at collabora.com>
CommitDate: Wed Apr 29 21:45:21 2020 +0200

    Enable debugging of a hardened process on macOS
    
    Add the com.apple.security.get-task-allow entitlement when not
    building for release.
    
    Change-Id: I1b05d8c48f0f2d587325d7dfc800bb4880a7fcaf
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93159
    Tested-by: Tor Lillqvist <tml at collabora.com>
    Reviewed-by: Tor Lillqvist <tml at collabora.com>

diff --git a/configure.ac b/configure.ac
index 630518875e9b..1c7dff3f5d0d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2334,11 +2334,17 @@ AC_MSG_CHECKING([whether build target is Release Build])
 if test "$enable_release_build" = "" -o "$enable_release_build" = "no"; then
     AC_MSG_RESULT([no])
     ENABLE_RELEASE_BUILD=
+    GET_TASK_ALLOW_ENTITLEMENT='
+        <!-- We want to be able to debug a hardened process when not building for release -->
+        <key>com.apple.security.get-task-allow</key>
+        <true/>'
 else
     AC_MSG_RESULT([yes])
     ENABLE_RELEASE_BUILD=TRUE
+    GET_TASK_ALLOW_ENTITLEMENT=''
 fi
 AC_SUBST(ENABLE_RELEASE_BUILD)
+AC_SUBST(GET_TASK_ALLOW_ENTITLEMENT)
 
 dnl ===================================================================
 dnl Test whether to sign Windows Build
@@ -13400,6 +13406,7 @@ AC_CONFIG_FILES([config_host.mk
                  bin/bffvalidator.sh
                  bin/odfvalidator.sh
                  bin/officeotron.sh
+                 hardened_runtime.xcent
                  instsetoo_native/util/openoffice.lst
                  sysui/desktop/macosx/Info.plist])
 AC_CONFIG_HEADERS([config_host/config_buildid.h])
diff --git a/hardened_runtime.xcent b/hardened_runtime.xcent.in
similarity index 94%
rename from hardened_runtime.xcent
rename to hardened_runtime.xcent.in
index 7443f3c3ae55..d270c93ec694 100644
--- a/hardened_runtime.xcent
+++ b/hardened_runtime.xcent.in
@@ -11,5 +11,6 @@
         <!-- allow use of third-party plugins/frameworks (aka Java) -->
         <key>com.apple.security.cs.disable-library-validation</key>
         <true/>
+        @GET_TASK_ALLOW_ENTITLEMENT@
     </dict>
 </plist>

More information about the Libreoffice-commits mailing list