From 9462dd3ddc55e3e48e47ca794c05e11cabb6226e Mon Sep 17 00:00:00 2001 From: Kenneth Chew Date: Sun, 17 Apr 2022 21:52:46 -0400 Subject: [PATCH] Improve security by enabling hardened runtime for macOS This change also fixes a bug on recent versions of macOS where Minecraft mods that requested access to the microphone would silently fail. --- .github/workflows/build.yml | 3 ++- cmake/MacOSXBundleInfo.plist.in | 4 ++++ program_info/App.entitlements | 12 ++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 program_info/App.entitlements diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c22baed39..d41e898fd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -115,7 +115,7 @@ jobs: - name: Configure CMake (Linux) if: runner.os == 'Linux' run: | - cmake -S . -B ${{ env.BUILD_DIR }} -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} -DENABLE_LTO=ON -DLauncher_BUILD_PLATFORM=Linux -G Ninja + cmake -S . -B ${{ env.BUILD_DIR }} -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} -DENABLE_LTO=ON -DLauncher_BUILD_PLATFORM=Linux -G Ninja ## # BUILD @@ -143,6 +143,7 @@ jobs: cd ${{ env.INSTALL_DIR }} chmod +x "PolyMC.app/Contents/MacOS/polymc" + sudo codesign --sign - --deep --force --entitlements "../program_info/App.entitlements" --options runtime "PolyMC.app/Contents/MacOS/polymc" tar -czf ../PolyMC.tar.gz * - name: Package (Windows) diff --git a/cmake/MacOSXBundleInfo.plist.in b/cmake/MacOSXBundleInfo.plist.in index 050123ee7..0e3a43c67 100644 --- a/cmake/MacOSXBundleInfo.plist.in +++ b/cmake/MacOSXBundleInfo.plist.in @@ -2,6 +2,10 @@ + NSCameraUsageDescription + A Minecraft mod wants to access your camera. + NSMicrophoneUsageDescription + A Minecraft mod wants to access your microphone. NSPrincipalClass NSApplication NSHighResolutionCapable diff --git a/program_info/App.entitlements b/program_info/App.entitlements new file mode 100644 index 000000000..1850b9900 --- /dev/null +++ b/program_info/App.entitlements @@ -0,0 +1,12 @@ + + + + + com.apple.security.cs.disable-library-validation + + com.apple.security.device.audio-input + + com.apple.security.device.camera + + +