chore(ci): adds allow-unsigned-executable-memory to MacOS entitlements (

#405)
apollographql · Mar 31, 2021 · b585f11 · b585f11
1 parent 61edff3
commit b585f11
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -141,7 +141,15 @@ jobs:
       - name: Codesign (MacOS)
         if: matrix.build == 'macos'
         run: |
-          /usr/bin/codesign --force --sign ${{ env.APPLE_TEAM_ID }} --options runtime --timestamp ./dist/${{ env.RELEASE_BIN }} -v
+          /usr/bin/codesign \
+          --sign ${{ env.APPLE_TEAM_ID }} \
+          --options runtime \
+          --entitlements ./macos-entitlements.plist \
+          --force \
+          --timestamp \
+          ./dist/${{ env.RELEASE_BIN }} \
+          -v
+          
           /usr/bin/codesign -vvv --deep --strict ./dist/${{ env.RELEASE_BIN }}
           
       - name: Prepare zip for notarization (MacOS)

diff --git a/macos-entitlements.plist b/macos-entitlements.plist
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.disable-executable-page-protection</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+</dict>
+</plist>