diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68ad212607..6b36648abd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -141,7 +141,15 @@ jobs: - name: Codesign (MacOS) if: matrix.build == 'macos' run: | - /usr/bin/codesign --force --sign ${{ env.APPLE_TEAM_ID }} --options runtime --timestamp ./dist/${{ env.RELEASE_BIN }} -v + /usr/bin/codesign \ + --sign ${{ env.APPLE_TEAM_ID }} \ + --options runtime \ + --entitlements ./macos-entitlements.plist \ + --force \ + --timestamp \ + ./dist/${{ env.RELEASE_BIN }} \ + -v + /usr/bin/codesign -vvv --deep --strict ./dist/${{ env.RELEASE_BIN }} - name: Prepare zip for notarization (MacOS) diff --git a/macos-entitlements.plist b/macos-entitlements.plist new file mode 100644 index 0000000000..7b677ae2d9 --- /dev/null +++ b/macos-entitlements.plist @@ -0,0 +1,8 @@ + + + + + com.apple.security.cs.allow-unsigned-executable-memory + + +