1
1
mirror of https://github.com/wez/wezterm.git synced 2024-12-23 21:32:13 +03:00

macos: Add com.apple.security.automation.apple-events entitlement

This is necessary for applications spawned via wezterm to be able to
generate apple events.

wezterm already had the text for the authorization prompt in its plist,
but because it was code signed with the default set of entitlements,
macOS didn't bother to prompt.

This commit introduces an explicit set of entitlements and uses those
when signing the executable.

I test this by manually codesigning on my laptop and confirmed that I
could run bbedit from inside wezterm.

I can't directly test the CI version of that flow on my laptop as it may
destroy my keychain if I got something wrong.

We'll have to see if the CI generated build works out!

refs: https://github.com/wez/wezterm/issues/2242

h/t to https://github.com/microsoft/vscode/issues/119787 for
clearly documenting what was needed.
This commit is contained in:
Wez Furlong 2022-07-15 19:33:30 -07:00
parent 2450fed071
commit 73993a60b4
2 changed files with 10 additions and 1 deletions

View File

@ -76,7 +76,8 @@ case $OSTYPE in
echo "Grant apple tools access to build.keychain"
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_PW" build.keychain
echo "Codesign"
/usr/bin/codesign --keychain build.keychain --force --options runtime --deep --sign "$MACOS_TEAM_ID" $zipdir/WezTerm.app/
/usr/bin/codesign --keychain build.keychain --force --options runtime \
--entitlements ci/macos-entitlement.plist --deep --sign "$MACOS_TEAM_ID" $zipdir/WezTerm.app/
echo "Restore default keychain"
security default-keychain -d user -s $def_keychain
echo "Remove build.keychain"

View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.automation.apple-events</key>
<true/>
</dict>
</plist>