From 493e489c5117ee54a0811185003a6d800b6de377 Mon Sep 17 00:00:00 2001
From: Mikayla Maki <mikayla@zed.dev>
Date: Wed, 14 Jun 2023 17:34:48 -0700
Subject: [PATCH] Add entitlements file to bundle step

---
 crates/zed/resources/zed.entitlements | 28 +++++++++++++++++++++++++++
 script/bundle                         |  5 +++--
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 crates/zed/resources/zed.entitlements

diff --git a/crates/zed/resources/zed.entitlements b/crates/zed/resources/zed.entitlements
new file mode 100644
index 0000000000..07af3124cd
--- /dev/null
+++ b/crates/zed/resources/zed.entitlements
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.automation.apple-events</key>
+	<true/>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+	<key>com.apple.security.device.audio-input</key>
+	<true/>
+	<key>com.apple.security.device.camera</key>
+	<true/>
+	<key>com.apple.security.personal-information.addressbook</key>
+	<true/>
+	<key>com.apple.security.personal-information.calendars</key>
+	<true/>
+	<key>com.apple.security.personal-information.location</key>
+	<true/>
+	<key>com.apple.security.personal-information.photos-library</key>
+	<true/>
+	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
+	<true/>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+</dict>
+</plist>
diff --git a/script/bundle b/script/bundle
index 38bc26188d..d6e07e873d 100755
--- a/script/bundle
+++ b/script/bundle
@@ -81,12 +81,13 @@ if [[ -n $MACOS_CERTIFICATE && -n $MACOS_CERTIFICATE_PASSWORD && -n $APPLE_NOTAR
     security import /tmp/zed-certificate.p12 -k zed.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
     rm /tmp/zed-certificate.p12
     security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CERTIFICATE_PASSWORD" zed.keychain
-    /usr/bin/codesign --force --deep --timestamp --options runtime --sign "Zed Industries, Inc." "${app_path}" -v
+    /usr/bin/codesign --force --deep --timestamp --options runtime --entitlements crates/zed/resources/zed.entitlements --sign "Zed Industries, Inc." "${app_path}" -v
     security default-keychain -s login.keychain
 else
     echo "One or more of the following variables are missing: MACOS_CERTIFICATE, MACOS_CERTIFICATE_PASSWORD, APPLE_NOTARIZATION_USERNAME, APPLE_NOTARIZATION_PASSWORD"
     echo "Performing an ad-hoc signature, but this bundle should not be distributed"
-    codesign --force --deep --sign - "${app_path}" -v
+    cat crates/zed/resources/zed.entitlements
+    codesign --force --deep --entitlements crates/zed/resources/zed.entitlements --sign - "${app_path}" -v
 fi
 
 if [ "$target_dir" = "debug" ]; then