diff options
| author | Kenneth Chew <kenneth.c0@protonmail.com> | 2022-04-17 21:52:46 -0400 |
|---|---|---|
| committer | Kenneth Chew <kenneth.c0@protonmail.com> | 2022-04-19 11:36:03 -0400 |
| commit | 9462dd3ddc55e3e48e47ca794c05e11cabb6226e (patch) | |
| tree | 7c3a9833da5f3ef7c01f320e41179029a372581b | |
| parent | f13c776099ff58951cbe0d26bfb230f82044a229 (diff) | |
| download | PrismLauncher-9462dd3ddc55e3e48e47ca794c05e11cabb6226e.tar.gz PrismLauncher-9462dd3ddc55e3e48e47ca794c05e11cabb6226e.tar.bz2 PrismLauncher-9462dd3ddc55e3e48e47ca794c05e11cabb6226e.zip | |
Improve security by enabling hardened runtime for macOS
This change also fixes a bug on recent versions of macOS where Minecraft mods that requested access to the microphone would silently fail.
| -rw-r--r-- | .github/workflows/build.yml | 3 | ||||
| -rw-r--r-- | cmake/MacOSXBundleInfo.plist.in | 4 | ||||
| -rw-r--r-- | program_info/App.entitlements | 12 |
3 files changed, 18 insertions, 1 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c22baed3..d41e898f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -115,7 +115,7 @@ jobs: - name: Configure CMake (Linux) if: runner.os == 'Linux' run: | - cmake -S . -B ${{ env.BUILD_DIR }} -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} -DENABLE_LTO=ON -DLauncher_BUILD_PLATFORM=Linux -G Ninja + cmake -S . -B ${{ env.BUILD_DIR }} -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} -DENABLE_LTO=ON -DLauncher_BUILD_PLATFORM=Linux -G Ninja ## # BUILD @@ -143,6 +143,7 @@ jobs: cd ${{ env.INSTALL_DIR }} chmod +x "PolyMC.app/Contents/MacOS/polymc" + sudo codesign --sign - --deep --force --entitlements "../program_info/App.entitlements" --options runtime "PolyMC.app/Contents/MacOS/polymc" tar -czf ../PolyMC.tar.gz * - name: Package (Windows) diff --git a/cmake/MacOSXBundleInfo.plist.in b/cmake/MacOSXBundleInfo.plist.in index 050123ee..0e3a43c6 100644 --- a/cmake/MacOSXBundleInfo.plist.in +++ b/cmake/MacOSXBundleInfo.plist.in @@ -2,6 +2,10 @@ <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> + <key>NSCameraUsageDescription</key> + <string>A Minecraft mod wants to access your camera.</string> + <key>NSMicrophoneUsageDescription</key> + <string>A Minecraft mod wants to access your microphone.</string> <key>NSPrincipalClass</key> <string>NSApplication</string> <key>NSHighResolutionCapable</key> diff --git a/program_info/App.entitlements b/program_info/App.entitlements new file mode 100644 index 00000000..1850b990 --- /dev/null +++ b/program_info/App.entitlements @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.cs.disable-library-validation</key> + <true/> + <key>com.apple.security.device.audio-input</key> + <true/> + <key>com.apple.security.device.camera</key> + <true/> +</dict> +</plist> |