VirtualBox

Changeset 82959 in vbox


Ignore:
Timestamp:
Feb 3, 2020 2:28:20 PM (5 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
135965
Message:

/Config.kmk,installer/darwin,SUP: Configured entitlements when using VBOX_WITH_MACOS_HARDENED_RUNTIME (needs more work). bugref:9466.

Location:
trunk
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Config.kmk

    r82950 r82959  
    37263726  # @param 1  The file to sign.
    37273727  # @param 2  Identifier, optional.
     3728  # @param 3  Additional codesign command line parameters, optional.
    37283729  if $(intersects darwin all 1,$(VBOX_WITH_CORP_CODE_SIGNING))
    37293730   ## @todo cannot handle $(2), the identifier.
     3731   ## @todo must handle $(3) if entitlement.
    37303732   VBOX_SIGN_MACHO_FN = $(call MSG_TOOL,SIGNTOOL,,$(1),$(2))$(NLTAB)$(call VBOX_CCS_SIGN_CMD,binary,$(1))
    37313733  else
     
    37373739        $(if-expr defined(VBOX_TSA_URL),--timestamp="$(VBOX_TSA_URL)") \
    37383740        $(VBOX_CERTIFICATE_SUBJECT_NAME_ARGS) \
     3741        $(3) \
    37393742        $(1) \
    37403743        $(if $(2),--identifier "$(2)",)

  • trunk/src/VBox/Installer/darwin/Makefile.kmk

    r81159 r82959  
    360360#
    361361
     362VBOX_DI_VBAPP_PROGS_HARDENED = \
     363        MacOS/VirtualBoxVM \
     364        MacOS/VBoxNetDHCP \
     365        MacOS/VBoxNetNAT \
     366        MacOS/VBoxHeadless
     367
     368VBOX_DI_VBAPP_PROGS = \
     369        MacOS/VBoxManage \
     370        MacOS/VBoxSVC \
     371        MacOS/VBoxXPCOMIPCD \
     372        MacOS/VBoxNetAdpCtl \
     373        MacOS/VBoxExtPackHelperApp \
     374        MacOS/VBoxBugReport \
     375        MacOS/VBoxBalloonCtrl \
     376        MacOS/VBoxAutostart \
     377        $(if $(VBOX_WITH_WEBSERVICES),MacOS/vboxwebsrv) \
     378        MacOS/VirtualBox \
     379        $(if $(VBOX_WITH_DTRACE),MacOS/VBoxDTrace,)
     380
    362381VBOX_DI_VBAPP_DYLIBS = \
    363382        $(foreach qtmod, $(VBOX_QT_MOD_NAMES), Frameworks/$(qtmod).framework/Versions/$(VBOX_QT_VERSION_MAJOR)/$(qtmod)) \
     
    379398        MacOS/VBoxAuth.dylib \
    380399        MacOS/VBoxAuthSimple.dylib \
    381         $(if $(VBOX_WITH_GUEST_CONTROL),MacOS/VBoxGuestControlSvc.dylib,)
     400        $(if $(VBOX_WITH_GUEST_CONTROL),MacOS/VBoxGuestControlSvc.dylib,) \
     401        MacOS/UICommon.dylib
    382402ifneq ($(wildcard $(VBOX_PATH_DIST)/VirtualBox.app/Contents/MacOS/accessible/libqtaccessiblewidgets.dylib),)
    383403 VBOX_DI_VBAPP_DYLIBS += \
     
    394414endif
    395415ifdef VBOX_WITH_HARDENING
    396  VBOX_DI_VBAPP_DYLIBS += \
    397         MacOS/UICommon.dylib \
    398         MacOS/VirtualBoxVM.dylib \
    399         MacOS/VBoxNetDHCP.dylib \
    400         MacOS/VBoxNetNAT.dylib \
    401         MacOS/VBoxHeadless.dylib
     416 VBOX_DI_VBAPP_DYLIBS += $(addsuffix .dylib,$(VBOX_DI_VBAPP_PROGS_HARDENED))
    402417endif
    403418ifdef VBOX_WITH_HDDPARALLELS_INSTALL
     
    442457 $(error Conflict.$(NLTAB)VBOX_DI_VBAPP_DYLIBS.amd64=$(VBOX_DI_VBAPP_DYLIBS.amd64)$(NLTAB)VBOX_DI_VBAPP_DYLIBS.x86  =$(VBOX_DI_VBAPP_DYLIBS.x86)$(NLTAB)VBOX_DI_VBAPP_DYLIBS=$(VBOX_DI_VBAPP_DYLIBS))
    443458endif
    444 
    445 VBOX_DI_VBAPP_PROGS = \
    446         MacOS/VBoxManage \
    447         MacOS/VBoxSVC \
    448         MacOS/VBoxHeadless \
    449         MacOS/VBoxXPCOMIPCD \
    450         MacOS/VBoxNetAdpCtl \
    451         MacOS/VBoxNetDHCP \
    452         MacOS/VBoxNetNAT \
    453         MacOS/VBoxExtPackHelperApp \
    454         MacOS/VBoxBugReport \
    455         MacOS/VBoxBalloonCtrl \
    456         MacOS/VBoxAutostart \
    457         MacOS/VirtualBoxVM \
    458         $(if $(VBOX_WITH_WEBSERVICES),MacOS/vboxwebsrv) \
    459         MacOS/VirtualBox \
    460         $(if $(VBOX_WITH_DTRACE),MacOS/VBoxDTrace,)
    461459
    462460VBOX_DI_VBAPP_UNIVERSAL_PROGS = \
     
    541539                $(foreach f,$(VBOX_INSTALLER_ADD_LANGUAGES), \
    542540                        $(VBOX_BRAND_$(f)_VIRTUALBOX_DESCRIPTION_PLIST)) \
    543                 $(foreach f, $(VBOX_DI_VBAPP_DYLIBS) $(VBOX_DI_VBAPP_OTHER_UNIVERSAL_BINS) $(VBOX_DI_VBAPP_UNIVERSAL_PROGS) $(VBOX_DI_VBAPP_OTHER_BINS) $(VBOX_DI_VBAPP_PROGS) $(VBOX_DI_VBAPP_MISC_FILES)\
     541                $(foreach f, $(VBOX_DI_VBAPP_DYLIBS) $(VBOX_DI_VBAPP_OTHER_UNIVERSAL_BINS) $(VBOX_DI_VBAPP_UNIVERSAL_PROGS) \
     542                        $(VBOX_DI_VBAPP_OTHER_BINS) $(VBOX_DI_VBAPP_PROGS) $(VBOX_DI_VBAPP_PROGS_HARDENED) $(VBOX_DI_VBAPP_MISC_FILES) \
    544543                        ,$(call VBOX_DI_FN_DEP_BOTH,VirtualBox.app/Contents/$(f)) ) \
    545544                $(foreach f, $(VBOX_DI_VBAPP_DYLIBS.x86) $(VBOX_DI_VBAPP_MISC_FILES.x86)\
     
    584583                $(addprefix $(VBOX_PATH_DIST)/VirtualBox.app/Contents/MacOS/dtrace/scripts/,$(VBOXINST_DTRACE_SCRIPTS_FILES)) \
    585584                 ,) \
     585                $(if-expr defined(VBOX_WITH_MACOS_HARDENED_RUNTIME) && defined(VBOX_SIGNING_MODE), \
     586                        $(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist,) \
    586587                $(VBOX_DARWIN_INST_DEP_ON_MAKEFILE)
    587588        $(call MSG_TOOL,pkgbuild,,,$@)
     
    629630                        $(VBOX_DI_VBAPP_OTHER_BINS) \
    630631                        $(VBOX_DI_VBAPP_PROGS) \
     632                        $(VBOX_DI_VBAPP_PROGS_HARDENED) \
    631633                        $(VBOX_DI_VBAPP_MISC_FILES) \
    632634                        $(VBOX_DI_VBAPP_DYLIBS.$(KBUILD_TARGET_ARCH)) \
     
    677679                ,$(INSTALL) -m 0755 $(VBOX_PATH_DIST)/VirtualBox.app/Contents/$(otherbin)       $(VBOX_PATH_VBOX_APP_TMP)/Contents/$(otherbin)$(NLTAB))
    678680        @# Copy the binaries.
    679         $(foreach prog, $(VBOX_DI_VBAPP_PROGS) \
     681        $(foreach prog, $(VBOX_DI_VBAPP_PROGS) $(VBOX_DI_VBAPP_PROGS_HARDENED) \
    680682                ,$(INSTALL) -m 0755 $(VBOX_PATH_DIST)/VirtualBox.app/Contents/$(prog)           $(VBOX_PATH_VBOX_APP_TMP)/Contents/$(prog)$(NLTAB))
    681683#ifdef VBOX_WITH_HARDENING - disabled temporarily
     
    689691                $(VBOX_DI_VBAPP_DYLIBS.$(KBUILD_TARGET_ARCH)) \
    690692                $(VBOX_DI_VBAPP_PROGS) \
     693                $(VBOX_DI_VBAPP_PROGS_HARDENED) \
    691694                ,install_name_tool \
    692695                        $(foreach qtmod, $(VBOX_QT_MOD_NAMES), \
     
    735738        $(foreach other, $(VBOX_DI_VBAPP_OTHER_UNIVERSAL_BINS) $(VBOX_DI_VBAPP_OTHER_BINS)\
    736739                , $(NLTAB)$(call VBOX_SIGN_MACHO_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/$(other),org.virtualbox.app.macos.$(notdir $(other))) )
    737         $(foreach bin, $(filter-out MacOS/VirtualBox,$(VBOX_DI_VBAPP_PROGS)) \
     740        $(foreach bin, $(filter-out MacOS/VirtualBox,$(VBOX_DI_VBAPP_PROGS) $(if-expr !defined(VBOX_WITH_MACOS_HARDENED_RUNTIME),$(VBOX_DI_VBAPP_PROGS_HARDENED),)) \
    738741                , $(NLTAB)$(call VBOX_SIGN_MACHO_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/$(bin),org.virtualbox.app.macos.$(notdir $(bin))) )
    739742        $(foreach file, $(if-expr defined(VBOX_WITH_WEBSERVICES),MacOS/org.virtualbox.vboxwebsrv.plist,) \
     
    752755                , $(NLTAB)$(call VBOX_SIGN_FILE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/$(file),org.virtualbox.app.$(tolower $(subst $(SP),,$(subst /,.,$(file))))) )
    753756
    754         $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/Resources/VirtualBoxVM.app,,)
     757        $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/Resources/VirtualBoxVM.app,,$(if-expr defined(VBOX_WITH_MACOS_HARDENED_RUNTIME)\
     758                ,--entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist",))
    755759        $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/Resources/vmstarter.app,,)
    756760        $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP),,--deep)
     761 ifdef VBOX_WITH_MACOS_HARDENED_RUNTIME # HACK ALERT! --deep fries the entitlements, so redo w/o --deep now.
     762        $(foreach bin, $(VBOX_DI_VBAPP_PROGS_HARDENED) \
     763                , $(NLTAB)$(call VBOX_SIGN_MACHO_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/$(bin),org.virtualbox.app.macos.$(notdir $(bin)), \
     764                                --entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist"))
     765        $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/Resources/VirtualBoxVM.app,,\
     766                --entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist",)
     767        $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP),,)
     768        $(foreach bin, $(VBOX_DI_VBAPP_PROGS_HARDENED) \
     769                , $(NLTAB)codesign -d -v -v -v --entitlements :- $(VBOX_PATH_VBOX_APP_TMP)/Contents/$(bin) )
     770 endif
    757771endif
    758772        @# Set the correct owner and set the set-user-ID-on-execution bit on the relevant executables.
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette