Changeset 88865 in vbox for trunk/src/VBox/Installer/darwin

Timestamp:

May 4, 2021 5:34:05 PM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

144199

Message:

Installer/darwin: When using a provisioning profile, add application ID and team ID to the respective entitlement plist.

File:

• trunk/src/VBox/Installer/darwin/Makefile.kmk (modified) (4 diffs)

trunk/src/VBox/Installer/darwin/Makefile.kmk

@@ -562 +562 @@
 endif
 
+VBOX_VIRTUALBOX_APP_ENTITLEMENTS := $(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist
+VBOX_VIRTUALBOXVM_APP_ENTITLEMENTS := $(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist
+
+##
+# Add application and team ID into entitlement file
+# $(evalcall def_vbox_entitlement_add_app_and_team_id)
+# @param    1   Source entitlement file.
+# @param    2   Target entitlement file.
+# @param    3   Application ID.
+# @param    4   Team ID.
+define def_vbox_entitlement_add_app_and_team_id =
+$(2): $(1) $$(VBOX_DARWIN_INST_DEP_ON_MAKEFILE) | $$$$(dir $$$$@)
+        $$(QUIET)$$(SED) \
+                -e '/^<dict>$$$$/a \    <key>com.apple.application-identifier</key>\n    <string>$(4).$(3)</string>\n    <key>com.apple.developer.team-identifier</key>\n    <string>$(4)</string>' \
+                --output $$@ $$<
+endef
+
+if defined(VBOX_WITH_MACOS_HARDENED_RUNTIME) && defined(VBOX_SIGNING_MODE) && defined(VBOX_PROVISIONPROFILE_TEAM_ID)
+ ifdef VBOX_VIRTUALBOX_APP_ID
+  VBOX_VIRTUALBOX_APP_ENTITLEMENTS := $(VBOX_PATH_PACK_TMP)/SUPR3HardenedEntitlements.plist
+$(evalcall2 def_vbox_entitlement_add_app_and_team_id, $(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist, $(VBOX_VIRTUALBOX_APP_ENTITLEMENTS), $(VBOX_VIRTUALBOX_APP_ID), $(VBOX_PROVISIONPROFILE_TEAM_ID))
+ endif
+
+ ifdef VBOX_VIRTUALBOXVM_APP_ID
+  VBOX_VIRTUALBOXVM_APP_ENTITLEMENTS := $(VBOX_PATH_PACK_TMP)/SUPR3HardenedEntitlementsVM.plist
+$(evalcall2 def_vbox_entitlement_add_app_and_team_id, $(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist, $(VBOX_VIRTUALBOXVM_APP_ENTITLEMENTS), $(VBOX_VIRTUALBOXVM_APP_ID), $(VBOX_PROVISIONPROFILE_TEAM_ID))
+ endif
+endif
 
 # (The dependencies are including way too much here because I'm lazy.)
@@ -613 +641 @@
                         ,) \
                 $(if-expr defined(VBOX_WITH_MACOS_HARDENED_RUNTIME) && defined(VBOX_SIGNING_MODE), \
-                        $(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist \
-                        $(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist,) \
+                        $(VBOX_VIRTUALBOX_APP_ENTITLEMENTS) $(VBOX_VIRTUALBOXVM_APP_ENTITLEMENTS),) \
                 $(VBOX_DARWIN_INST_DEP_ON_MAKEFILE)
         $(call MSG_TOOL,pkgbuild,,,$@)
@@ -789 +816 @@
 
         $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/Resources/VirtualBoxVM.app,,$(if-expr defined(VBOX_WITH_MACOS_HARDENED_RUNTIME)\
-                ,--entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist",))
+                ,--entitlements="$(VBOX_VIRTUALBOX_APP_ENTITLEMENTS)",))
  ifdef VBOX_WITH_QTGUI
         $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/Resources/vmstarter.app,,)
@@ -797 +824 @@
         $(foreach bin, $(filter-out MacOS/VirtualBoxVM MacOS/VBoxHeadless,$(VBOX_DI_VBAPP_PROGS_HARDENED)) \
                 , $(NLTAB)$(call VBOX_SIGN_MACHO_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/$(bin),org.virtualbox.app.macos.$(notdir $(bin)), \
-                                --entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlements.plist"))
+                                --entitlements="$(VBOX_VIRTUALBOX_APP_ENTITLEMENTS)"))
         $(foreach bin, $(filter MacOS/VirtualBoxVM MacOS/VBoxHeadless,$(VBOX_DI_VBAPP_PROGS_HARDENED)) \
                 , $(NLTAB)$(call VBOX_SIGN_MACHO_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/$(bin),org.virtualbox.app.macos.$(notdir $(bin)), \
-                                --entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist"))
+                                --entitlements="$(VBOX_VIRTUALBOXVM_APP_ENTITLEMENTS)"))
         $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP)/Contents/Resources/VirtualBoxVM.app,,\
-                --entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist",)
+                --entitlements="$(VBOX_VIRTUALBOXVM_APP_ENTITLEMENTS)",)
         $(call VBOX_SIGN_BUNDLE_FN,$(VBOX_PATH_VBOX_APP_TMP),,\
-                --entitlements="$(PATH_ROOT)/src/VBox/HostDrivers/Support/darwin/SUPR3HardenedEntitlementsVM.plist",)
+                --entitlements="$(VBOX_VIRTUALBOXVM_APP_ENTITLEMENTS)",)
         $(foreach bin, $(VBOX_DI_VBAPP_PROGS_HARDENED) \
                 , $(NLTAB)codesign -d -v -v -v --entitlements :- $(VBOX_PATH_VBOX_APP_TMP)/Contents/$(bin) )