Enable the sandbox

2025-04-28 18:02:38 +02:00 · 2021-06-30 12:03:09 -07:00 · 2021-06-30 12:03:09 -07:00 · 720810da5d
commit 720810da5d
parent 2dd509f980
2 changed files with 46 additions and 21 deletions
--- a/install/macos/build_app.py
+++ b/install/macos/build_app.py
@ -65,10 +65,12 @@ def main():
    shutil.rmtree(os.path.join(dist_path, "dangerzone"))

    os.symlink(
-        "dangerzone", os.path.join(app_path, "Contents/MacOS/dangerzone-container"),
+        "dangerzone",
+        os.path.join(app_path, "Contents/MacOS/dangerzone-container"),
    )
    os.symlink(
-        "dangerzone", os.path.join(app_path, "Contents/MacOS/dangerzone-cli"),
+        "dangerzone",
+        os.path.join(app_path, "Contents/MacOS/dangerzone-cli"),
    )

    print(f"○ Finished build app: {app_path}")
@ -91,24 +93,37 @@ def main():

        # Detect if create-dmg is installed
        if not os.path.exists("/usr/local/bin/create-dmg"):
-            print("Error: create-dmg is not installed")
+            print("create-dmg is not installed, skipping creating a DMG")
            return

        print("○ Creating DMG")
-        run([
-            "create-dmg",
-            "--volname", "Dangerzone",
-            "--volicon", icon_path,
-            "--window-size", "400", "200",
-            "--icon-size", "100",
-            "--icon", "Dangerzone.app", "100", "70",
-            "--hide-extension", "Dangerzone.app",
-            "--app-drop-link", "300", "70",
-            dmg_path,
-            app_path,
-            "--identity",
-            identity_name_application
-        ])
+        run(
+            [
+                "create-dmg",
+                "--volname",
+                "Dangerzone",
+                "--volicon",
+                icon_path,
+                "--window-size",
+                "400",
+                "200",
+                "--icon-size",
+                "100",
+                "--icon",
+                "Dangerzone.app",
+                "100",
+                "70",
+                "--hide-extension",
+                "Dangerzone.app",
+                "--app-drop-link",
+                "300",
+                "70",
+                dmg_path,
+                app_path,
+                "--identity",
+                identity_name_application,
+            ]
+        )

        print(f"○ Finished building DMG: {dmg_path}")

--- a/install/macos/entitlements.plist
+++ b/install/macos/entitlements.plist
@ -2,11 +2,21 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
    <dict>
-        <!-- Required for binaries built with PyInstaller -->
-        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+        <key>com.apple.security.app-sandbox</key>
        <true/>
-
-        <key>com.apple.vm.networking</key>
+        <key>com.apple.security.inherit</key>
+        <true/>
+        <key>com.apple.security.files.user-selected.read-write</key>
+        <true/>
+        <key>com.apple.security.network.client</key>
+        <true/>
+        <key>com.apple.security.network.server</key>
+        <true/>
+        <key>com.apple.security.hypervisor</key>
+        <true/>
+        <!-- <key>com.apple.vm.networking</key>
+        <true/> -->
+        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true/>
    </dict>
 </plist>