diff options
| author | Tor Lillqvist <tml@iki.fi> | 2013-02-02 23:25:56 +0200 |
|---|---|---|
| committer | Tor Lillqvist <tml@iki.fi> | 2013-02-03 11:37:54 +0200 |
| commit | 4783eea7269010910879ed3584b229d9492a2ddc (patch) | |
| tree | f0fec979a9b1e256af32837a269eddec50503628 | |
| parent | 8517b6162e5531e733a0b2ffe8106873d8e0d082 (diff) | |
Experiment with sandboxing
Change-Id: If491917069ef7c474c27190c4759dd75f025f032
| -rw-r--r-- | Makefile.in | 14 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | lo.xcent.in | 15 |
3 files changed, 28 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in index c0425f8db6e8..6565ab8d47ab 100644 --- a/Makefile.in +++ b/Makefile.in @@ -324,7 +324,13 @@ install-strip: echo "Installation finished, you can now execute:" && \ echo "$(INSTALLDIR)/program/soffice" -dev-install: build +ifeq ($(ENABLE_MACOSX_SANDBOX),YES) +entitlements:=--entitlements $(SRC_ROOT)/lo.xcent +endif + +dev-install: build do-dev-install + +do-dev-install: @rm -rf $(DEVINSTALLDIR) @mkdir $(DEVINSTALLDIR) ifeq ($(OS_FOR_BUILD),WNT) @@ -363,6 +369,7 @@ ifneq ($(MACOSX_CODESIGNING_IDENTITY),) # Yeah, we don't bundle any other framework than our Python one, and # it has just one version, so this generic search is mostly for # completeness. +# for framework in `find $(DEVINSTALLDIR)/opt/LibreOffice.app -name '*.framework' -type d`; do \ for version in $$framework/Versions/*; do \ test -d $$version && codesign --force --verbose --prefix=$(MACOSX_BUNDLE_IDENTIFIER). --sign $(MACOSX_CODESIGNING_IDENTITY) $$version; \ @@ -374,7 +381,10 @@ ifneq ($(MACOSX_CODESIGNING_IDENTITY),) # The soffice binary will have been signed after linking but it needs # to be re-signed as it has been renamed, or modified, or something # after linking. - codesign --force --verbose --sign $(MACOSX_CODESIGNING_IDENTITY) $(DEVINSTALLDIR)/opt/LibreOffice.app +# +# At this stage we also attach the entitlements in the sandboxing case +# + codesign --force --verbose --sign $(MACOSX_CODESIGNING_IDENTITY) $(entitlements) $(DEVINSTALLDIR)/opt/LibreOffice.app # endif @install-gdb-printers -L diff --git a/configure.ac b/configure.ac index 2a72b40f574d..d5d68571d35f 100644 --- a/configure.ac +++ b/configure.ac @@ -12381,7 +12381,7 @@ else echo > config_host.mk.last fi -AC_CONFIG_FILES([config_host.mk Makefile solenv/inc/minor.mk instsetoo_native/util/openoffice.lst]) +AC_CONFIG_FILES([config_host.mk Makefile lo.xcent solenv/inc/minor.mk instsetoo_native/util/openoffice.lst]) AC_CONFIG_HEADERS([config_host/config_clang.h]) AC_CONFIG_HEADERS([config_host/config_global.h]) AC_CONFIG_HEADERS([config_host/config_graphite.h]) diff --git a/lo.xcent.in b/lo.xcent.in new file mode 100644 index 000000000000..5ed76f186d16 --- /dev/null +++ b/lo.xcent.in @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.application-identifier</key> + <string>@MACOSX_BUNDLE_IDENTIFIER@</string> + <key>com.apple.security.app-sandbox</key> + <true/> + <key>com.apple.security.files.user-selected.read-write</key> + <true/> + <!-- usb needed for the apple_remote thingie... --> + <key>com.apple.security.device.usb</key> + <true/> +</dict> +</plist> |