Add macOS permissions for USB-Serial and DeckLink devices

Signed-off-by: Maxime Gervais <[email protected]>
MediaArea · Jun 17, 2024 · 08abe02 · 08abe02
1 parent 74bec6c
commit 08abe02
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/Project/Mac/Helpers.entitlements b/Project/Mac/Helpers.entitlements
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+</dict>
+</plist>
diff --git a/Project/Mac/mkdmg.sh b/Project/Mac/mkdmg.sh
@@ -85,13 +85,14 @@ if [ "$KIND" = "GUI" ]; then
         exit 1
     fi
     cp -R "../../Source/GUI/dvrescue/build/dvrescue/${APPNAME}.app" "${FILES}"
+    rm -fr "${FILES}/${APPNAME}.app/Contents/Frameworks/pkgconfig"
 
     # first pass, sign everything
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}" --verbose --force --deep --options=runtime --preserve-metadata=entitlements,identifier --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app"
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}.libs" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app/Contents/Libraries/"*
     # add entitlements
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" --entitlements "../../Source/GUI/dvrescue/dvrescue/dvrescue.entitlements" "${FILES}/${APPNAME}.app/Contents/MacOS/dvrescue"
-    codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}.helpers" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app/Contents/Helpers/"*
+    codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}.helpers" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" --entitlements "Helpers.entitlements" "${FILES}/${APPNAME}.app/Contents/Helpers/"*
     # second pass, resign
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}" --verbose --force --deep --options=runtime --preserve-metadata=entitlements,identifier --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app"
 fi

diff --git a/Source/GUI/dvrescue/dvrescue/dvrescue.entitlements b/Source/GUI/dvrescue/dvrescue/dvrescue.entitlements
@@ -12,5 +12,13 @@
 	<true/>
 	<key>com.apple.security.assets.movies.read-write</key>
 	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+	<key>com.apple.security.device.usb</key>
+	<true/>
+	<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
+	<string>com.blackmagic-design.desktopvideo.DeckLinkHardwareXPCService</string>
+	<key>com.apple.security.temporary-exception.shared-preference.read-only</key>
+	<string>com.blackmagic-design.desktopvideo.prefspanel</string>
 </dict>
 </plist>