From 08abe022d4a7dcb76351b5305daa6bbec2e87dba Mon Sep 17 00:00:00 2001
From: Maxime Gervais <gervais.maxime@gmail.com>
Date: Sun, 9 Jun 2024 19:02:45 +0200
Subject: [PATCH] Add macOS permissions for USB-Serial and DeckLink devices

Signed-off-by: Maxime Gervais <gervais.maxime@gmail.com>
---
 Project/Mac/Helpers.entitlements                   | 8 ++++++++
 Project/Mac/mkdmg.sh                               | 3 ++-
 Source/GUI/dvrescue/dvrescue/dvrescue.entitlements | 8 ++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 Project/Mac/Helpers.entitlements

diff --git a/Project/Mac/Helpers.entitlements b/Project/Mac/Helpers.entitlements
new file mode 100644
index 00000000..123d12a5
--- /dev/null
+++ b/Project/Mac/Helpers.entitlements
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+</dict>
+</plist>
diff --git a/Project/Mac/mkdmg.sh b/Project/Mac/mkdmg.sh
index f5ce122d..d6f5ee10 100755
--- a/Project/Mac/mkdmg.sh
+++ b/Project/Mac/mkdmg.sh
@@ -85,13 +85,14 @@ if [ "$KIND" = "GUI" ]; then
         exit 1
     fi
     cp -R "../../Source/GUI/dvrescue/build/dvrescue/${APPNAME}.app" "${FILES}"
+    rm -fr "${FILES}/${APPNAME}.app/Contents/Frameworks/pkgconfig"
 
     # first pass, sign everything
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}" --verbose --force --deep --options=runtime --preserve-metadata=entitlements,identifier --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app"
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}.libs" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app/Contents/Libraries/"*
     # add entitlements
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" --entitlements "../../Source/GUI/dvrescue/dvrescue/dvrescue.entitlements" "${FILES}/${APPNAME}.app/Contents/MacOS/dvrescue"
-    codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}.helpers" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app/Contents/Helpers/"*
+    codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}.helpers" --verbose --force --options=runtime --sign="Developer ID Application: ${SIGNATURE}" --entitlements "Helpers.entitlements" "${FILES}/${APPNAME}.app/Contents/Helpers/"*
     # second pass, resign
     codesign --identifier "net.MediaArea.${APPNAME_lower}.mac-${KIND_lower}" --verbose --force --deep --options=runtime --preserve-metadata=entitlements,identifier --sign="Developer ID Application: ${SIGNATURE}" "${FILES}/${APPNAME}.app"
 fi
diff --git a/Source/GUI/dvrescue/dvrescue/dvrescue.entitlements b/Source/GUI/dvrescue/dvrescue/dvrescue.entitlements
index a583411b..12702ea9 100644
--- a/Source/GUI/dvrescue/dvrescue/dvrescue.entitlements
+++ b/Source/GUI/dvrescue/dvrescue/dvrescue.entitlements
@@ -12,5 +12,13 @@
 	<true/>
 	<key>com.apple.security.assets.movies.read-write</key>
 	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+	<key>com.apple.security.device.usb</key>
+	<true/>
+	<key>com.apple.security.temporary-exception.mach-lookup.global-name</key>
+	<string>com.blackmagic-design.desktopvideo.DeckLinkHardwareXPCService</string>
+	<key>com.apple.security.temporary-exception.shared-preference.read-only</key>
+	<string>com.blackmagic-design.desktopvideo.prefspanel</string>
 </dict>
 </plist>