Skip to content

C
core
Kaydet (Commit) 4783eea7 authored tarafından Tor Lillqvist's avatar Tor Lillqvist
Dosyalara gözat
Seçenekler

Experiment with sandboxing 

Change-Id: If491917069ef7c474c27190c4759dd75f025f032
üst 8517b616
Hide whitespace changes
Inline Side-by-side
Showing with 28 additions and 3 deletions
Makefile.in
Dosyayı görüntüle @ 4783eea7
...@@ -324,7 +324,13 @@ install-strip: ...@@ -324,7 +324,13 @@ install-strip:
echo "Installation finished, you can now execute:" && \ echo "Installation finished, you can now execute:" && \
echo "$(INSTALLDIR)/program/soffice" echo "$(INSTALLDIR)/program/soffice"
dev-install: build ifeq ($(ENABLE_MACOSX_SANDBOX),YES)
entitlements:=--entitlements $(SRC_ROOT)/lo.xcent
endif
dev-install: build do-dev-install
do-dev-install:
@rm -rf $(DEVINSTALLDIR) @rm -rf $(DEVINSTALLDIR)
@mkdir $(DEVINSTALLDIR) @mkdir $(DEVINSTALLDIR)
ifeq ($(OS_FOR_BUILD),WNT) ifeq ($(OS_FOR_BUILD),WNT)
...@@ -363,6 +369,7 @@ ifneq ($(MACOSX_CODESIGNING_IDENTITY),) ...@@ -363,6 +369,7 @@ ifneq ($(MACOSX_CODESIGNING_IDENTITY),)
# Yeah, we don't bundle any other framework than our Python one, and # Yeah, we don't bundle any other framework than our Python one, and
# it has just one version, so this generic search is mostly for # it has just one version, so this generic search is mostly for
# completeness. # completeness.
#
for framework in `find $(DEVINSTALLDIR)/opt/LibreOffice.app -name '*.framework' -type d`; do \ for framework in `find $(DEVINSTALLDIR)/opt/LibreOffice.app -name '*.framework' -type d`; do \
for version in $$framework/Versions/*; do \ for version in $$framework/Versions/*; do \
test -d $$version && codesign --force --verbose --prefix=$(MACOSX_BUNDLE_IDENTIFIER). --sign $(MACOSX_CODESIGNING_IDENTITY) $$version; \ test -d $$version && codesign --force --verbose --prefix=$(MACOSX_BUNDLE_IDENTIFIER). --sign $(MACOSX_CODESIGNING_IDENTITY) $$version; \
...@@ -374,7 +381,10 @@ ifneq ($(MACOSX_CODESIGNING_IDENTITY),) ...@@ -374,7 +381,10 @@ ifneq ($(MACOSX_CODESIGNING_IDENTITY),)
# The soffice binary will have been signed after linking but it needs # The soffice binary will have been signed after linking but it needs
# to be re-signed as it has been renamed, or modified, or something # to be re-signed as it has been renamed, or modified, or something
# after linking. # after linking.
codesign --force --verbose --sign $(MACOSX_CODESIGNING_IDENTITY) $(DEVINSTALLDIR)/opt/LibreOffice.app #
# At this stage we also attach the entitlements in the sandboxing case
#
codesign --force --verbose --sign $(MACOSX_CODESIGNING_IDENTITY) $(entitlements) $(DEVINSTALLDIR)/opt/LibreOffice.app
# #
endif endif
@install-gdb-printers -L @install-gdb-printers -L
......
configure.ac
Dosyayı görüntüle @ 4783eea7
...@@ -12381,7 +12381,7 @@ else ...@@ -12381,7 +12381,7 @@ else
echo > config_host.mk.last echo > config_host.mk.last
fi fi
AC_CONFIG_FILES([config_host.mk Makefile solenv/inc/minor.mk instsetoo_native/util/openoffice.lst]) AC_CONFIG_FILES([config_host.mk Makefile lo.xcent solenv/inc/minor.mk instsetoo_native/util/openoffice.lst])
AC_CONFIG_HEADERS([config_host/config_clang.h]) AC_CONFIG_HEADERS([config_host/config_clang.h])
AC_CONFIG_HEADERS([config_host/config_global.h]) AC_CONFIG_HEADERS([config_host/config_global.h])
AC_CONFIG_HEADERS([config_host/config_graphite.h]) AC_CONFIG_HEADERS([config_host/config_graphite.h])
......
lo.xcent.in 0 → 100644
Dosyayı görüntüle @ 4783eea7
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string>@MACOSX_BUNDLE_IDENTIFIER@</string>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.files.user-selected.read-write</key>
<true/>
<!-- usb needed for the apple_remote thingie... -->
<key>com.apple.security.device.usb</key>
<true/>
</dict>
</plist>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment