[Bf-blender-cvs] [e66c3589a2a] master: Fix T66986: errors with add-ons using ctypes in macOS release

Brecht Van Lommel noreply at git.blender.org
Mon Jul 15 15:00:54 CEST 2019 

Commit: e66c3589a2a67d880f4d3dbfa7e3ba473c3751b8
Author: Brecht Van Lommel
Date:   Mon Jul 15 14:18:42 2019 +0200
Branches: master
https://developer.blender.org/rBe66c3589a2a67d880f4d3dbfa7e3ba473c3751b8

Fix T66986: errors with add-ons using ctypes in macOS release

Add extra entitlements to allow the kind of unsigned executable memory access
that cytpes does.

===================================================================

M	release/darwin/bundle.sh
A	release/darwin/entitlements.plist

===================================================================

diff --git a/release/darwin/bundle.sh b/release/darwin/bundle.sh
index 14c3ba81745..b0f489e6fc2 100755
--- a/release/darwin/bundle.sh
+++ b/release/darwin/bundle.sh
@@ -18,6 +18,7 @@ _tmp_dir="$(mktemp -d)"
 _tmp_dmg="/tmp/blender-tmp.dmg"
 _background_image="${_script_dir}/background.tif"
 _mount_dir="/Volumes/${_volume_name}"
+_entitlements="${_script_dir}/entitlements.plist"
 
 # Handle arguments.
 while [[ $# -gt 0 ]]; do
@@ -128,17 +129,17 @@ if [ ! -z "${C_CERT}" ]; then
     for f in $(find "${_mount_dir}/Blender.app/Contents/Resources" -name "python*"); do
         if [ -x ${f} ] && [ ! -d ${f} ]; then
             codesign --remove-signature "${f}"
-            codesign --timestamp --options runtime --sign "${C_CERT}" "${f}"
+            codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
         fi
     done
     echo ; echo -n "Codesigning .dylib and .so libraries"
     for f in $(find "${_mount_dir}/Blender.app" -name "*.dylib" -o -name "*.so"); do
         codesign --remove-signature "${f}"
-        codesign --timestamp --options runtime --sign "${C_CERT}" "${f}"
+        codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
     done
     echo ; echo -n "Codesigning Blender.app"
     codesign --remove-signature "${_mount_dir}/Blender.app"
-    codesign --timestamp --options runtime --sign "${C_CERT}" "${_mount_dir}/Blender.app"
+    codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${_mount_dir}/Blender.app"
     echo
 else
     echo "No codesigning cert given, skipping..."
diff --git a/release/darwin/entitlements.plist b/release/darwin/entitlements.plist
new file mode 100644
index 00000000000..a1c430a57ab
--- /dev/null
+++ b/release/darwin/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+</dict>
+</plist>

More information about the Bf-blender-cvs mailing list