From ed5bea149f1ae7e8050cf2a2226c753db865a793 Mon Sep 17 00:00:00 2001 From: Josh McArthur Date: Fri, 12 Nov 2021 19:25:14 +1300 Subject: [PATCH] Specify hardened security entitlements for non-appstore release --- Droplet.xcodeproj/project.pbxproj | 17 ++++++++++++----- Droplet/DropletRelease.entitlements | 12 ++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 Droplet/DropletRelease.entitlements diff --git a/Droplet.xcodeproj/project.pbxproj b/Droplet.xcodeproj/project.pbxproj index 77cdd23..27eff66 100644 --- a/Droplet.xcodeproj/project.pbxproj +++ b/Droplet.xcodeproj/project.pbxproj @@ -55,6 +55,7 @@ 031EBBC3273A728300E01E12 /* MimeType.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MimeType.swift; sourceTree = ""; }; 031EBBCB273DA27A00E01E12 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; 031EBBCD273DA8DD00E01E12 /* SettingsView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SettingsView.swift; sourceTree = ""; }; + 03D5EA8C273DFECE00449CCF /* DropletRelease.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = DropletRelease.entitlements; sourceTree = ""; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ @@ -106,6 +107,7 @@ 030685492739D53E00D4509D /* Droplet */ = { isa = PBXGroup; children = ( + 03D5EA8C273DFECE00449CCF /* DropletRelease.entitlements */, 031EBBCB273DA27A00E01E12 /* Assets.xcassets */, 031EBBB8273A3CEB00E01E12 /* Info.plist */, 0306854A2739D53E00D4509D /* DropletApp.swift */, @@ -447,10 +449,12 @@ ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; ASSETCATALOG_COMPILER_INCLUDE_ALL_APPICON_ASSETS = NO; CODE_SIGN_ENTITLEMENTS = Droplet/Droplet.entitlements; + CODE_SIGN_IDENTITY = "-"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_ASSET_PATHS = "\"Droplet/Preview Content\""; + DEVELOPMENT_TEAM = T86Z8SF4GG; ENABLE_PREVIEWS = YES; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = Droplet/Info.plist; @@ -460,8 +464,8 @@ "$(inherited)", "@executable_path/../Frameworks", ); - MARKETING_VERSION = 1.0; - PRODUCT_BUNDLE_IDENTIFIER = com.joshmcarthur.droplet.Droplet; + MARKETING_VERSION = 1; + PRODUCT_BUNDLE_IDENTIFIER = com.joshmcarthur.droplet; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_VERSION = 5.0; @@ -474,11 +478,14 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; ASSETCATALOG_COMPILER_INCLUDE_ALL_APPICON_ASSETS = NO; - CODE_SIGN_ENTITLEMENTS = Droplet/Droplet.entitlements; + CODE_SIGN_ENTITLEMENTS = Droplet/DropletRelease.entitlements; + CODE_SIGN_IDENTITY = "Apple Development"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_ASSET_PATHS = "\"Droplet/Preview Content\""; + DEVELOPMENT_TEAM = T86Z8SF4GG; + ENABLE_HARDENED_RUNTIME = YES; ENABLE_PREVIEWS = YES; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = Droplet/Info.plist; @@ -488,8 +495,8 @@ "$(inherited)", "@executable_path/../Frameworks", ); - MARKETING_VERSION = 1.0; - PRODUCT_BUNDLE_IDENTIFIER = com.joshmcarthur.droplet.Droplet; + MARKETING_VERSION = 1; + PRODUCT_BUNDLE_IDENTIFIER = com.joshmcarthur.droplet; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_VERSION = 5.0; diff --git a/Droplet/DropletRelease.entitlements b/Droplet/DropletRelease.entitlements new file mode 100644 index 0000000..625af03 --- /dev/null +++ b/Droplet/DropletRelease.entitlements @@ -0,0 +1,12 @@ + + + + + com.apple.security.app-sandbox + + com.apple.security.files.user-selected.read-only + + com.apple.security.network.client + + +