Fix macOS 10.15.4 codesigning crash.

The recent macOS security patch renders our codesigning "fix" of setting the sandbox entitlement to false twice unusable. This patch adds a full provisioning profile and adjusts the signing procedure to not include entitlements for Qt frameworks. The patch also changes the app and bundle ID, so granted accessibility privileges have to be granted again after installing the update. Fixes #4398 Fixes #4515
2025-04-03 20:47:37 +03:00 · 2020-03-25 00:24:27 +01:00 · 2020-03-25 00:24:27 +01:00 · e9754efbbe
commit e9754efbbe
parent f8c962bd25
6 changed files with 27 additions and 41 deletions
--- a/share/macosx/Info.plist.cmake
+++ b/share/macosx/Info.plist.cmake
@ -15,7 +15,7 @@
  <key>CFBundleIconFile</key>
  <string>keepassxc.icns</string>
  <key>CFBundleIdentifier</key>
-  <string>org.keepassx.keepassxc</string>
+  <string>org.keepassxc.keepassxc</string>
  <key>CFBundleInfoDictionaryVersion</key>
  <string>6.0</string>
  <key>CFBundleName</key>
@ -25,11 +25,11 @@
  <key>CFBundleShortVersionString</key>
  <string>${KEEPASSXC_VERSION}</string>
  <key>CFBundleSignature</key>
-  <string>KEPX</string>
+  <string>KPXC</string>
  <key>CFBundleVersion</key>
  <string>${KEEPASSXC_VERSION_NUM}</string>
  <key>NSHumanReadableCopyright</key>
-    <string>Copyright 2016-2018 KeePassXC Development Team</string>
+    <string>Copyright 2016-2020 KeePassXC Development Team</string>
    <key>CFBundleDocumentTypes</key>
    <array>
      <dict>
--- a/share/macosx/embedded.provisionprofile
+++ b/share/macosx/embedded.provisionprofile
--- a/share/macosx/keepassxc.entitlements
+++ b/share/macosx/keepassxc.entitlements
@ -1,33 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
-	<dict>
-		<key>com.apple.application-identifier</key>
-			<string>org.keepassx.keepassxc</string>
-		<key>com.apple.developer.aps-environment</key>
-			<string>production</string>
-
-		<key>keychain-access-groups</key>
-			<array>
-				<string>org.keepassx.keepassxc</string>
-			</array>
-
-		<!-- Sandbox entitlements stub for future reference.
-		     For whatever reason, we have to set this twice.
-		     Otherwise a signed application crashes on startup -->
-		<key>com.apple.security.app-sandbox</key>
-			<false/>
-		<key>com.apple.security.app-sandbox</key>
-			<false/>
-		<!--key>com.apple.security.network.client</key>
-			<true/>
-		<key>com.apple.security.files.user-selected.read-write</key>
-			<true/>
-		<key>com.apple.security.device.usb</key>
-			<true/>
-		<key>com.apple.security.print</key>
-			<true/>
-		<key>com.apple.security.files.user-selected.read-only</key>
-			<false/-->
-	</dict>
+<dict>
+	<key>com.apple.application-identifier</key>
+	<string>G2S7P7J672.org.keepassxc.keepassxc</string>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>G2S7P7J672.org.keepassxc.keepassxc</string>
+	</array>
+</dict>
 </plist>