diff --git a/Configurations/ConfigCommon.xcconfig b/Configurations/ConfigCommon.xcconfig index 77e93c7c88..82bb4b5c56 100644 --- a/Configurations/ConfigCommon.xcconfig +++ b/Configurations/ConfigCommon.xcconfig @@ -76,7 +76,27 @@ XPC_SERVICE_BUNDLE_ID_PREFIX = org.sparkle-project INSTALLER_CONNECTION_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.InstallerConnection INSTALLER_STATUS_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.InstallerStatus INSTALLER_LAUNCHER_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.InstallerLauncher -DOWNLOADER_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.Downloader +DOWNLOADER_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.DownloaderService + +// Initialize sandboxed entitlements variables to use no entitlements +// Don't modify these. See commented out section below instead. +DOWNLOADER_SANDBOXED_ENTITLEMENTS = +INSTALLER_CONNECTION_ENTITLEMENTS = +INSTALLER_STATUS_ENTITLEMENTS = + +// The Downloader XPC Service is not sandboxed by default. +// Uncomment this line to enable Sandboxing for this service. +// If this is done, you *must* set a custom XPC_SERVICE_BUNDLE_ID_PREFIX for your app above. +// Otherwise sandboxed apps that use the same sandboxed Downloader Service may conflict with each other. + +//DOWNLOADER_SANDBOXED_ENTITLEMENTS = Downloader/Downloader.entitlements + +// Similar to the Downloader XPC Service, uncomment these lines if you want to sandbox the Connection/Status services +// If this is done, you *must* set a custom XPC_SERVICE_BUNDLE_ID_PREFIX for your app above. + +//INSTALLER_CONNECTION_ENTITLEMENTS = InstallerConnection/InstallerConnection.entitlements +//INSTALLER_STATUS_ENTITLEMENTS = InstallerStatus/InstallerStatus.entitlements + // If your app file on disk is named "MyApp 1.1b4", Sparkle usually updates it // in place, giving you an app named 1.1b4 that is actually 1.2. Turn the diff --git a/Configurations/ConfigDownloader.xcconfig b/Configurations/ConfigDownloader.xcconfig index 38adefdfde..2154e79423 100644 --- a/Configurations/ConfigDownloader.xcconfig +++ b/Configurations/ConfigDownloader.xcconfig @@ -4,6 +4,6 @@ INFOPLIST_FILE = Downloader/Info.plist WRAPPER_EXTENSION = xpc PRODUCT_BUNDLE_IDENTIFIER = ${DOWNLOADER_BUNDLE_ID} PRODUCT_NAME = ${DOWNLOADER_NAME} -CODE_SIGN_ENTITLEMENTS = Downloader/org.sparkle-project.Downloader.entitlements +CODE_SIGN_ENTITLEMENTS = $(DOWNLOADER_SANDBOXED_ENTITLEMENTS) GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) BUILDING_SPARKLE_SOURCES_EXTERNALLY=1 CLANG_MODULES_AUTOLINK = NO diff --git a/Configurations/ConfigInstallerConnection.xcconfig b/Configurations/ConfigInstallerConnection.xcconfig index 424985edf2..3f1c952999 100644 --- a/Configurations/ConfigInstallerConnection.xcconfig +++ b/Configurations/ConfigInstallerConnection.xcconfig @@ -4,5 +4,6 @@ INFOPLIST_FILE = InstallerConnection/Info.plist WRAPPER_EXTENSION = xpc PRODUCT_BUNDLE_IDENTIFIER = ${INSTALLER_CONNECTION_BUNDLE_ID} PRODUCT_NAME = ${INSTALLER_CONNECTION_NAME} +CODE_SIGN_ENTITLEMENTS = $(INSTALLER_CONNECTION_ENTITLEMENTS) GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) BUILDING_SPARKLE_SOURCES_EXTERNALLY=1 CLANG_MODULES_AUTOLINK = NO diff --git a/Configurations/ConfigInstallerStatus.xcconfig b/Configurations/ConfigInstallerStatus.xcconfig index 24657cea27..94be938dad 100644 --- a/Configurations/ConfigInstallerStatus.xcconfig +++ b/Configurations/ConfigInstallerStatus.xcconfig @@ -4,5 +4,6 @@ INFOPLIST_FILE = InstallerStatus/Info.plist WRAPPER_EXTENSION = xpc PRODUCT_BUNDLE_IDENTIFIER = ${INSTALLER_STATUS_BUNDLE_ID} PRODUCT_NAME = ${INSTALLER_STATUS_NAME} +CODE_SIGN_ENTITLEMENTS = $(INSTALLER_STATUS_ENTITLEMENTS) GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) BUILDING_SPARKLE=0 BUILDING_SPARKLE_SOURCES_EXTERNALLY=1 CLANG_MODULES_AUTOLINK = NO diff --git a/Configurations/make-release-package.sh b/Configurations/make-release-package.sh index 278c522d5c..05542d1301 100755 --- a/Configurations/make-release-package.sh +++ b/Configurations/make-release-package.sh @@ -45,14 +45,6 @@ if [ "$ACTION" = "" ] ; then cp -R "$CONFIGURATION_BUILD_DIR/sparkle.app" "$CONFIGURATION_BUILD_DIR/staging" cp -R "$CONFIGURATION_BUILD_DIR/Sparkle.framework" "$CONFIGURATION_BUILD_DIR/staging" cp -R "$CONFIGURATION_BUILD_DIR/Sparkle.xcframework" "$CONFIGURATION_BUILD_DIR/staging-spm" - - if [[ "$SPARKLE_EMBED_DOWNLOADER_XPC_SERVICE" -eq 1 ]]; then - mkdir -p "$CONFIGURATION_BUILD_DIR/staging/Entitlements" - mkdir -p "$CONFIGURATION_BUILD_DIR/staging-spm/Entitlements" - - cp -R "$PROJECT_DIR/Downloader/org.sparkle-project.Downloader.entitlements" "$CONFIGURATION_BUILD_DIR/staging/Entitlements/$DOWNLOADER_NAME.entitlements" - cp -R "$PROJECT_DIR/Downloader/org.sparkle-project.Downloader.entitlements" "$CONFIGURATION_BUILD_DIR/staging-spm/Entitlements/$DOWNLOADER_NAME.entitlements" - fi mkdir -p "$CONFIGURATION_BUILD_DIR/staging/Symbols" diff --git a/Downloader/org.sparkle-project.Downloader.entitlements b/Downloader/Downloader.entitlements similarity index 100% rename from Downloader/org.sparkle-project.Downloader.entitlements rename to Downloader/Downloader.entitlements diff --git a/InstallerConnection/org.sparkle-project.InstallerConnection.entitlements b/InstallerConnection/InstallerConnection.entitlements similarity index 100% rename from InstallerConnection/org.sparkle-project.InstallerConnection.entitlements rename to InstallerConnection/InstallerConnection.entitlements diff --git a/InstallerStatus/org.sparkle-project.InstallerStatus.entitlements b/InstallerStatus/InstallerStatus.entitlements similarity index 100% rename from InstallerStatus/org.sparkle-project.InstallerStatus.entitlements rename to InstallerStatus/InstallerStatus.entitlements diff --git a/Sparkle.podspec b/Sparkle.podspec index ec65f7df0b..095f667ace 100644 --- a/Sparkle.podspec +++ b/Sparkle.podspec @@ -22,7 +22,7 @@ Pod::Spec.new do |s| s.source = { :http => "https://github.com/sparkle-project/Sparkle/releases/download/#{s.version}/Sparkle-#{s.version}.tar.xz" } s.source_files = 'Sparkle.framework/Versions/B/Headers/*.h' - s.preserve_paths = ['bin/*', 'Entitlements', 'Symbols'] + s.preserve_paths = ['bin/*', 'Symbols'] s.public_header_files = 'Sparkle.framework/Versions/B/Headers/*.h' s.vendored_frameworks = 'Sparkle.framework' s.xcconfig = { diff --git a/Sparkle.xcodeproj/project.pbxproj b/Sparkle.xcodeproj/project.pbxproj index 26cc06228a..7e1267e32b 100644 --- a/Sparkle.xcodeproj/project.pbxproj +++ b/Sparkle.xcodeproj/project.pbxproj @@ -1055,8 +1055,8 @@ 7214B8851D45AD9A00CB5CED /* SPUInstallationType.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SPUInstallationType.h; sourceTree = ""; }; 72162B071C82C9600013C1C5 /* SULocalizations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SULocalizations.h; sourceTree = ""; }; 721652671D3C8FED00FD13D8 /* SUInstallerLauncherStatus.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SUInstallerLauncherStatus.h; path = InstallerLauncher/SUInstallerLauncherStatus.h; sourceTree = SOURCE_ROOT; }; - 7218EC362623F31C008FECF3 /* org.sparkle-project.InstallerConnection.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "org.sparkle-project.InstallerConnection.entitlements"; sourceTree = ""; }; - 7218EC372623F32E008FECF3 /* org.sparkle-project.InstallerStatus.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "org.sparkle-project.InstallerStatus.entitlements"; sourceTree = ""; }; + 7218EC362623F31C008FECF3 /* InstallerConnection.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = InstallerConnection.entitlements; sourceTree = ""; }; + 7218EC372623F32E008FECF3 /* InstallerStatus.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = InstallerStatus.entitlements; sourceTree = ""; }; 721AB11626C777D900D34A86 /* SPUDownloadDataPrivate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SPUDownloadDataPrivate.h; sourceTree = ""; }; 721BC2061D17A532002BC71E /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; 721BC2081D17A553002BC71E /* Carbon.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Carbon.framework; path = System/Library/Frameworks/Carbon.framework; sourceTree = SDKROOT; }; @@ -1343,7 +1343,7 @@ 728ED349277DA23400D9238F /* SPUSparkleDeltaArchive.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = SPUSparkleDeltaArchive.m; path = Autoupdate/SPUSparkleDeltaArchive.m; sourceTree = SOURCE_ROOT; }; 729924921DF4A45000DBCDF5 /* SUUpdateValidator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SUUpdateValidator.h; path = Sparkle/SUUpdateValidator.h; sourceTree = SOURCE_ROOT; }; 729924931DF4A45000DBCDF5 /* SUUpdateValidator.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = SUUpdateValidator.m; path = Sparkle/SUUpdateValidator.m; sourceTree = SOURCE_ROOT; }; - 729BB3D11D503826007C4276 /* org.sparkle-project.Downloader.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.xml; name = "org.sparkle-project.Downloader.entitlements"; path = "Downloader/org.sparkle-project.Downloader.entitlements"; sourceTree = SOURCE_ROOT; }; + 729BB3D11D503826007C4276 /* Downloader.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; name = Downloader.entitlements; path = Downloader/Downloader.entitlements; sourceTree = SOURCE_ROOT; }; 729F10FD1C65A9B500DFCCC5 /* ConfigUITest.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ConfigUITest.xcconfig; sourceTree = ""; }; 729F10FE1C65A9B500DFCCC5 /* ConfigUITestCoverage.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ConfigUITestCoverage.xcconfig; sourceTree = ""; }; 729F7EAB27366353004592DC /* test-links.xml */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = "test-links.xml"; sourceTree = ""; }; @@ -2233,7 +2233,7 @@ 724BB36E1D31D0B7005D534A /* SUInstallerConnectionProtocol.h */, 724BB3851D32A167005D534A /* SUXPCInstallerConnection.h */, 724BB3861D32A167005D534A /* SUXPCInstallerConnection.m */, - 7218EC362623F31C008FECF3 /* org.sparkle-project.InstallerConnection.entitlements */, + 7218EC362623F31C008FECF3 /* InstallerConnection.entitlements */, ); name = InstallerConnection; path = ../InstallerConnection; @@ -2250,7 +2250,7 @@ 7267E5DD1D3D8F5A00D1BF90 /* SUStatusInfoProtocol.h */, 724BB3A61D33461B005D534A /* SUXPCInstallerStatus.h */, 724BB3A71D33461B005D534A /* SUXPCInstallerStatus.m */, - 7218EC372623F32E008FECF3 /* org.sparkle-project.InstallerStatus.entitlements */, + 7218EC372623F32E008FECF3 /* InstallerStatus.entitlements */, ); name = InstallerStatus; path = ../InstallerStatus; @@ -2312,7 +2312,7 @@ children = ( 723B5D9F1CF7AB0100365F95 /* Info.plist */, 723B5DA01CF7AB0100365F95 /* main.m */, - 729BB3D11D503826007C4276 /* org.sparkle-project.Downloader.entitlements */, + 729BB3D11D503826007C4276 /* Downloader.entitlements */, 723B5DA21CF7AB0100365F95 /* SPUDownloader.h */, 723B5DA31CF7AB0100365F95 /* SPUDownloader.m */, 723B5DA41CF7AB0100365F95 /* SPUDownloaderDelegate.h */,