release/darwin: add entitlements for code signing

The entitlements file is required for the codesign tool to sign bitbox-bridge binary. The signing workflow looks something like this: 1. Sign the universal binary: codesign -f --timestamp --strict -o runtime \ --entitlements entitlements.plist \ -s <app-cert-identity> \ bin/bitbox-bridge 2. Produce the pkg installer with an extra --sign flag to productbuild: productbuild --distribution ... \ --sign <installer-cert-identity> \ macos-installer.pkg 3. Submit the pkg for notarization: xcrun altool --notarize-app \ --primary-bundle-id ch.shiftcrypto.bitboxbridge \ --username [email protected] \ --file macos-installer.pkg 4. Once notarized, staple the ticket onto the installer pkg for offline distribution: xcrun stapler staple macos-installer.pkg I have a script that does all of the above but it needs a bit more work. With this commit, I just want to release v1.3.0. Will add the scripts afterwards.
BitBoxSwiss · May 20, 2021 · 3746875 · 3746875
1 parent 709e426
commit 3746875
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/bitbox-bridge/release/darwin/entitlements.plist b/bitbox-bridge/release/darwin/entitlements.plist
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <!-- We listen on network ports -->
+    <key>com.apple.security.network.server</key>
+    <true/>
+    <!-- We respond on network ports -->
+    <key>com.apple.security.network.client</key>
+    <true/>
+    <!-- We communicate with usb devices -->
+    <key>com.apple.security.device.usb</key>
+    <true/>
+</dict>
+</plist>