Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable sandboxing for downloader XPC service by default #2511

Merged
merged 3 commits into from
Feb 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion Configurations/ConfigCommon.xcconfig
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,27 @@ XPC_SERVICE_BUNDLE_ID_PREFIX = org.sparkle-project
INSTALLER_CONNECTION_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.InstallerConnection
INSTALLER_STATUS_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.InstallerStatus
INSTALLER_LAUNCHER_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.InstallerLauncher
DOWNLOADER_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.Downloader
DOWNLOADER_BUNDLE_ID = ${XPC_SERVICE_BUNDLE_ID_PREFIX}.DownloaderService

// Initialize sandboxed entitlements variables to use no entitlements
// Don't modify these. See commented out section below instead.
DOWNLOADER_SANDBOXED_ENTITLEMENTS =
INSTALLER_CONNECTION_ENTITLEMENTS =
INSTALLER_STATUS_ENTITLEMENTS =

// The Downloader XPC Service is not sandboxed by default.
// Uncomment this line to enable Sandboxing for this service.
// If this is done, you *must* set a custom XPC_SERVICE_BUNDLE_ID_PREFIX for your app above.
// Otherwise sandboxed apps that use the same sandboxed Downloader Service may conflict with each other.

//DOWNLOADER_SANDBOXED_ENTITLEMENTS = Downloader/Downloader.entitlements

// Similar to the Downloader XPC Service, uncomment these lines if you want to sandbox the Connection/Status services
// If this is done, you *must* set a custom XPC_SERVICE_BUNDLE_ID_PREFIX for your app above.

//INSTALLER_CONNECTION_ENTITLEMENTS = InstallerConnection/InstallerConnection.entitlements
//INSTALLER_STATUS_ENTITLEMENTS = InstallerStatus/InstallerStatus.entitlements


// If your app file on disk is named "MyApp 1.1b4", Sparkle usually updates it
// in place, giving you an app named 1.1b4 that is actually 1.2. Turn the
Expand Down
2 changes: 1 addition & 1 deletion Configurations/ConfigDownloader.xcconfig
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ INFOPLIST_FILE = Downloader/Info.plist
WRAPPER_EXTENSION = xpc
PRODUCT_BUNDLE_IDENTIFIER = ${DOWNLOADER_BUNDLE_ID}
PRODUCT_NAME = ${DOWNLOADER_NAME}
CODE_SIGN_ENTITLEMENTS = Downloader/org.sparkle-project.Downloader.entitlements
CODE_SIGN_ENTITLEMENTS = $(DOWNLOADER_SANDBOXED_ENTITLEMENTS)
GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) BUILDING_SPARKLE_SOURCES_EXTERNALLY=1
CLANG_MODULES_AUTOLINK = NO
1 change: 1 addition & 0 deletions Configurations/ConfigInstallerConnection.xcconfig
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ INFOPLIST_FILE = InstallerConnection/Info.plist
WRAPPER_EXTENSION = xpc
PRODUCT_BUNDLE_IDENTIFIER = ${INSTALLER_CONNECTION_BUNDLE_ID}
PRODUCT_NAME = ${INSTALLER_CONNECTION_NAME}
CODE_SIGN_ENTITLEMENTS = $(INSTALLER_CONNECTION_ENTITLEMENTS)
GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) BUILDING_SPARKLE_SOURCES_EXTERNALLY=1
CLANG_MODULES_AUTOLINK = NO
1 change: 1 addition & 0 deletions Configurations/ConfigInstallerStatus.xcconfig
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ INFOPLIST_FILE = InstallerStatus/Info.plist
WRAPPER_EXTENSION = xpc
PRODUCT_BUNDLE_IDENTIFIER = ${INSTALLER_STATUS_BUNDLE_ID}
PRODUCT_NAME = ${INSTALLER_STATUS_NAME}
CODE_SIGN_ENTITLEMENTS = $(INSTALLER_STATUS_ENTITLEMENTS)
GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) BUILDING_SPARKLE=0 BUILDING_SPARKLE_SOURCES_EXTERNALLY=1
CLANG_MODULES_AUTOLINK = NO
8 changes: 0 additions & 8 deletions Configurations/make-release-package.sh
Original file line number Diff line number Diff line change
Expand Up @@ -45,14 +45,6 @@ if [ "$ACTION" = "" ] ; then
cp -R "$CONFIGURATION_BUILD_DIR/sparkle.app" "$CONFIGURATION_BUILD_DIR/staging"
cp -R "$CONFIGURATION_BUILD_DIR/Sparkle.framework" "$CONFIGURATION_BUILD_DIR/staging"
cp -R "$CONFIGURATION_BUILD_DIR/Sparkle.xcframework" "$CONFIGURATION_BUILD_DIR/staging-spm"

if [[ "$SPARKLE_EMBED_DOWNLOADER_XPC_SERVICE" -eq 1 ]]; then
mkdir -p "$CONFIGURATION_BUILD_DIR/staging/Entitlements"
mkdir -p "$CONFIGURATION_BUILD_DIR/staging-spm/Entitlements"

cp -R "$PROJECT_DIR/Downloader/org.sparkle-project.Downloader.entitlements" "$CONFIGURATION_BUILD_DIR/staging/Entitlements/$DOWNLOADER_NAME.entitlements"
cp -R "$PROJECT_DIR/Downloader/org.sparkle-project.Downloader.entitlements" "$CONFIGURATION_BUILD_DIR/staging-spm/Entitlements/$DOWNLOADER_NAME.entitlements"
fi

mkdir -p "$CONFIGURATION_BUILD_DIR/staging/Symbols"

Expand Down
2 changes: 1 addition & 1 deletion Sparkle.podspec
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Pod::Spec.new do |s|
s.source = { :http => "https://github.com/sparkle-project/Sparkle/releases/download/#{s.version}/Sparkle-#{s.version}.tar.xz" }
s.source_files = 'Sparkle.framework/Versions/B/Headers/*.h'

s.preserve_paths = ['bin/*', 'Entitlements', 'Symbols']
s.preserve_paths = ['bin/*', 'Symbols']
s.public_header_files = 'Sparkle.framework/Versions/B/Headers/*.h'
s.vendored_frameworks = 'Sparkle.framework'
s.xcconfig = {
Expand Down
12 changes: 6 additions & 6 deletions Sparkle.xcodeproj/project.pbxproj
Original file line number Diff line number Diff line change
Expand Up @@ -1055,8 +1055,8 @@
7214B8851D45AD9A00CB5CED /* SPUInstallationType.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SPUInstallationType.h; sourceTree = "<group>"; };
72162B071C82C9600013C1C5 /* SULocalizations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SULocalizations.h; sourceTree = "<group>"; };
721652671D3C8FED00FD13D8 /* SUInstallerLauncherStatus.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SUInstallerLauncherStatus.h; path = InstallerLauncher/SUInstallerLauncherStatus.h; sourceTree = SOURCE_ROOT; };
7218EC362623F31C008FECF3 /* org.sparkle-project.InstallerConnection.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "org.sparkle-project.InstallerConnection.entitlements"; sourceTree = "<group>"; };
7218EC372623F32E008FECF3 /* org.sparkle-project.InstallerStatus.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = "org.sparkle-project.InstallerStatus.entitlements"; sourceTree = "<group>"; };
7218EC362623F31C008FECF3 /* InstallerConnection.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = InstallerConnection.entitlements; sourceTree = "<group>"; };
7218EC372623F32E008FECF3 /* InstallerStatus.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = InstallerStatus.entitlements; sourceTree = "<group>"; };
721AB11626C777D900D34A86 /* SPUDownloadDataPrivate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SPUDownloadDataPrivate.h; sourceTree = "<group>"; };
721BC2061D17A532002BC71E /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; };
721BC2081D17A553002BC71E /* Carbon.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Carbon.framework; path = System/Library/Frameworks/Carbon.framework; sourceTree = SDKROOT; };
Expand Down Expand Up @@ -1343,7 +1343,7 @@
728ED349277DA23400D9238F /* SPUSparkleDeltaArchive.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = SPUSparkleDeltaArchive.m; path = Autoupdate/SPUSparkleDeltaArchive.m; sourceTree = SOURCE_ROOT; };
729924921DF4A45000DBCDF5 /* SUUpdateValidator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SUUpdateValidator.h; path = Sparkle/SUUpdateValidator.h; sourceTree = SOURCE_ROOT; };
729924931DF4A45000DBCDF5 /* SUUpdateValidator.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = SUUpdateValidator.m; path = Sparkle/SUUpdateValidator.m; sourceTree = SOURCE_ROOT; };
729BB3D11D503826007C4276 /* org.sparkle-project.Downloader.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.xml; name = "org.sparkle-project.Downloader.entitlements"; path = "Downloader/org.sparkle-project.Downloader.entitlements"; sourceTree = SOURCE_ROOT; };
729BB3D11D503826007C4276 /* Downloader.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; name = Downloader.entitlements; path = Downloader/Downloader.entitlements; sourceTree = SOURCE_ROOT; };
729F10FD1C65A9B500DFCCC5 /* ConfigUITest.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ConfigUITest.xcconfig; sourceTree = "<group>"; };
729F10FE1C65A9B500DFCCC5 /* ConfigUITestCoverage.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = ConfigUITestCoverage.xcconfig; sourceTree = "<group>"; };
729F7EAB27366353004592DC /* test-links.xml */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = "test-links.xml"; sourceTree = "<group>"; };
Expand Down Expand Up @@ -2233,7 +2233,7 @@
724BB36E1D31D0B7005D534A /* SUInstallerConnectionProtocol.h */,
724BB3851D32A167005D534A /* SUXPCInstallerConnection.h */,
724BB3861D32A167005D534A /* SUXPCInstallerConnection.m */,
7218EC362623F31C008FECF3 /* org.sparkle-project.InstallerConnection.entitlements */,
7218EC362623F31C008FECF3 /* InstallerConnection.entitlements */,
);
name = InstallerConnection;
path = ../InstallerConnection;
Expand All @@ -2250,7 +2250,7 @@
7267E5DD1D3D8F5A00D1BF90 /* SUStatusInfoProtocol.h */,
724BB3A61D33461B005D534A /* SUXPCInstallerStatus.h */,
724BB3A71D33461B005D534A /* SUXPCInstallerStatus.m */,
7218EC372623F32E008FECF3 /* org.sparkle-project.InstallerStatus.entitlements */,
7218EC372623F32E008FECF3 /* InstallerStatus.entitlements */,
);
name = InstallerStatus;
path = ../InstallerStatus;
Expand Down Expand Up @@ -2312,7 +2312,7 @@
children = (
723B5D9F1CF7AB0100365F95 /* Info.plist */,
723B5DA01CF7AB0100365F95 /* main.m */,
729BB3D11D503826007C4276 /* org.sparkle-project.Downloader.entitlements */,
729BB3D11D503826007C4276 /* Downloader.entitlements */,
723B5DA21CF7AB0100365F95 /* SPUDownloader.h */,
723B5DA31CF7AB0100365F95 /* SPUDownloader.m */,
723B5DA41CF7AB0100365F95 /* SPUDownloaderDelegate.h */,
Expand Down
Loading