From 63e66833842b0a6eb4181c579d4480d95103149a Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Tue, 16 Mar 2021 10:24:18 +0100
Subject: [PATCH] mac: use dedicated entitlements for binaries and scripts

fixes the codesigning issue with the unknown blobs in the entitlements

(missing "/" to complete blob)
---
 MacOSX/OpenSC_applescripts.entitlements                | 10 ++++++++++
 ...aller.entitlements => OpenSC_binaries.entitlements} |  2 --
 MacOSX/build-package.in                                |  6 +++---
 3 files changed, 13 insertions(+), 5 deletions(-)
 create mode 100644 MacOSX/OpenSC_applescripts.entitlements
 rename MacOSX/{OpenSC_Uninstaller.entitlements => OpenSC_binaries.entitlements} (82%)

diff --git a/MacOSX/OpenSC_applescripts.entitlements b/MacOSX/OpenSC_applescripts.entitlements
new file mode 100644
index 00000000..548ce436
--- /dev/null
+++ b/MacOSX/OpenSC_applescripts.entitlements
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.app-sandbox</key>
+    <false/>
+    <key>com.apple.security.automation.apple-events</key>
+    <true/>
+  </dict>
+</plist>
diff --git a/MacOSX/OpenSC_Uninstaller.entitlements b/MacOSX/OpenSC_binaries.entitlements
similarity index 82%
rename from MacOSX/OpenSC_Uninstaller.entitlements
rename to MacOSX/OpenSC_binaries.entitlements
index c3efb923..fba0ded4 100644
--- a/MacOSX/OpenSC_Uninstaller.entitlements
+++ b/MacOSX/OpenSC_binaries.entitlements
@@ -5,8 +5,6 @@
     <key>com.apple.security.app-sandbox</key>
     <false/>
     <key>com.apple.security.cs.disable-library-validation</key>
-    <true>
-    <key>com.apple.security.automation.apple-events</key>
     <true/>
   </dict>
 </plist>
diff --git a/MacOSX/build-package.in b/MacOSX/build-package.in
index 67b626a3..5b9e35d9 100755
--- a/MacOSX/build-package.in
+++ b/MacOSX/build-package.in
@@ -99,7 +99,7 @@ fi
 mkdir -p "$BUILDPATH/target/Applications/Utilities"
 osacompile -o "$BUILDPATH/target/Applications/Utilities/OpenSC Notify.app" "MacOSX/OpenSC_Notify.applescript"
 if test -n "${CODE_SIGN_IDENTITY}"; then
-	codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_Uninstaller.entitlements --deep --timestamp --options runtime "$BUILDPATH/target/Applications/Utilities/OpenSC Notify.app"
+	codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_applescripts.entitlements --deep --timestamp --options runtime "$BUILDPATH/target/Applications/Utilities/OpenSC Notify.app"
 fi
 
 
@@ -185,7 +185,7 @@ if test -n "${CODE_SIGN_IDENTITY}"; then
 	do
 		# find executable files and run codesign on them
 		find ${d} -type f -perm +111 -print -exec \
-			codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_Uninstaller.entitlements --deep --timestamp --options runtime {} \;
+			codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_binaries.entitlements --deep --timestamp --options runtime {} \;
 	done
 fi
 
@@ -208,7 +208,7 @@ fi
 # Build "Uninstaller"
 osacompile -o "${imagedir}/OpenSC Uninstaller.app" "MacOSX/OpenSC_Uninstaller.applescript"
 if test -n "${CODE_SIGN_IDENTITY}"; then
-	codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_Uninstaller.entitlements --deep --timestamp --options runtime "${imagedir}/OpenSC Uninstaller.app"
+	codesign --force --sign "${CODE_SIGN_IDENTITY}" --entitlements MacOSX/OpenSC_applescripts.entitlements --deep --timestamp --options runtime "${imagedir}/OpenSC Uninstaller.app"
 fi
 
 # Create .dmg