Yehowshua/ZIm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remote server on macOS: Sign with entitlements (#18863)

Browse source 
This does two things:

- Prevent feature unification
- Sign the remote-server binary with the same entitlements we use for
Zed because we saw this in crash report:

Crashed Thread: 4 Dispatch queue: com.apple.root.user-initiated-qos

Exception Type: EXC_BAD_ACCESS (SIGKILL (Code Signature Invalid))
      Exception Codes:       UNKNOWN_0x32 at 0x0000000103636644
      Exception Codes:       0x0000000000000032, 0x0000000103636644

      Termination Reason:    Namespace CODESIGNING, Code 2 Invalid Page

VM Region Info: 0x103636644 is in 0x103634000-0x103638000; bytes after
start: 9796 bytes before end: 6587
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
VM_ALLOCATE 103630000-103634000 [ 16K] r--/rwx SM=ZER
---> VM_ALLOCATE 103634000-103638000 [ 16K] r-x/rwx SM=COW
VM_ALLOCATE 103638000-103640000 [ 32K] r--/rwx SM=ZER

  Which sounds a lot like codesigning/jit/entitlements stuff.


Release Notes:

- N/A

Co-authored-by: Piotr <piotr@zed.dev>
Co-authored-by: Bennet <bennet@zed.dev>
This commit is contained in:
Thorsten Ball 2024-10-08 17:47:24 +02:00 committed by GitHub
parent d295c46433
commit ff7aa024ee
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
script/bundle-mac
View file

@ -83,7 +83,10 @@ if [ "$local_arch" = true ]; then
cargo build ${build_flag} --package zed --package cli --package remote_server
else
echo "Compiling zed binaries"
cargo build ${build_flag} --package zed --package cli --package remote_server --target aarch64-apple-darwin --target x86_64-apple-darwin
cargo build ${build_flag} --package zed --package cli --target aarch64-apple-darwin --target x86_64-apple-darwin
# Build remote_server in separate invocation to prevent feature unification from other crates
# from influencing dynamic libraries required by it.
cargo build ${build_flag} --package remote_server --target aarch64-apple-darwin --target x86_64-apple-darwin
fi
echo "Creating application bundle"
@ -358,7 +361,7 @@ function sign_binary() {
if [[ $can_code_sign = true ]]; then
echo "Code signing executable $binary_path"
/usr/bin/codesign --deep --force --timestamp --options runtime --sign "$IDENTITY" "${binary_path}" -v
/usr/bin/codesign --deep --force --timestamp --options runtime --entitlements crates/zed/resources/zed.entitlements --sign "$IDENTITY" "${binary_path}" -v
fi
}