Adding entitlement for unsigned memory execution

ffi loads c code into memory in an unsigned way and this allows workstation to work with the hardened runtime. Signed-off-by: Jon Morrow <jmorrow@chef.io>
chef · Feb 1, 2020 · 228a093 · 228a093
1 parent 2b13a74
commit 228a093
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 7 deletions.
diff --git a/omnibus/Gemfile b/omnibus/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "omnibus", git: "https://github.com/chef/omnibus.git", branch: "master"
+gem "omnibus", git: "https://github.com/chef/omnibus.git", branch: "jm/add_pkg_entitlements"
 gem "omnibus-software", git: "https://github.com/chef/omnibus-software.git", branch: "master"
 gem "artifactory"
 

diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
@@ -8,8 +8,8 @@ GIT
 
 GIT
   remote: https://github.com/chef/omnibus.git
-  revision: d642ae6fd57f4a74846e325fecadebb132069894
-  branch: master
+  revision: 1c892dccf08d17dafa14ab1f0094ed41cf8b3373
+  branch: jm/add_pkg_entitlements
   specs:
     omnibus (7.0.1)
       aws-sdk-s3 (~> 1)
@@ -32,7 +32,7 @@ GEM
     artifactory (3.0.12)
     awesome_print (1.8.0)
     aws-eventstream (1.0.3)
-    aws-partitions (1.267.0)
+    aws-partitions (1.269.0)
     aws-sdk-core (3.89.1)
       aws-eventstream (~> 1.0, >= 1.0.2)
       aws-partitions (~> 1, >= 1.239.0)
@@ -226,7 +226,7 @@ GEM
     mixlib-versioning (1.2.12)
     molinillo (0.6.6)
     multi_json (1.14.1)
-    multipart-post (2.0.0)
+    multipart-post (2.1.1)
     necromancer (0.5.1)
     net-scp (2.0.0)
       net-ssh (>= 2.6.5, < 6.0.0)
@@ -257,17 +257,19 @@ GEM
     pastel (0.7.3)
       equatable (~> 0.6)
       tty-color (~> 0.5)
-    pedump (0.5.2)
+    pedump (0.5.4)
       awesome_print
       iostruct (>= 0.0.4)
-      multipart-post (~> 2.0.0)
+      multipart-post (>= 2.0.0)
       progressbar
+      rainbow
       zhexdump (>= 0.0.2)
     plist (3.5.0)
     progressbar (1.10.1)
     proxifier (1.0.3)
     public_suffix (4.0.3)
     rack (2.1.1)
+    rainbow (3.0.0)
     retryable (3.0.5)
     ruby-progressbar (1.10.1)
     rubyntlm (0.6.2)

diff --git a/omnibus/resources/chef-workstation/pkg/entitlements.plist b/omnibus/resources/chef-workstation/pkg/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+  </dict>
+</plist>