Adding entitlement for unsigned memory execution

ffi loads c code into memory in an unsigned way and this allows workstation to work with the hardened runtime. Signed-off-by: Jon Morrow <jmorrow@chef.io>
chef · Feb 1, 2020 · 8739278 · 8739278
1 parent 7f441c5
commit 8739278
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/omnibus/Gemfile b/omnibus/Gemfile
@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "omnibus", git: "https://github.com/chef/omnibus.git", branch: "master"
+gem "omnibus", git: "https://github.com/chef/omnibus.git", branch: "jm/add_pkg_entitlements"
 gem "omnibus-software", git: "https://github.com/chef/omnibus-software.git", branch: "master"
 gem "artifactory"
 

diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
@@ -8,8 +8,8 @@ GIT
 
 GIT
   remote: https://github.com/chef/omnibus.git
-  revision: d642ae6fd57f4a74846e325fecadebb132069894
-  branch: master
+  revision: 6ac0b2f529bac249bf6acba1c416e338404c4718
+  branch: jm/add_pkg_entitlements
   specs:
     omnibus (7.0.1)
       aws-sdk-s3 (~> 1)

diff --git a/omnibus/resources/chef-workstation/pkg/entitlements.plist b/omnibus/resources/chef-workstation/pkg/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+  </dict>
+</plist>