From e66c3589a2a67d880f4d3dbfa7e3ba473c3751b8 Mon Sep 17 00:00:00 2001
From: Brecht Van Lommel <brechtvanlommel@gmail.com>
Date: Mon, 15 Jul 2019 14:18:42 +0200
Subject: Fix T66986: errors with add-ons using ctypes in macOS release

Add extra entitlements to allow the kind of unsigned executable memory access
that cytpes does.
---
 release/darwin/bundle.sh          | 7 ++++---
 release/darwin/entitlements.plist | 8 ++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)
 create mode 100644 release/darwin/entitlements.plist

diff --git a/release/darwin/bundle.sh b/release/darwin/bundle.sh
index 14c3ba81745..b0f489e6fc2 100755
--- a/release/darwin/bundle.sh
+++ b/release/darwin/bundle.sh
@@ -18,6 +18,7 @@ _tmp_dir="$(mktemp -d)"
 _tmp_dmg="/tmp/blender-tmp.dmg"
 _background_image="${_script_dir}/background.tif"
 _mount_dir="/Volumes/${_volume_name}"
+_entitlements="${_script_dir}/entitlements.plist"
 
 # Handle arguments.
 while [[ $# -gt 0 ]]; do
@@ -128,17 +129,17 @@ if [ ! -z "${C_CERT}" ]; then
     for f in $(find "${_mount_dir}/Blender.app/Contents/Resources" -name "python*"); do
         if [ -x ${f} ] && [ ! -d ${f} ]; then
             codesign --remove-signature "${f}"
-            codesign --timestamp --options runtime --sign "${C_CERT}" "${f}"
+            codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
         fi
     done
     echo ; echo -n "Codesigning .dylib and .so libraries"
     for f in $(find "${_mount_dir}/Blender.app" -name "*.dylib" -o -name "*.so"); do
         codesign --remove-signature "${f}"
-        codesign --timestamp --options runtime --sign "${C_CERT}" "${f}"
+        codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
     done
     echo ; echo -n "Codesigning Blender.app"
     codesign --remove-signature "${_mount_dir}/Blender.app"
-    codesign --timestamp --options runtime --sign "${C_CERT}" "${_mount_dir}/Blender.app"
+    codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${_mount_dir}/Blender.app"
     echo
 else
     echo "No codesigning cert given, skipping..."
diff --git a/release/darwin/entitlements.plist b/release/darwin/entitlements.plist
new file mode 100644
index 00000000000..a1c430a57ab
--- /dev/null
+++ b/release/darwin/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+</dict>
+</plist>
-- 
cgit v1.2.3