diff options
| author | Alexander Graf <agraf@csgraf.de> | 2021-01-20 23:44:34 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-01-29 10:47:28 +0000 |
| commit | 8a74ce618b647e71ac703b5fe5dba3a2329a4d76 (patch) | |
| tree | f5621e6c1032730f28748dbe7bd6b7e652e4ca57 | |
| parent | 32063086a731aaeb76e1a81623953f8a17fcdb6f (diff) | |
| download | qemu-8a74ce618b647e71ac703b5fe5dba3a2329a4d76.zip qemu-8a74ce618b647e71ac703b5fe5dba3a2329a4d76.tar.gz qemu-8a74ce618b647e71ac703b5fe5dba3a2329a4d76.tar.bz2 | |
hvf: Add hypervisor entitlement to output binaries
In macOS 11, QEMU only gets access to Hypervisor.framework if it has the
respective entitlement. Add an entitlement template and automatically self
sign and apply the entitlement in the build.
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | accel/hvf/entitlements.plist | 8 | ||||
| -rw-r--r-- | meson.build | 29 | ||||
| -rwxr-xr-x | scripts/entitlement.sh | 13 |
3 files changed, 46 insertions, 4 deletions
diff --git a/accel/hvf/entitlements.plist b/accel/hvf/entitlements.plist new file mode 100644 index 0000000..154f330 --- /dev/null +++ b/accel/hvf/entitlements.plist @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.hypervisor</key> + <true/> +</dict> +</plist> diff --git a/meson.build b/meson.build index 9ecb09d..f00b775 100644 --- a/meson.build +++ b/meson.build @@ -2167,9 +2167,14 @@ foreach target : target_dirs }] endif foreach exe: execs - emulators += {exe['name']: - executable(exe['name'], exe['sources'], - install: true, + exe_name = exe['name'] + exe_sign = 'CONFIG_HVF' in config_target + if exe_sign + exe_name += '-unsigned' + endif + + emulator = executable(exe_name, exe['sources'], + install: not exe_sign, c_args: c_args, dependencies: arch_deps + deps + exe['dependencies'], objects: lib.extract_all_objects(recursive: true), @@ -2177,7 +2182,23 @@ foreach target : target_dirs link_depends: [block_syms, qemu_syms] + exe.get('link_depends', []), link_args: link_args, gui_app: exe['gui']) - } + + if exe_sign + emulators += {exe['name'] : custom_target(exe['name'], + install: true, + install_dir: get_option('bindir'), + depends: emulator, + output: exe['name'], + command: [ + meson.current_source_dir() / 'scripts/entitlement.sh', + meson.current_build_dir() / exe_name, + meson.current_build_dir() / exe['name'], + meson.current_source_dir() / 'accel/hvf/entitlements.plist' + ]) + } + else + emulators += {exe['name']: emulator} + endif if 'CONFIG_TRACE_SYSTEMTAP' in config_host foreach stp: [ diff --git a/scripts/entitlement.sh b/scripts/entitlement.sh new file mode 100755 index 0000000..c540fa6 --- /dev/null +++ b/scripts/entitlement.sh @@ -0,0 +1,13 @@ +#!/bin/sh -e +# +# Helper script for the build process to apply entitlements + +SRC="$1" +DST="$2" +ENTITLEMENT="$3" + +trap 'rm "$DST.tmp"' exit +cp -af "$SRC" "$DST.tmp" +codesign --entitlements "$ENTITLEMENT" --force -s - "$DST.tmp" +mv "$DST.tmp" "$DST" +trap '' exit |