diff options
| author | Alexander Graf | 2021-01-20 23:44:34 +0100 |
|---|---|---|
| committer | Peter Maydell | 2021-01-29 11:47:28 +0100 |
| commit | 8a74ce618b647e71ac703b5fe5dba3a2329a4d76 (patch) | |
| tree | f5621e6c1032730f28748dbe7bd6b7e652e4ca57 | |
| parent | darwin: remove 64-bit build detection on 32-bit OS (diff) | |
| download | qemu-8a74ce618b647e71ac703b5fe5dba3a2329a4d76.tar.gz qemu-8a74ce618b647e71ac703b5fe5dba3a2329a4d76.tar.xz qemu-8a74ce618b647e71ac703b5fe5dba3a2329a4d76.zip | |
hvf: Add hypervisor entitlement to output binaries
In macOS 11, QEMU only gets access to Hypervisor.framework if it has the
respective entitlement. Add an entitlement template and automatically self
sign and apply the entitlement in the build.
Signed-off-by: Alexander Graf <agraf@csgraf.de>
Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com>
Tested-by: Roman Bolshakov <r.bolshakov@yadro.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | accel/hvf/entitlements.plist | 8 | ||||
| -rw-r--r-- | meson.build | 29 | ||||
| -rwxr-xr-x | scripts/entitlement.sh | 13 |
3 files changed, 46 insertions, 4 deletions
diff --git a/accel/hvf/entitlements.plist b/accel/hvf/entitlements.plist new file mode 100644 index 0000000000..154f3308ef --- /dev/null +++ b/accel/hvf/entitlements.plist @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.hypervisor</key> + <true/> +</dict> +</plist> diff --git a/meson.build b/meson.build index 9ecb09dfe2..f00b7754fd 100644 --- a/meson.build +++ b/meson.build @@ -2167,9 +2167,14 @@ foreach target : target_dirs }] endif foreach exe: execs - emulators += {exe['name']: - executable(exe['name'], exe['sources'], - install: true, + exe_name = exe['name'] + exe_sign = 'CONFIG_HVF' in config_target + if exe_sign + exe_name += '-unsigned' + endif + + emulator = executable(exe_name, exe['sources'], + install: not exe_sign, c_args: c_args, dependencies: arch_deps + deps + exe['dependencies'], objects: lib.extract_all_objects(recursive: true), @@ -2177,7 +2182,23 @@ foreach target : target_dirs link_depends: [block_syms, qemu_syms] + exe.get('link_depends', []), link_args: link_args, gui_app: exe['gui']) - } + + if exe_sign + emulators += {exe['name'] : custom_target(exe['name'], + install: true, + install_dir: get_option('bindir'), + depends: emulator, + output: exe['name'], + command: [ + meson.current_source_dir() / 'scripts/entitlement.sh', + meson.current_build_dir() / exe_name, + meson.current_build_dir() / exe['name'], + meson.current_source_dir() / 'accel/hvf/entitlements.plist' + ]) + } + else + emulators += {exe['name']: emulator} + endif if 'CONFIG_TRACE_SYSTEMTAP' in config_host foreach stp: [ diff --git a/scripts/entitlement.sh b/scripts/entitlement.sh new file mode 100755 index 0000000000..c540fa6435 --- /dev/null +++ b/scripts/entitlement.sh @@ -0,0 +1,13 @@ +#!/bin/sh -e +# +# Helper script for the build process to apply entitlements + +SRC="$1" +DST="$2" +ENTITLEMENT="$3" + +trap 'rm "$DST.tmp"' exit +cp -af "$SRC" "$DST.tmp" +codesign --entitlements "$ENTITLEMENT" --force -s - "$DST.tmp" +mv "$DST.tmp" "$DST" +trap '' exit |