hvf: Add hypervisor entitlement to output binaries
In macOS 11, QEMU only gets access to Hypervisor.framework if it has the respective entitlement. Add an entitlement template and automatically self sign and apply the entitlement in the build. Signed-off-by: Alexander Graf <agraf@csgraf.de> Reviewed-by: Roman Bolshakov <r.bolshakov@yadro.com> Tested-by: Roman Bolshakov <r.bolshakov@yadro.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
parent
32063086a7
commit
8a74ce618b
8
accel/hvf/entitlements.plist
Normal file
8
accel/hvf/entitlements.plist
Normal file
@ -0,0 +1,8 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>com.apple.security.hypervisor</key>
|
||||
<true/>
|
||||
</dict>
|
||||
</plist>
|
27
meson.build
27
meson.build
@ -2167,9 +2167,14 @@ foreach target : target_dirs
|
||||
}]
|
||||
endif
|
||||
foreach exe: execs
|
||||
emulators += {exe['name']:
|
||||
executable(exe['name'], exe['sources'],
|
||||
install: true,
|
||||
exe_name = exe['name']
|
||||
exe_sign = 'CONFIG_HVF' in config_target
|
||||
if exe_sign
|
||||
exe_name += '-unsigned'
|
||||
endif
|
||||
|
||||
emulator = executable(exe_name, exe['sources'],
|
||||
install: not exe_sign,
|
||||
c_args: c_args,
|
||||
dependencies: arch_deps + deps + exe['dependencies'],
|
||||
objects: lib.extract_all_objects(recursive: true),
|
||||
@ -2177,7 +2182,23 @@ foreach target : target_dirs
|
||||
link_depends: [block_syms, qemu_syms] + exe.get('link_depends', []),
|
||||
link_args: link_args,
|
||||
gui_app: exe['gui'])
|
||||
|
||||
if exe_sign
|
||||
emulators += {exe['name'] : custom_target(exe['name'],
|
||||
install: true,
|
||||
install_dir: get_option('bindir'),
|
||||
depends: emulator,
|
||||
output: exe['name'],
|
||||
command: [
|
||||
meson.current_source_dir() / 'scripts/entitlement.sh',
|
||||
meson.current_build_dir() / exe_name,
|
||||
meson.current_build_dir() / exe['name'],
|
||||
meson.current_source_dir() / 'accel/hvf/entitlements.plist'
|
||||
])
|
||||
}
|
||||
else
|
||||
emulators += {exe['name']: emulator}
|
||||
endif
|
||||
|
||||
if 'CONFIG_TRACE_SYSTEMTAP' in config_host
|
||||
foreach stp: [
|
||||
|
13
scripts/entitlement.sh
Executable file
13
scripts/entitlement.sh
Executable file
@ -0,0 +1,13 @@
|
||||
#!/bin/sh -e
|
||||
#
|
||||
# Helper script for the build process to apply entitlements
|
||||
|
||||
SRC="$1"
|
||||
DST="$2"
|
||||
ENTITLEMENT="$3"
|
||||
|
||||
trap 'rm "$DST.tmp"' exit
|
||||
cp -af "$SRC" "$DST.tmp"
|
||||
codesign --entitlements "$ENTITLEMENT" --force -s - "$DST.tmp"
|
||||
mv "$DST.tmp" "$DST"
|
||||
trap '' exit
|
Loading…
Reference in New Issue
Block a user