View Single Post
Quote:
Originally Posted by denty View Post
Are those entitlements something that can be modified by end users? Seems not from what I can gather.
Developers can update the entitlements of the app using the "codesign" command-line tool. For example, if I wanted to add org.example.MyExampleApp:MyExampleApp to OmniGraffle's entitlements (making a copy of the app as Test-OmniGraffle.app just in case something breaks), I'd do this:

Code:
ditto OmniGraffle.app Test-OmniGraffle.app
codesign --display --entitlements :- Test-OmniGraffle.app > /tmp/OmniGraffle.entitlements.plist
defaults write /tmp/OmniGraffle.entitlements.plist com.apple.security.temporary-exception.mach-lookup.global-name -array-add "org.example.MyExampleApp:MyExampleApp"
plutil -convert xml1 /tmp/OmniGraffle.entitlements.plist
codesign --force --sign "Mac Developer:" --entitlements /tmp/OmniGraffle.entitlements.plist Test-OmniGraffle.app
Hope this helps!

(But you can see why I'm thinking we should ultimately switch LinkBack over to using some other communication mechanism which doesn't require app-specific entitlements!)