[Potential Bug] Hardened Runtime Entitlements not being generated for juce_add_console_app

MacOSX and iOS
1

Hello all,

I have a plugin scanning executable, and it requires some hardened runtime options as follows:

juce_add_console_app(PluginScanner
    BUNDLE_ID "com.timeoffaudio.pluginscanner"
    PLUGINHOST_AU TRUE
    COMPANY_NAME "time off audio"
    COMPANY_WEBSITE "https://timeoff.audio"
    DESCRIPTION "Utility executable for finding plugins on the system"
    HARDENED_RUNTIME_ENABLED TRUE
    HARDENED_RUNTIME_OPTIONS com.apple.security.cs.allow-unsigned-executable-memory com.apple.security.cs.disable-library-validation com.apple.security.get-task-allow
)

However the above command does not generate the expected PluginScanner.entitlements file in the artefacts, but changing the command to juce_create_gui_app does.

Is this a bug or is there a valid reason for this? From my understanding, the correct declaration for my use case is juce_create_console_app.

Thanks.

2

I now see that juce_create_gui_app still generates the binary I require, only it’s nested inside a macOS Application Bundle (*.app).

This is then workable, however, I am still curious whether the lack of entitlements file artefact with juce_create_console_app is a potential bug or not.

Thanks!

3

Thanks for reporting. I think that this was a bug, as entitlements did seem to work for Projucer-generated commandline program projects. We’ve now updated the CMake helpers to allow specifying hardened runtime options for commandline apps on macOS:

Note that this will only work with the CMake’s Xcode generator.

1 Like