Skip to content

PTECH-5542: Ad-hoc sign release to not drop required entitlements#84

Merged
HeEAaD merged 2 commits intomainfrom
feature/PTECH-5542-sign-with-entitlements
Dec 10, 2025
Merged

PTECH-5542: Ad-hoc sign release to not drop required entitlements#84
HeEAaD merged 2 commits intomainfrom
feature/PTECH-5542-sign-with-entitlements

Conversation

@HeEAaD
Copy link
Copy Markdown
Contributor

@HeEAaD HeEAaD commented Dec 10, 2025
edited
Loading

This fixes that the release bundle (e.g. Cilicon_2.4.0_20_unsigned.zip) can not launch a VM. Error message:

Invalid virtual machine configuration. The process doesn't have the "com.apple.security virtualization" entitlement.

Before

$ codesign -dvv --entitlements - Cilicon.app       
Executable=/Users/steffen/Downloads/Cilicon_2.4.0_20_unsigned/Cilicon.app/Contents/MacOS/Cilicon
Identifier=Cilicon
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=63840 flags=0x20002(adhoc,linker-signed) hashes=1992+0 location=embedded
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements=none

After

(Artifact from https://github.com/traderepublic/Cilicon/actions/runs/20100608664 )

$ codesign -dvv --entitlements - Cilicon.app
Executable=/Users/steffen/Downloads/Cilicon_2.4.0_23_ca97a80_adhoc/Cilicon.app/Contents/MacOS/Cilicon
Identifier=com.traderepublic.cilicon
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=16282 flags=0x10002(adhoc,runtime) hashes=498+7 location=embedded
Signature=adhoc
Info.plist entries=22
TeamIdentifier=not set
Runtime Version=26.1.0
Sealed Resources version=2 rules=13 files=38
Internal requirements count=0 size=12
[Dict]
        [Key] com.apple.security.network.client
        [Value]
                [Bool] true
        [Key] com.apple.security.virtualization
        [Value]
                [Bool] true

@HeEAaD HeEAaD requested review from a team December 10, 2025 13:52
@HeEAaD HeEAaD merged commit acfe8a0 into main Dec 10, 2025
4 checks passed
@HeEAaD HeEAaD deleted the feature/PTECH-5542-sign-with-entitlements branch December 10, 2025 13:59
@sasa-fajkovic sasa-fajkovic changed the title Ad-hoc sign release to not drop required entitlements PTECH-5542: Ad-hoc sign release to not drop required entitlements Feb 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dimentar Dimentar Dimentar approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HeEAaD @Dimentar