fix default entitlements for non steam apps

StephenHodgson · StephenHodgson · commit 7eca6ac8a70c · 2025-06-24T15:15:59.000-04:00
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -84,7 +84,7 @@ jobs:
             }
           }
         shell: pwsh
-      - uses: buildalon/activate-unity-license@development
+      - uses: buildalon/activate-unity-license@v1
         with:
           license: 'Personal'
           username: ${{ secrets.UNITY_USERNAME }}
diff --git a/dist/index.js b/dist/index.js
@@ -58739,7 +58739,7 @@ async function ArchiveXcodeProject(projectRef) {
         const entitlementsHandle = await fs.promises.open(projectRef.entitlementsPath, fs.constants.O_RDONLY);
         try {
             const entitlementsContent = await fs.promises.readFile(entitlementsHandle, 'utf8');
-            core.debug(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
+            core.info(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
         }
         finally {
             await entitlementsHandle.close();
@@ -59215,11 +59215,22 @@ async function getDefaultEntitlementsMacOS(projectRef) {
             };
             break;
         default:
-            defaultEntitlements = {
-                'com.apple.security.cs.disable-library-validation': true,
-                'com.apple.security.cs.allow-dyld-environment-variables': true,
-                'com.apple.security.cs.disable-executable-page-protection': true,
-            };
+            if (projectRef.isSteamBuild) {
+                defaultEntitlements = {
+                    'com.apple.security.cs.disable-library-validation': true,
+                    'com.apple.security.cs.allow-dyld-environment-variables': true,
+                    'com.apple.security.cs.disable-executable-page-protection': true,
+                };
+            }
+            else {
+                defaultEntitlements = {
+                    'com.apple.security.cs.allow-jit': true,
+                    'com.apple.security.cs.allow-unsigned-executable-memory': true,
+                    'com.apple.security.cs.allow-dyld-environment-variables': true,
+                    'com.apple.security.cs.disable-library-validation': true,
+                    'com.apple.security.cs.disable-executable-page-protection': true,
+                };
+            }
             break;
     }
     await fs.promises.writeFile(entitlementsPath, plist.build(defaultEntitlements));
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -25,7 +25,7 @@
     "uuid": "^10.0.0"
   },
   "devDependencies": {
-    "@types/node": "^22.15.21",
+    "@types/node": "^22.15.33",
     "@types/plist": "^3.0.5",
     "@types/semver": "^7.7.0",
     "@types/uuid": "^10.0.0",
diff --git a/src/xcode.ts b/src/xcode.ts
@@ -402,7 +402,7 @@ export async function ArchiveXcodeProject(projectRef: XcodeProject): Promise<Xco
         const entitlementsHandle = await fs.promises.open(projectRef.entitlementsPath, fs.constants.O_RDONLY);
         try {
             const entitlementsContent = await fs.promises.readFile(entitlementsHandle, 'utf8');
-            core.debug(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
+            core.info(`----- Entitlements content: -----\n${entitlementsContent}\n-----------------------------------`);
         } finally {
             await entitlementsHandle.close();
         }
@@ -866,12 +866,23 @@ async function getDefaultEntitlementsMacOS(projectRef: XcodeProject): Promise<vo
             };
             break;
         default:
-            // steam: https://partner.steamgames.com/doc/store/application/platforms#3
-            defaultEntitlements = {
-                'com.apple.security.cs.disable-library-validation': true,
-                'com.apple.security.cs.allow-dyld-environment-variables': true,
-                'com.apple.security.cs.disable-executable-page-protection': true,
-            };
+            if (projectRef.isSteamBuild) {
+                // steam: https://partner.steamgames.com/doc/store/application/platforms#3
+                defaultEntitlements = {
+                    'com.apple.security.cs.disable-library-validation': true,
+                    'com.apple.security.cs.allow-dyld-environment-variables': true,
+                    'com.apple.security.cs.disable-executable-page-protection': true,
+                };
+            } else {
+                // use default hardened runtime entitlements
+                defaultEntitlements = {
+                    'com.apple.security.cs.allow-jit': true,
+                    'com.apple.security.cs.allow-unsigned-executable-memory': true,
+                    'com.apple.security.cs.allow-dyld-environment-variables': true,
+                    'com.apple.security.cs.disable-library-validation': true,
+                    'com.apple.security.cs.disable-executable-page-protection': true,
+                };
+            }
             break;
     }
     await fs.promises.writeFile(entitlementsPath, plist.build(defaultEntitlements));

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ jobs:`
`84`	`84`	`}`
`85`	`85`	`}`
`86`	`86`	`shell: pwsh`
`87`		`- - uses: buildalon/activate-unity-license@development`
	`87`	`+ - uses: buildalon/activate-unity-license@v1`
`88`	`88`	`with:`
`89`	`89`	`license: 'Personal'`
`90`	`90`	`username: ${{ secrets.UNITY_USERNAME }}`