buzzert/Kordophone
Private
Public Access
1
0
Fork 0
Code Packages Activity

server: Update README regarding system setup for private entitlements

Browse Source
This commit is contained in:
James Magahern
2026-06-25 00:26:11 -07:00
parent ad3f1d8356
commit fb6166f7f3
2 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/MessagesBridge.xcodeproj/project.pbxproj
View File

@@ -1081,6 +1081,7 @@
CODE_SIGN_STYLE = Automatic; CODE_SIGN_STYLE = Automatic;
GCC_PREFIX_HEADER = kordophone/KPServer.pch; GCC_PREFIX_HEADER = kordophone/KPServer.pch;
OTHER_LDFLAGS = "-ObjC"; OTHER_LDFLAGS = "-ObjC";
PRODUCT_BUNDLE_IDENTIFIER = net.buzzert.kordophoned;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = macosx; SDKROOT = macosx;
SYSTEM_FRAMEWORK_SEARCH_PATHS = ( SYSTEM_FRAMEWORK_SEARCH_PATHS = (
@@ -1094,10 +1095,12 @@
isa = XCBuildConfiguration; isa = XCBuildConfiguration;
buildSettings = { buildSettings = {
CLANG_ENABLE_MODULES = NO; CLANG_ENABLE_MODULES = NO;
CODE_SIGN_ENTITLEMENTS = "kordophone/kordophoned-RestrictedEntitlements.plist";
CODE_SIGN_IDENTITY = "-"; CODE_SIGN_IDENTITY = "-";
CODE_SIGN_STYLE = Automatic; CODE_SIGN_STYLE = Automatic;
GCC_PREFIX_HEADER = kordophone/KPServer.pch; GCC_PREFIX_HEADER = kordophone/KPServer.pch;
OTHER_LDFLAGS = "-ObjC"; OTHER_LDFLAGS = "-ObjC";
PRODUCT_BUNDLE_IDENTIFIER = net.buzzert.kordophoned;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = macosx; SDKROOT = macosx;
SYSTEM_FRAMEWORK_SEARCH_PATHS = ( SYSTEM_FRAMEWORK_SEARCH_PATHS = (

31
server/README.md
View File

@@ -1,8 +1,36 @@
# Entitlements # Entitlements
You might to enable this default to use private entitlements `kordophoned` uses private Messages/imagent entitlements from
`kordophone/kordophoned-RestrictedEntitlements.plist`. When it is ad hoc signed,
macOS may refuse to launch it with:
```
The file is adhoc signed but contains restricted entitlements
```
For local development, enable private entitlement validation and the AMFI boot
argument, then reboot:
``` ```
sudo defaults write /Library/Preferences/com.apple.security.coderequirements Entitlements -string always sudo defaults write /Library/Preferences/com.apple.security.coderequirements Entitlements -string always
sudo nvram boot-args="amfi_get_out_of_my_way=1"
```
If `boot-args` already contains other values, preserve them and append
`amfi_get_out_of_my_way=1` instead of overwriting the whole string.
To confirm the settings:
```
sudo defaults read /Library/Preferences/com.apple.security.coderequirements Entitlements
nvram boot-args
```
To undo the AMFI boot argument later, remove it from `boot-args` or delete
`boot-args` entirely if it only contains this value:
```
sudo nvram -d boot-args
``` ```
Maybe a better thing to do is to DYLD_PRELOAD `imagent` and swizzle `IMDAuditTokenTaskHasEntitlement` to always return YES. Maybe a better thing to do is to DYLD_PRELOAD `imagent` and swizzle `IMDAuditTokenTaskHasEntitlement` to always return YES.
@@ -53,4 +81,3 @@ Then run kordophoned with the following option
`kordophone -s -c certificate.p12 -a password.asc` `kordophone -s -c certificate.p12 -a password.asc`
You may need to unlock your GPG keyring (via gpg-agent) when running kordophoned the first time. You may need to unlock your GPG keyring (via gpg-agent) when running kordophoned the first time.