From 6a33d411c13fbbb2ac2705dce50188a76d3404bf Mon Sep 17 00:00:00 2001
From: Christopher Willis-Ford <cwillisf@media.mit.edu>
Date: Thu, 16 Jan 2020 08:41:54 -0800
Subject: [PATCH] enable hardened runtime for macOS builds

---
 buildResources/entitlements.inherit.plist | 2 ++
 buildResources/entitlements.plist         | 2 ++
 electron-builder.yaml                     | 1 +
 3 files changed, 5 insertions(+)

diff --git a/buildResources/entitlements.inherit.plist b/buildResources/entitlements.inherit.plist
index 8c3993f..a7a925c 100644
--- a/buildResources/entitlements.inherit.plist
+++ b/buildResources/entitlements.inherit.plist
@@ -4,6 +4,8 @@
 <dict>
 <key>com.apple.security.app-sandbox</key>
 <true/>
+<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+<true/>
 <key>com.apple.security.inherit</key>
 <true/>
 </dict>
diff --git a/buildResources/entitlements.plist b/buildResources/entitlements.plist
index 53effcb..44d4e94 100644
--- a/buildResources/entitlements.plist
+++ b/buildResources/entitlements.plist
@@ -4,6 +4,8 @@
 <dict>
 <key>com.apple.security.app-sandbox</key>
 <true/>
+<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+<true/>
 <key>com.apple.security.device.audio-input</key>
 <true/>
 <key>com.apple.security.device.camera</key>
diff --git a/electron-builder.yaml b/electron-builder.yaml
index aaf7c39..999668a 100644
--- a/electron-builder.yaml
+++ b/electron-builder.yaml
@@ -5,6 +5,7 @@ appId: edu.mit.scratch.scratch-desktop
 productName: "Scratch Desktop"
 mac:
   category: public.app-category.education
+  hardenedRuntime: true
   icon: buildResources/ScratchDesktop.icns
   provisioningProfile: embedded.provisionprofile
   target: