mirror of
https://github.com/Foundry376/Mailspring.git
synced 2026-03-22 11:32:46 +01:00
15109bc73f
* Fix nested mailsync executable failing to launch due to provisioning profile mismatch The app's provisioning profile was applied globally to all binaries in the bundle, including mailsync. macOS validates provisioning profiles against bundle IDs, so mailsync (which has no matching bundle ID) was rejected at launch. Use the optionsForFile callback to apply the provisioning profile only to the main app binary, and sign mailsync with its own minimal child entitlements and no provisioning profile. https://claude.ai/code/session_013MHyYDoXFwEcGKD5mV2vEa * Address PR feedback: fix provisioningProfile placement and child entitlements 1. Restore provisioningProfile to top-level osxSign config. The field is part of OnlySignOptions, not PerFileSignOptions — @electron/osx-sign's mergeOptionsForFile() silently discards it from optionsForFile returns. The profile is embedded once at Contents/embedded.provisionprofile. 2. Remove allow-unsigned-executable-memory from child entitlements. mailsync is a compiled C++ binary that does not need unsigned executable memory permissions. Only network.client is required. 3. Simplify optionsForFile to a single return with a ternary for the entitlements path selection. https://claude.ai/code/session_013MHyYDoXFwEcGKD5mV2vEa * Apply child entitlements to both mailsync and mailsync.bin The mailsync executable may be shipped with a .bin extension. Match both filenames when selecting entitlements during code signing. https://claude.ai/code/session_013MHyYDoXFwEcGKD5mV2vEa --------- Co-authored-by: Claude <noreply@anthropic.com>