Mac Crafter Signing Acceleration #9255
Conversation
i2h3
requested review from
Aiiaiiio,
camilasan,
mgallien and
nilsding
as code owners
github-project-automation
bot
moved this to 🧭 Planning evaluation (don't pick)
in 💻 Desktop Clients team
i2h3
moved this from 🧭 Planning evaluation (don't pick)
to 🏗️ In progress
in 💻 Desktop Clients team
There was a problem hiding this comment.
Pull request overview
This PR implements macOS app sandboxing for the Nextcloud Desktop Client, representing a major architectural change to support modern macOS security requirements. The changes include refactoring File Provider domain management to store domain identifiers directly in account objects rather than in a separate configuration mapping, implementing security-scoped resource access for file dialogs, restructuring code signing to be performed by Mac Crafter after the build, and updating socket paths and entitlements for sandbox compatibility.
Key changes:
- Migrated File Provider domain storage from ConfigFile UUID mappings to direct account properties
- Implemented RAII wrapper (
MacSandboxSecurityScopedAccess) for sandbox file access - Refactored code signing into a new
Signerutility with proper entitlements handling
Reviewed changes
Copilot reviewed 71 out of 71 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/libsync/configfile.h/cpp | Removed UUID-based domain mapping functions, added sandbox migration flag |
| src/libsync/account.h/cpp | Added fileProviderDomainIdentifier property to store domain IDs |
| src/gui/accountmanager.h/cpp | Added methods to manage domain identifiers per account |
| src/gui/macOS/fileproviderdomainmanager.mm | Complete rewrite: simplified domain management, removed legacy UUID mapping logic |
| src/gui/macOS/fileprovidersettingscontroller_mac.mm | Added migration logic for app sandbox, orphaned domain cleanup, missing domain restoration |
| src/gui/socketapi/socketapi_mac.mm | Updated socket path for sandbox compatibility (shortened to "s") |
| src/gui/socketapi/socketapi.cpp | Enhanced error logging, added sandbox security-scoped access for file operations |
| src/gui/generalsettings.cpp | Fixed debug archive creation to use temporary directory and security-scoped access |
| src/gui/folderwizard.cpp | Added automatic folder selection dialog on initialization, sandbox-aware home directory |
| src/gui/addcertificatedialog.cpp | Added security-scoped access for certificate file selection |
| src/common/utility_mac_sandbox.h/mm | New RAII wrapper for macOS security-scoped resource access |
| admin/osx/mac-crafter/Sources/Utils/Signer.swift | New comprehensive signing utility replacing legacy codesigning code |
| shell_integration/MacOSX/NextcloudIntegration/* | Updated bundle IDs, removed manual code signing, updated dependencies |
| admin/osx/macosx.entitlements.cmake | Added app sandbox entitlements |
| doc/macOS-Sandbox-Qt.md | New comprehensive documentation for sandbox support |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
i2h3
force-pushed
the
i2h3/feature/mac-crafter-signing-acceleration
branch
3 times, most recently
from
45da881 to
f8b2942
Compare
|
I changed the destination branch to reduce the diff and review to what actually comes on top of the sandbox branch. |
i2h3
force-pushed
the
i2h3/proper-macos-sandboxing
branch
from
ba98f26 to
6dcc1fd
Compare
i2h3
force-pushed
the
i2h3/feature/mac-crafter-signing-acceleration
branch
from
81754e0 to
f74dbe2
Compare
The app sandbox changes have been merged and now this can be readjusted to merge into |
i2h3
force-pushed
the
i2h3/feature/mac-crafter-signing-acceleration
branch
from
f74dbe2 to
6b1842b
Compare
mgallien
force-pushed
the
i2h3/feature/mac-crafter-signing-acceleration
branch
from
6b1842b to
2ad0b96
Compare
… by signing whole bundles at once and concurrently. - Signing individual frameworks, libraries and bundles as a whole is much faster than signing every contained file individually. - Updated minimum macOS deployment target of mac-crafter to macOS 12. Because we are using Qt 6.9, we already have that as a requirement for our client anyway. So the raise is safe. - The Sparkle framework is now downloaded directly with first-party network API instead of shelling out to wget which is unnecessary. - Concurrent signing: This parallelizes the signing of dynamic libraries and frameworks on the same file system level to leverage available resources and reduce the signing time. - Rebased branch onto i2h3/proper-macos-sandboxing - Removed extension entitlement source files and related build settings from the Xcode project to be build with CMake instead. - Set up CMake to generate the required entitlement manifests by itself to be used later on by Mac Crafter in the code signing. - Updated the mac-crafter build subcommand to rely on URLs instead of path strings. - Updated the mac-crafter build subcommand to reference the entitlement manifests generated by CMake. - Updated the mac-crafter codesign subcommand to require arguments for specifying the entitlement manifests to sign the app extensions. - Updated README of mac-crafter and removed a lot of outdated and redundant information. Signed-off-by: Iva Horn <iva.horn@nextcloud.com>
Signed-off-by: Iva Horn <iva.horn@nextcloud.com>
i2h3
force-pushed
the
i2h3/feature/mac-crafter-signing-acceleration
branch
from
2ad0b96 to
0bb0e32
Compare
|
Artifact containing the AppImage: nextcloud-appimage-pr-9255.zip Digest: To test this change/fix you can download the above artifact file, unzip it, and run it. Please make sure to quit your existing Nextcloud app and backup your data. |
github-project-automation
bot
moved this from 🏗️ In progress
to ☑️ Done
in 💻 Desktop Clients team
|
master.