Created attachment 313010 [details] Patch v1

(In reply to David Kilzer (:ddkilzer) from comment #1) > Created attachment 313010 [details] > Patch v1 https://bugs.webkit.org/attachment.cgi?id=313010&action=review Review ping.

Comment on attachment 313010 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=313010&action=review > Source/WebKit2/Configurations/BaseXPCService.xcconfig:71 > +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_$(WK_EMPTY_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT))); > +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_ = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO); > +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT); > +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = $(WK_RELOCATABLE_FRAMEWORKS); I realize this is code you are just moving, but this is recursive in a way I don't really understand because it is so complex. I also don't see what what impact the WK_EMPTY has. It seems to me that the answer here is YES only if WK_RELOCATABLE_FRAMEWORKS. If so, can we simplify this to one of the productions below? The sweetest: WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_RELOCATABLE_FRAMEWORKS); The middle ground: WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_$(WK_RELOCATABLE_FRAMEWORKS)); WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = YES; The worst case: WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_$(WK_RELOCATABLE_FRAMEWORKS)); WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_ = NO; WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO = NO; WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = YES;

Comment on attachment 313010 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=313010&action=review While this may achieve the desired results, semantically it is completely wrong. > Source/WebKit2/Configurations/BaseXPCService.xcconfig:45 > +OTHER_CODE_SIGN_FLAGS[sdk=macosx*] = $(WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS); It doesn’t make sense for the code signing flags for something that doesn’t need to domain extension entitlement to be defined in terms of the domain extension code signing flags. >> Source/WebKit2/Configurations/BaseXPCService.xcconfig:71 >> +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_$(WK_EMPTY_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT))); >> +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_ = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO); >> +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT); >> +WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = $(WK_RELOCATABLE_FRAMEWORKS); > > I realize this is code you are just moving, but this is recursive in a way I don't really understand because it is so complex. I also don't see what what impact the WK_EMPTY has. > > It seems to me that the answer here is YES only if WK_RELOCATABLE_FRAMEWORKS. If so, can we simplify this to one of the productions below? > > The sweetest: > > WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_RELOCATABLE_FRAMEWORKS); > > The middle ground: > > WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_$(WK_RELOCATABLE_FRAMEWORKS)); > WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = YES; > > The worst case: > > WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_$(WK_RELOCATABLE_FRAMEWORKS)); > WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_ = NO; > WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO = NO; > WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = YES; It doesn’t make sense for something pertaining to the Web Content service to be defined in the generic XPC service configuration settings file. > Source/WebKit2/Configurations/DebugRelease.xcconfig:55 > +OTHER_CODE_SIGN_FLAGS = ; How does this work?

We can do it for all production builds (Safari Technology Preview, Safari releases, and macOS releases). Patch forthcoming.

Created attachment 332279 [details] Enable Library Validation

Comment on attachment 332279 [details] Enable Library Validation r=me

Comment on attachment 332279 [details] Enable Library Validation Clearing flags on attachment: 332279 Committed r227618: <https://trac.webkit.org/changeset/227618>

All reviewed patches have been landed. Closing bug.