Created attachment 420090 [details] Patch

<rdar://problem/74153806>

Comment on attachment 420090 [details] Patch r=me

Created attachment 420208 [details] Patch

Comment on attachment 420208 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=420208&action=review LGTM but it would be good to get more reviewers to take a look at this. > Source/JavaScriptCore/ChangeLog:10 > + We need to add this entitlement only when building it on macOS 120000 or upper version. /upper/higher/ > Source/JavaScriptCore/ChangeLog:14 > + This patch follows to r248164's way: we must not use CODE_SIGN_ENTITLEMENTS because XCode inserts implicit code-signing /follows to r248164/follows r248164/ > Source/WTF/ChangeLog:9 > + Enable JIT_CAGE when macOS is 120000 or upper with ARM64E. /upper/higher/ > Source/WebKit/ChangeLog:9 > + We need to add this entitlement only when building it on macOS 120000 or upper version. /upper/higher/ > Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:11345 > + name = "Generate Entitlements"; Can this have a different name? Maybe "Generate jsc Entitlements"? Or does it have to be this exact string? > Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:11365 > + name = "Generate Entitlements"; Ditto. Maybe "Generate testapi entitlements"?

Comment on attachment 420208 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=420208&action=review >> Source/JavaScriptCore/ChangeLog:10 >> + We need to add this entitlement only when building it on macOS 120000 or upper version. > > /upper/higher/ Fixed. >> Source/JavaScriptCore/ChangeLog:14 >> + This patch follows to r248164's way: we must not use CODE_SIGN_ENTITLEMENTS because XCode inserts implicit code-signing > > /follows to r248164/follows r248164/ Fixed. >> Source/WTF/ChangeLog:9 >> + Enable JIT_CAGE when macOS is 120000 or upper with ARM64E. > > /upper/higher/ Fixed. >> Source/WebKit/ChangeLog:9 >> + We need to add this entitlement only when building it on macOS 120000 or upper version. > > /upper/higher/ Fixed. >> Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:11345 >> + name = "Generate Entitlements"; > > Can this have a different name? Maybe "Generate jsc Entitlements"? Or does it have to be this exact string? I think this is ok since this is a build phase inside "jsc" target. When building, we can see that this "Generate Entitlements" is running inside "jsc" build target. And the other build phases (compile, linking etc.) does not include "jsc" name too. >> Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:11365 >> + name = "Generate Entitlements"; > > Ditto. Maybe "Generate testapi entitlements"? Ditto. > Source/JavaScriptCore/Scripts/process-entitlements.sh:27 > + plistbuddy Add :com.apple.rootless.storage.JavaScriptCore bool YES > + mac_process_jsc_entitlements This needs to be inside `if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]` fixed. > Source/JavaScriptCore/Scripts/process-entitlements.sh:61 > + plistbuddy Add :com.apple.rootless.storage.JavaScriptCore bool YES This is not necessary. fixed.

Created attachment 420212 [details] Patch

Landing

Committed r272831 (234067@main): <https://commits.webkit.org/234067@main>

Comment on attachment 420212 [details] Patch For what it's worth, I think this looks correct. It would be good to have someone like Mitz look at the xcconf magic, but I can't see anything concerning.

Re-opened since this is blocked by bug 221907

Created attachment 420444 [details] Patch

Comment on attachment 420444 [details] Patch LGTM.

Committed r272922: <https://commits.webkit.org/r272922> All reviewed patches have been landed. Closing bug and clearing flags on attachment 420444 [details].