From 14e917250bebada68e861fd0a979e89b396c86f9 Mon Sep 17 00:00:00 2001
From: Jon Morrow <jmorrow@chef.io>
Date: Sat, 1 Feb 2020 13:44:13 -0800
Subject: [PATCH] Adding entitlement for unsigned memory execution

ffi loads c code into memory in an unsigned way and this allows workstation
to work with the hardened runtime.

Signed-off-by: Jon Morrow <jmorrow@chef.io>
---
 omnibus/Gemfile.lock                            | 10 +++++-----
 omnibus/resources/chefdk/pkg/entitlements.plist |  8 ++++++++
 2 files changed, 13 insertions(+), 5 deletions(-)
 create mode 100644 omnibus/resources/chefdk/pkg/entitlements.plist

diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index b6d6f5b32..6f945b991 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -8,10 +8,10 @@ GIT
 
 GIT
   remote: https://github.com/chef/omnibus.git
-  revision: d642ae6fd57f4a74846e325fecadebb132069894
+  revision: 5baaf7a1d4ee66a9273e127c7e09ce0bb3b33d90
   branch: master
   specs:
-    omnibus (7.0.1)
+    omnibus (7.0.2)
       aws-sdk-s3 (~> 1)
       chef-cleanroom (~> 1.0)
       chef-sugar (>= 3.3)
@@ -166,9 +166,9 @@ GEM
     erubis (2.7.0)
     faraday (1.0.0)
       multipart-post (>= 1.2, < 3)
-    ffi (1.12.1)
-    ffi (1.12.1-x64-mingw32)
-    ffi (1.12.1-x86-mingw32)
+    ffi (1.12.2)
+    ffi (1.12.2-x64-mingw32)
+    ffi (1.12.2-x86-mingw32)
     ffi-libarchive (1.0.0)
       ffi (~> 1.0)
     ffi-win32-extensions (1.0.3)
diff --git a/omnibus/resources/chefdk/pkg/entitlements.plist b/omnibus/resources/chefdk/pkg/entitlements.plist
new file mode 100644
index 000000000..bb87459e7
--- /dev/null
+++ b/omnibus/resources/chefdk/pkg/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+  </dict>
+</plist>
\ No newline at end of file