timamsk/OpenCore-Legacy-Patcher
1
0
Fork 0
mirror of https://github.com/dortania/OpenCore-Legacy-Patcher.git synced 2026-04-11 16:27:19 +10:00
Code Issues Packages Projects Releases Wiki Activity

Add Privileged Helper Tool Documentation

Browse Source
This commit is contained in:
Mykola Grymalyuk
2024-05-28 12:59:49 -06:00
parent fdfc86e0d6
commit b27e349952
2 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGELOG.md
View File

@@ -18,6 +18,21 @@
- Removes OS logging
- Disable usage of `OpenLegacyBoot.efi`
- Resolves boot issues on certain CSM-based Macs
- Implement new PKG-based installer
- `OpenCore-Patcher.pkg` is now the recommended method for installation
- `OpenCore-Patcher-Uninstaller.pkg` is now available for uninstallation
- Note this only removes the application, not any patches applied
- `OpenCore-Patcher-GUI.app.zip` is deprecated and will be removed in future versions
- Implement new Privileged Helper Tool
- Removes need for password prompts when installing patches, creating installers, etc.
- Installed at `/Library/PrivilegedHelperTools/com.dortania.opencore-legacy-patcher.privileged-helper`
- No launch services required
- For running from source, recompile tool with debug configuration (`make debug`)
- Resolve OpenCore-Patcher.app window not appearing as topmost window on launch
- Reworked CI tooling:
- New build script with reworked parameters: `Build-Project.command`
- Remove reliance on WhiteBox's Packages for AutoPkg creation
- Now implements `pkgbuild` and `productbuild` for package creation through `macOs-Pkg-Builder` Python module
- Increment Binaries:
- OpenCorePkg 1.0.0 - release

34
ci_tooling/privileged_helper_tool/README.md Normal file
View File

@@ -0,0 +1,34 @@
# OpenCore Legacy Patcher Privileged Helper Tool
`com.dortania.opencore-legacy-patcher.privileged-helper` is OpenCore Legacy Patcher's Privileged Helper Tool.
The architecture is as such:
1. The main application (OpenCore-Patcher.app) will send arguments to the privileged helper tool to execute.
2. The privileged helper tool will check the code signature of the main application to ensure it is signed by Dortania.
3. The privileged helper tool will then execute the command and return the output to the main application.
The helper tool is able to execute code as root by using the "Set UID" bit present on the file.
## Running from source
Since running OpenCore Legacy Patcher from source will lack Dortania's code signature, you will need to disable code signature verification in the privileged helper tool otherwise root commands will fail.
To do so, compile the privileged helper tool with debug:
```
make debug
```
Then when you build OpenCore-Patcher.pkg, the debug version of the helper tool will be used.
### Security Considerations
When using the Privileged Helper Tool from source, you are now adding a security risk to your system. By disabling the code signature checks, any malicious application is given ability to execute code as root.
If possible, we highly recommend creating a developer account with Apple and signing the application with your own ["Developer ID Application" certificate](https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates/). This will allow you to run the application without disabling code signature checks.
* Note that Dortania's Team ID will need to be replaced in main.m with your own Team ID (`S74BDJXQMD` -> `YOUR_TEAM`)
* Additionally you will be required to compile OpenCore-Patcher.app with your own Developer ID Application certificate
If this is not possible, we recommend using [OpenCore Legacy Patcher's prebuilt binaries](../../SOURCE.md) instead.