Updated MacOS BugSplat handling to pacify gatekeeper

Borrowed from LL: IThe BugsplatMac framework currently causes Gatekeeper popups at viewer start. LL used this code to workaround that. Perhaps it will work for us? The update also ensures that 'strip' keeps enough info for annotated backtraces, making crash logs more useful.
2024-09-06 15:33:44 +01:00 · 2024-09-06 15:33:44 +01:00 · e42e4d0db3
parent 1d4534d115
commit e42e4d0db3
1 changed files with 40 additions and 0 deletions
--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@ -1459,6 +1459,46 @@ class Darwin_x86_64_Manifest(ViewerManifest):
                if self.args.get('bugsplat'):
                    self.path2basename(relpkgdir, "BugsplatMac.framework")

+            with self.prefix(dst="MacOS"):
+                executable = self.dst_path_of(self.channel())
+                if self.args.get('bugsplat'):
+                    # According to Apple Technical Note TN2206:
+                    # https://developer.apple.com/library/archive/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG207
+                    # "If an app uses @rpath or an absolute path to link to a
+                    # dynamic library outside of the app, the app will be
+                    # rejected by Gatekeeper. ... Neither the codesign nor the
+                    # spctl tool will show the error."
+                    # (Thanks, Apple. Maybe fix spctl to warn?)
+                    # The BugsplatMac framework embeds @rpath, which is
+                    # causing scary Gatekeeper popups at viewer start. Work
+                    # around this by changing the reference baked into our
+                    # viewer. The install_name_tool -change option needs the
+                    # previous value. Instead of guessing -- which might
+                    # silently be defeated by a BugSplat SDK update that
+                    # changes their baked-in @rpath -- ask for the path
+                    # stamped into the framework.
+                    # Let exception, if any, propagate -- if this doesn't
+                    # work, we need the build to noisily fail!
+                    oldpath = subprocess.check_output(
+                        ['objdump', '--macho', '--dylib-id', '--non-verbose',
+                         os.path.join(relpkgdir, "BugsplatMac.framework", "BugsplatMac")],
+                        text=True
+                        ).splitlines()[-1]  # take the last line of output
+                    self.run_command(
+                        ['install_name_tool', '-change', oldpath,
+                         '@executable_path/../Frameworks/BugsplatMac.framework/BugsplatMac',
+                         executable])
+
+                # NOTE: the -S argument to strip causes it to keep
+                # enough info for annotated backtraces (i.e. function
+                # names in the crash log). 'strip' with no arguments
+                # yields a slightly smaller binary but makes crash
+                # logs mostly useless. This may be desirable for the
+                # final release. Or not.
+                if ("package" in self.args['actions'] or
+                    "unpacked" in self.args['actions']):
+                    self.run_command(
+                        ['strip', '-S', executable])

            # most everything goes in the Resources directory
            with self.prefix(dst="Resources"):