Adding entitlement for unsigned memory executionjm/add_unsigned_memory_entilement_15

ffi loads c code into memory in an unsigned way and this allows workstation
to work with the hardened runtime.

Signed-off-by: Jon Morrow <jmorrow@chef.io>

2 files changed, 13 insertions, 5 deletions

diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index a47f1df8a4..fb30010ecb 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -1,9 +1,9 @@
 GIT
   remote: https://github.com/chef/omnibus
-  revision: d642ae6fd57f4a74846e325fecadebb132069894
+  revision: 5baaf7a1d4ee66a9273e127c7e09ce0bb3b33d90
   branch: master
   specs:
-    omnibus (7.0.1)
+    omnibus (7.0.2)
       aws-sdk-s3 (~> 1)
       chef-cleanroom (~> 1.0)
       chef-sugar (>= 3.3)
@@ -166,9 +166,9 @@ GEM
     erubis (2.7.0)
     faraday (1.0.0)
       multipart-post (>= 1.2, < 3)
-    ffi (1.12.1)
-    ffi (1.12.1-x64-mingw32)
-    ffi (1.12.1-x86-mingw32)
+    ffi (1.12.2)
+    ffi (1.12.2-x64-mingw32)
+    ffi (1.12.2-x86-mingw32)
     ffi-libarchive (1.0.0)
       ffi (~> 1.0)
     ffi-win32-extensions (1.0.3)
diff --git a/omnibus/resources/chef/pkg/entitlements.plist b/omnibus/resources/chef/pkg/entitlements.plist
new file mode 100644
index 0000000000..d6b93bc0b2
--- /dev/null
+++ b/omnibus/resources/chef/pkg/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+  </dict>
+</plist>