From 9a30bed98c2d8501328006fad5840eb9d533e1c2 Mon Sep 17 00:00:00 2001
From: Trey Smith <trey@fulcrum-acoustic.com>
Date: Thu, 23 Jan 2025 06:14:33 -0500
Subject: [PATCH] fix(macos): frameworks being signed with entitlements
 unnecessarily (#12423)

---
 .changes/framework-entitlements.md            | 5 +++++
 crates/tauri-bundler/src/bundle/macos/sign.rs | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 .changes/framework-entitlements.md

diff --git a/.changes/framework-entitlements.md b/.changes/framework-entitlements.md
new file mode 100644
index 000000000..1e3581176
--- /dev/null
+++ b/.changes/framework-entitlements.md
@@ -0,0 +1,5 @@
+---
+'tauri-cli': 'patch:enhance'
+---
+
+Added conditional logic to MacOS codesigning where only executables get the entitlements file when being signed. This solves an issue where the app may not launch when using 3rd party frameworks if certain entitlements are added. Ex: multicast support (must be applied for through apple developer, and the framework would not have that capability).
\ No newline at end of file
diff --git a/crates/tauri-bundler/src/bundle/macos/sign.rs b/crates/tauri-bundler/src/bundle/macos/sign.rs
index d5bdca52a..e64125025 100644
--- a/crates/tauri-bundler/src/bundle/macos/sign.rs
+++ b/crates/tauri-bundler/src/bundle/macos/sign.rs
@@ -48,9 +48,14 @@ pub fn sign(
   log::info!(action = "Signing"; "with identity \"{}\"", keychain.signing_identity());
 
   for target in targets {
+    let entitlements_path = if target.is_an_executable {
+      settings.macos().entitlements.as_ref().map(Path::new)
+    } else {
+      None
+    };
     keychain.sign(
       &target.path,
-      settings.macos().entitlements.as_ref().map(Path::new),
+      entitlements_path,
       target.is_an_executable && settings.macos().hardened_runtime,
     )?;
   }