#!/bin/bash
set -e
echo "=== Resigning Rekordbox with get-task-allow ==="
echo ""
echo "This will:"
echo " 1. Extract current Rekordbox entitlements"
echo " 2. Add get-task-allow entitlement"
echo " 3. Remove Apple's notarization and re-sign"
echo ""
echo "WARNING: Rekordbox will no longer be notarized by Apple after this."
echo " You may get security warnings when launching it."
echo ""
read -p "Continue? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Cancelled."
exit 1
fi
echo ""
echo "Step 1: Extracting current entitlements from Rekordbox..."
TEMP_ENTITLEMENTS=$(mktemp ./rekordbox_entitlements.XXXXXX.plist)
# Check if Rekordbox is signed
if codesign -d "/Applications/rekordbox 7/rekordbox.app" 2>&1 | grep -q "code object is not signed"; then
echo "✗ Rekordbox is already unsigned"
echo ""
echo "This script can only extract entitlements from a signed Rekordbox."
echo "To fix this:"
echo " 1. Reinstall Rekordbox from Pioneer's website"
echo " 2. Run this script again before launching Rekordbox"
echo ""
echo "Alternatively, if you know Rekordbox already has get-task-allow,"
echo "you don't need to run this script again."
rm "$TEMP_ENTITLEMENTS"
exit 1
fi
# Extract existing entitlements
if ! codesign -d --entitlements :- "/Applications/rekordbox 7/rekordbox.app" 2>/dev/null > "$TEMP_ENTITLEMENTS"; then
echo "✗ Failed to extract entitlements from Rekordbox"
echo " Make sure Rekordbox is installed at: /Applications/rekordbox 7/rekordbox.app"
rm "$TEMP_ENTITLEMENTS"
exit 1
fi
echo "✓ Extracted existing entitlements"
# Check if get-task-allow is already present
if grep -q "com.apple.security.get-task-allow" "$TEMP_ENTITLEMENTS"; then
echo "✓ get-task-allow already present in entitlements"
else
echo "Adding get-task-allow to entitlements..."
# Insert get-task-allow before closing
sed -i '' 's|| com.apple.security.get-task-allow\
\
|' "$TEMP_ENTITLEMENTS"
fi
echo ""
echo "Step 2: Removing existing signature (if present)..."
sudo codesign --remove-signature "/Applications/rekordbox 7/rekordbox.app" 2>/dev/null || echo " (No signature to remove)"
echo ""
echo "Step 3: Re-signing with updated entitlements..."
sudo codesign -s - --deep --force --entitlements "$TEMP_ENTITLEMENTS" "/Applications/rekordbox 7/rekordbox.app"
# Clean up temp file
rm "$TEMP_ENTITLEMENTS"
echo ""
echo "Step 4: Verifying new signature..."
if codesign -d --entitlements - "/Applications/rekordbox 7/rekordbox.app/Contents/MacOS/rekordbox" 2>&1 | grep -q "get-task-allow"; then
echo "✓ get-task-allow is present!"
else
echo "✗ Failed to add entitlement"
exit 1
fi
echo ""
echo "Step 5: Testing notarization status..."
spctl -a -vv "/Applications/rekordbox 7/rekordbox.app" 2>&1 || echo "(Rekordbox is no longer notarized - this is expected)"
echo ""
echo "=== Done! ==="
echo ""
echo "Now test:"
echo " 1. Library injection should work (no longer notarized)"
echo " 2. Memory reading should work (has get-task-allow)"
echo ""
echo "Try running: sudo target/release/rkbx_link"