Add support for macos sandbox mode
Unversal DMG for testing To test: This krita.app runs in sandboxed mode as instructed by the embedded entitlements. No special procedure is needed to trigger the behaviour, use it normally. To test fresh sandbox environment: delete all Krita (or from terminal, directories named org.krita) from ~/Library/Containers.
This version should allow to work with krita normally on a sanboxed environment.
The code design might need a bit of refactor. Im not happy with the long class name so I probably end up renaming to KisMacosSandboxHelper and probably I would end up adding it to another class instead of using a singleton.
There is a lot still missing so I will list it here
- (trivial) Sandbox permissions are all handled by
NSOPenPanel, as such using non native file chooser should be disabled - Update informative text for asking directory permissions: As permissions are handled recursively in directories, we ask the user to give us permission to the directory they want us to open full accesss to krita. We can work without it, but backups are stored to
~/Library/Container/Krita/Data/tmpand document versions and backups would need to show anQFileDialog - Code to handle backup and document versions
- bundle ffmpeg require special entitlements Embedding a cmd line helper app
- QSharedMemory default mode cannot work on sandboxed apps, we should move to POSIX from System V Shared memory, at least on macos.
Sandboxed applications on Apple platforms (including apps shipped through the Apple App Store): This environment requires the use of POSIX shared memory (instead of System V shared memory). QSharedMemory Docs
- (desired) Missing real test for
container-migration.plist, this plist copies the files from non sandboxed environments to the sandbox Container, it would be ideal to have it at least for kritarc, and kritadisplayrc. - After migrating kritarc, code to delete, or ask permission for, recent files from the list. Fresh krita has no permissions to read those files.