Hi,
I'm trying to sign/notarize a command line application packaged as .pkg which accesses USB devices through libusb.
When nothing is sign/notarized everything works like a charm and the command line tool can be started without elevated mode (sudo).
Once the binary, its libraries, and the .pkg are signed (hardened runtime set) and finally notarized/stappled with success I noticed that, once the .pkg is installed, the bin/libs are owned by root:wheel. Nobody else can execute it. Means sudo is required to execute the tool, which is obviously not what I need to distribute the software to end-users...
As far as I understand I must have to configure some entitlements when invoking the codesign command. Am I wrong?
If not, before struggling with them I need some advises about which one should I select ?
- com.apple.security.app-sandbox ?
- com.apple.security.device.usb ?
- com.apple.vm.device-access (?)
- others ?
Thanks by advance for your help.