Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8f1f5a27db3d8bfef9db2aae60b6b841cb9dd8e1
https://github.com/WebKit/WebKit/commit/8f1f5a27db3d8bfef9db2aae60b6b841cb9dd8e1
Author: Brent Fulgham <[email protected]>
Date: 2026-05-15 (Fri, 15 May 2026)
Changed paths:
M Configurations/CommonBase.xcconfig
M Configurations/WebKitProjectPaths.xcconfig
M Source/JavaScriptCore/Configurations/Base.xcconfig
A Source/JavaScriptCore/Configurations/LLIntExtractor.xcconfig
M Source/JavaScriptCore/Configurations/libJavaScriptCore.xcconfig
M Source/JavaScriptCore/DerivedSources-input.xcfilelist
M Source/JavaScriptCore/DerivedSources.make
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/WTF/Configurations/Base.xcconfig
M Source/WebCore/Configurations/Base.xcconfig
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebGPU/WebGPU.xcodeproj/project.pbxproj
M Source/WebInspectorUI/Configurations/Base.xcconfig
M Source/WebKit/Configurations/Base.xcconfig
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Source/WebKitLegacy/WebKitLegacy.xcodeproj/project.pbxproj
M Source/WebKitLegacy/mac/Configurations/Base.xcconfig
M Source/WebKitLegacy/scripts/postprocess-header-rule
Log Message:
-----------
Build WebKit with ENABLE_USER_SCRIPT_SANDBOXING=YES
https://bugs.webkit.org/show_bug.cgi?id=313032
<rdar://problem/90190559>
Reviewed by Elliott Williams.
Enable Xcode's user script sandboxing across WTF, JavaScriptCore, WebCore,
WebKit,
and WebKitLegacy. When sandboxing is enabled, Xcode can run Copy Headers phases
in
parallel with script phases instead of serializing them, improving build
parallelism.
The sandbox restricts script phases to reading declared inputs and writing
declared
outputs. This required three categories of fixes:
1. Script phases that need broad file system access (code generation,
validation
scripts, entitlement processing) are excluded from sandboxing by name
using the
EXCLUDED_USER_SCRIPT_SANDBOXING_PHASE_NAMES build setting.
2. Build rules that invoke `postprocess-header-rule` now declare their
WebKitAdditions
script dependencies (when present) as inputFiles, allowing the sandbox to
grant
read access.
JavaScriptCore's LLInt-related targets (libJavaScriptCore,
JSCLLIntSettingsExtractor,
JSCLLIntOffsetsExtractor) require target-level sandbox overrides because their
offline
assembler build rules dynamically include generated .asm files from
DerivedSources
that cannot be enumerated as inputFiles.
Additionally, undeclared script dependencies were added across all projects:
* Tools/Scripts check scripts declared as inputPaths.
* Scripts/check-xcfilelists.sh declared as inputPaths.
* Cryptex symlink phases declare output paths.
* WebCore's SourcesCocoaInternalSDK.txt declared as input to 'Generate
Unified Sources'.
* JSC's `postprocess-header-rule` declares its script in inputFiles.
This change adopts $(WK_WEBKITADDITIONS_HEADERS_FOLDER_PATH), instead of the
existing
$(BUILT_PRODUCTS_DIR)$(WK_LIBRARY_HEADERS_FOLDER_PATH)/WebKitAdditions, since
the former
cleanly handles our Internal and Open Source build environments so that we can
safely
declare project dependencies.
Finally, WebKitLegacy's header handling is modified to match the WebKit
frameworks
header processing. This allows us to opt it into the script sandbox, and to
allow Xcode
to handle dependency checks to decide which files need copying.
* Configurations/CommonBase.xcconfig:
* Configurations/WebKitProjectPaths.xcconfig:
* Source/JavaScriptCore/Configurations/Base.xcconfig:
* Source/JavaScriptCore/Configurations/LLIntExtractor.xcconfig: Added.
* Source/JavaScriptCore/Configurations/libJavaScriptCore.xcconfig:
* Source/JavaScriptCore/DerivedSources-input.xcfilelist:
* Source/JavaScriptCore/DerivedSources.make:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/WTF/Configurations/Base.xcconfig:
* Source/WebCore/Configurations/Base.xcconfig:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebGPU/WebGPU.xcodeproj/project.pbxproj:
* Source/WebInspectorUI/Configurations/Base.xcconfig:
* Source/WebKit/Configurations/Base.xcconfig:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKitLegacy/WebKitLegacy.xcodeproj/project.pbxproj:
* Source/WebKitLegacy/mac/Configurations/Base.xcconfig:
* Source/WebKitLegacy/scripts/postprocess-header-rule:
Canonical link: https://commits.webkit.org/313328@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
