diff --git a/.ci/build.sh b/.ci/build.sh
index e26bbe8bf..8e26bf6cb 100755
--- a/.ci/build.sh
+++ b/.ci/build.sh
@@ -472,7 +472,7 @@ then
 		mv "archive_tmp_universal/$merge_src.app" "$app_bundle_name"
 
 		# Sign final app bundle.
-		arch -"$(uname -m)" codesign --force --deep -s - "$app_bundle_name"
+		arch -"$(uname -m)" codesign --force --deep -s - -o runtime --entitlements src/mac/entitlements.plist --timestamp "$app_bundle_name"
 
 		# Create zip.
 		echo [-] Creating artifact archive
@@ -905,7 +905,7 @@ then
 		fi
 
 		# Sign app bundle, unless we're in an universal build.
-		[ $skip_archive -eq 0 ] && codesign --force --deep -s - "archive_tmp/"*".app"
+		[ $skip_archive -eq 0 ] && codesign --force --deep -s - -o runtime --entitlements src/mac/entitlements.plist --timestamp "archive_tmp/"*".app"
 	elif [ "$BUILD_TAG" = "precondition" ]
 	then
 		# Continue with no app bundle on a dry build.
diff --git a/src/mac/CMakeLists.txt b/src/mac/CMakeLists.txt
index 0562ca01d..c88ddf097 100644
--- a/src/mac/CMakeLists.txt
+++ b/src/mac/CMakeLists.txt
@@ -52,4 +52,4 @@ set_target_properties(86Box
 
 #set(XCODE_ATTRIBUTE_CODE_SIGNING_REQUIRED "YES")
 #set(XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "-")
-#set(XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS ${CMAKE_CURRENT_SOURCE_DIR}/mac/codesign/dev/app.entitlements)
+#set(XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS ${CMAKE_CURRENT_SOURCE_DIR}/mac/entitlements.plist)
diff --git a/src/mac/entitlements.plist b/src/mac/entitlements.plist
new file mode 100644
index 000000000..59a80495d
--- /dev/null
+++ b/src/mac/entitlements.plist
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+</dict>
+</plist>