codesigning and app permissions for programs that need filesystem access

Nathaniel W Griswold nate at
Sat Apr 24 00:12:37 UTC 2021

Do apps like emacs need to be ad-hoc codesigned to access privileged folders like Documents?

The first time i installed the emacs-app-devel subport, it prompted me the first time i used it for accessibility control and access to folders like ~/Documents. Everything worked fine.

But then i upgraded it and find-file started failing when accessing ~/Documents. The gui open still worked, though. I noticed in the system console errors that tccd was having trouble transferring info in the system databases about the app, so i ad-hoc codesigned and relaunched, and it reprompted me for access and everything started working as normal again.

But did i have to do this? Are features like access to ~/Documents supposed to work without code signing? I did notice some errors in the console about a missing file /private/var/db/DetachedSignatures (what i understand from googling to be a system sqlite db). I think this might be used for unsigned apps that need features like this, like for this exact situation, but i don’t have it on my system for some reason and these errors don’t cause it to be created.

Anyone know about this?


More information about the macports-dev mailing list