codesigning and app permissions for programs that need filesystem access

Nathaniel W Griswold nate at manicmind.earth
Sat Apr 24 15:49:22 UTC 2021


I guess my intent in asking this was to ask: does macports ever ad-hoc codesign packages? Is there ever a case that is necessary? Googling didn’t yield much discussion about it.

The reason i asked the question is because i couldn’t get the specific port i was using to work as it did before i upgraded it without a manual codesign.

Thanks

Nate

> On Apr 23, 2021, at 7:12 PM, Nathaniel W Griswold <nate at manicmind.earth> wrote:
> 
> Do apps like emacs need to be ad-hoc codesigned to access privileged folders like Documents?
> 
> The first time i installed the emacs-app-devel subport, it prompted me the first time i used it for accessibility control and access to folders like ~/Documents. Everything worked fine.
> 
> But then i upgraded it and find-file started failing when accessing ~/Documents. The gui open still worked, though. I noticed in the system console errors that tccd was having trouble transferring info in the system databases about the app, so i ad-hoc codesigned Emacs.app and relaunched, and it reprompted me for access and everything started working as normal again.
> 
> But did i have to do this? Are features like access to ~/Documents supposed to work without code signing? I did notice some errors in the console about a missing file /private/var/db/DetachedSignatures (what i understand from googling to be a system sqlite db). I think this might be used for unsigned apps that need features like this, like for this exact situation, but i don’t have it on my system for some reason and these errors don’t cause it to be created.
> 
> Anyone know about this?
> 
> Nate



More information about the macports-dev mailing list