Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

macOS Catalina complains repeatedly about an unverified developer #334

Open
tivvit opened this issue Jan 16, 2020 · 26 comments
Open

macOS Catalina complains repeatedly about an unverified developer #334

tivvit opened this issue Jan 16, 2020 · 26 comments

Comments

@tivvit
Copy link

@tivvit tivvit commented Jan 16, 2020

Screenshot 2020-01-16 at 19 49 25

How can I overcome this?

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Jan 22, 2020

I've got stuck with this as well. I'm pretty new to macOS and looking for a good replacement from manictimer which I used on Windows.

I went through all of the executables in the main folder and all the dyn libs; by going to the context menu, clicking open, and open on the dialog to bypass gatekeeper.

But after that it complained about ./PyQt5/QtCore.so not being verified, which can't be done via the open method above.

I've tried to do it via the terminal instead, using spctl --add /Path/To/Application.app and I did it by dragging the file onto terminal to ensure that the path was correct.

It asked for my password which I supplied via touchid, but it didn't make any difference the next time I tried to run aw-qt.

I'm stuck!

@RobertoMaurizzi

This comment has been minimized.

Copy link

@RobertoMaurizzi RobertoMaurizzi commented Jan 25, 2020

I had/have it running on Catalina but the dialogs I got were a bit different:

  1. start ./aw-qt
  2. It'll show a dialog saying something like "Sorry, no signature, I won't run this at all, move to bin" (there was no Open button, or it was greyed out)
  3. After you get this go in "System Preferences / Security & Privacy / General": you'll see text close to the bottom of the window mentioning the offending file and a button to allow execution
    2a) The first time only, before clicking the allow button, CLICK THE ICON TO BECOME ADMIN and type your password. If you don't the button will click, but it won't have any effect nor show any error (because Apple UX testing is sooo gooood :-p )
  4. Click the "Allow" button in the Security & Privacy window. Keep its window open.
  5. Your only option now is to cancel the existing error dialog then run again ./aw-qt
  6. This time around you'll get a dialog with a clickable "Open" button. Click it. After you click, you'll get another error dialog for a new binary with the only option to cancel or move to bin, just the same as in point 1). Press Cancel.
  7. go back to 2) and repeat until you don't get any dialogs and it'll work. For me that was about 50 times...

If instead you're getting dialogs with an active "Open" button, I'd expect that you'll get around 50 of them (each asking for a different file) then aw-qt will start.

I do think that install everything in a user-created virtual environment should avoid all these problems, at least until Apple makes impossible to compile your own Python and/or use pyenv. At that point I'll be time for me to start again using a different OS.

@tivvit

This comment has been minimized.

Copy link
Author

@tivvit tivvit commented Jan 27, 2020

Maybe it would be better to run the server in docker?

Next, it would be nice to pack the monitoring script differently (to use system libraries). But I do not know if this is possible and if the maintainer is willing to do it.

I am willing to help, but I have to examine the project and why is it distributed like this.

@johan-bjareholt

This comment has been minimized.

Copy link
Member

@johan-bjareholt johan-bjareholt commented Jan 27, 2020

@tivvit
Running the server in docker would eat up a lot of RAM and make the installation more complicated, if someone wants to do it themselves that's fine but having it as the recommended way to run ActivityWatch is out of the question. It's not even technically possible to run aw-qt or the watchers inside docker. Docker is not made for user applications and is a bad fit unless you only want to host aw-server.

It is not possible to use system libraries because we use python and qt. The built-in python version in macOS is over a decade old and qt is not available.

There are improvements to the packaging of ActivityWatch for macOS to make it into an app bundle, go to the aw-qt to see the progress on that. Not sure if it solves any of these permission issues though.

@ErikBjare

This comment has been minimized.

Copy link
Member

@ErikBjare ErikBjare commented Jan 28, 2020

We have a .app bundle almost ready here: #327

I also recently got an old MBP 2010 but I don't have Catalina running on it. However, the moment we have the PR merged I can give you a download to test out. If that's not enough, I will investigate registering with Apple to properly sign the .app.

@RobertoMaurizzi

This comment has been minimized.

Copy link

@RobertoMaurizzi RobertoMaurizzi commented Jan 31, 2020

Just today (while fighting with Logitech's device manager app that apparently forgets to tell you to give Input Monitoring permissions) I noticed that in Security & Privacy under Privacy there's a Developer Tools entry (on my Mac containing only Terminal) that apparently "Allows the apps below to run software locally that does not meet the system's policy".
That said, I can't wait for the offical .app, thanks @xylix :-D

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Feb 15, 2020

@tivvit @rtpHarry @RobertoMaurizzi

Update: I have now updated my macOS to Catalina and (at least) the newest master works as expected after code signing with a self-made certificate. If you want to sign yourself, these instructions should be enough, expect change the codesign arguments to:

codesign --deep -s "your new cert" /Applications/ActivityWatch.app

If anyone is interested you can try my self signed version from here. It is not an official build, but I will help you debug macOS specific issues with this build or any self-built version, so we can get ActivityWatch on macOS working as smooth as possible :).

I'm working on getting the code signing to work in our CI, but it will take some time.

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Feb 18, 2020

I tried the self-signed version on your Google drive but that didn't work:

image

Will investigate the other option.

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Mar 1, 2020

Sorry about the problems, but progress is being made. The problem with the .zip was my zipping tools messing up some metadata which made the signature invalid.

@rtpHarry A new signed dmg is here https://drive.google.com/open?id=1KPNPIND8jGFVq21fAoV7KICLadP3Nwg- .

Try it out if you can. CI support is still in progress.

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 1, 2020

Aww yissss! :) It has installed and opened. It seems to be collecting data. I've given it the permissions it wants. I'll report back after a few days usage.

@tivvit

This comment has been minimized.

Copy link
Author

@tivvit tivvit commented Mar 9, 2020

works for me

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Mar 11, 2020

We'll be releasing an official 0.9 very soon with a signed dmg. Thanks to everyone who helped me test the catalina signed versions :)

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Mar 15, 2020

Have any of you running the .app had issues with window titles not being recorded? (issue #376)

Screenshot 2020-03-15 at 19 17 05

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 15, 2020

Not had that problem, no

@pqrth pqrth mentioned this issue Mar 19, 2020
9 of 10 tasks complete
@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 19, 2020

is it possible to get this build to auto start on load? I can't find a setting or anything in the properties of the .app

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 19, 2020

oops brain is not working, didn't google it first (https://www.idownloadblog.com/2015/03/24/apps-launch-system-startup-mac/)

@vitorgalvao

This comment has been minimized.

Copy link

@vitorgalvao vitorgalvao commented Mar 20, 2020

I’m not a user of this software, but this is being submitted to Homebrew Cask and I was interested in the self-signing approach.

Self-signed certificates are not meant to be accepted by Gatekeeper, and sure enough this still doesn’t seem to fix the issue in the top post.

I’ve tried both the DMG on the 0.9.0 release and the one on Google Drive on a clean VM. They still report this as being from an unidentified developer and behave like any unsigned download.

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Mar 20, 2020

@vitorgalvao Yes the .dmg needs the user to manually "open anyway" through the security menu. After that there should be no more popups on future openings of the application, which is the best result we could get through self signing.

@vitorgalvao

This comment has been minimized.

Copy link

@vitorgalvao vitorgalvao commented Mar 20, 2020

which is the best result we could get through self signing.

Which is the same result you get from an app that isn’t signed. That’s the point I was making: self-signing does nothing in this context (except more work for you).

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Mar 20, 2020

Oh. I'll test an unsigned .dmg then.

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Mar 21, 2020

Did a new build and confirmed self-signing the .dmg doesn't make a difference.

@ErikBjare usage of the .app is possible on Catalina without signing, but the warnings will always happen if we don't get the official apple developer license.

This issue's original problem which was that all the script files contained in the /activitywatch folder needed to be given permission one at a time is fixed with the .dmg / .app packaging though.

vitorgalvao pushed a commit to Homebrew/homebrew-cask that referenced this issue Mar 21, 2020
Self signed macOS packaged app is released starting from v0.9.0
see ActivityWatch/activitywatch#334
@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 29, 2020

@xylix yes I am getting the no titles being recorded issue now. Still running the same custom build that you gave me.

One thing I changed was to make the app auto load on startup. Could it be that it gets some different permissions when loaded this way?

I have also installed the latest macos update that came out, but I suppose that's unlikely the culprit if you have been experiencing it before then.

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 29, 2020

Hmm I just looked through the logs and it seems like the last title it recorded was me starting the latest catalina system update:

image

@xylix

This comment has been minimized.

Copy link
Contributor

@xylix xylix commented Mar 30, 2020

@rtpHarry Good info. As a possible fix, could you try removing ActivityWatch from your allowed accessibility permissions and re-adding it?

I'm also working on a clearer "missing permissions reporting" over at aw-watcher-window, but it'll take some time to be ready for use.

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 30, 2020

Good call! That restores the titles, yes:

image

@rtpHarry

This comment has been minimized.

Copy link

@rtpHarry rtpHarry commented Mar 31, 2020

fyi the same issue happened when I went to the site and downloaded the 0.9.2 dmg and installed it - no titles until I removed and re-added accessibility permissions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.