New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Xcode 8 won't load plug-ins #475

Closed
0xced opened this Issue Jun 13, 2016 · 65 comments

Comments

Projects
None yet
@0xced
Contributor

0xced commented Jun 13, 2016

Joe Groff tweet

@fzwob Xcode 8 uses library validation. It won't load in-process plugins anymore.

That鈥檚 very bad news for Alcatraz and the current plug-ins ecosystem. 馃槩

@RobertGummesson

This comment has been minimized.

Show comment
Hide comment
@RobertGummesson

RobertGummesson Jun 14, 2016

Yep, looks like the era of Xcode plug-ins is over. 馃槬 I will personally be looking into porting my ones and hope the extensions are not too limited.

RobertGummesson commented Jun 14, 2016

Yep, looks like the era of Xcode plug-ins is over. 馃槬 I will personally be looking into porting my ones and hope the extensions are not too limited.

@alanhamlett

This comment has been minimized.

Show comment
Hide comment
@alanhamlett

alanhamlett Jun 14, 2016

Contributor

I'm looking for docs on creating Xcode Source Editor Extensions... anyone find them yet?

Xcode 8 adds support for Xcode Source Editor Extensions: Application Extensions provide additional
commands in the Xcode Editor menu. These extensions can manipulate both text and selections. To
create them, use the new Xcode Source Editor Extension target template in the macOS Application
Extensions section when creating a project. (23194974)

I don't have the Xcode Source Editor Extension target template in my Xcode 8 Beta, and these headers are the only thing Google found on the subject:
https://gist.github.com/OdNairy/62de23d6627d518c38fed078a0581046

Also, this video about Using and Extending the Xcode Source Editor:
https://developer.apple.com/videos/play/wwdc2016/414/

Contributor

alanhamlett commented Jun 14, 2016

I'm looking for docs on creating Xcode Source Editor Extensions... anyone find them yet?

Xcode 8 adds support for Xcode Source Editor Extensions: Application Extensions provide additional
commands in the Xcode Editor menu. These extensions can manipulate both text and selections. To
create them, use the new Xcode Source Editor Extension target template in the macOS Application
Extensions section when creating a project. (23194974)

I don't have the Xcode Source Editor Extension target template in my Xcode 8 Beta, and these headers are the only thing Google found on the subject:
https://gist.github.com/OdNairy/62de23d6627d518c38fed078a0581046

Also, this video about Using and Extending the Xcode Source Editor:
https://developer.apple.com/videos/play/wwdc2016/414/

@0xced

This comment has been minimized.

Show comment
Hide comment
@0xced

0xced Jun 14, 2016

Contributor

To create an Xcode Source Editor Extension, you have to add a new target to a project. The Xcode Source Editor Extension template is not available when creating a project.

Unfortunately, as its name imply, a Source Editor Extension only has access to the source code editor part of Xcode. So only a few plug-ins can be rewritten with the new official extension API. 馃槩

Contributor

0xced commented Jun 14, 2016

To create an Xcode Source Editor Extension, you have to add a new target to a project. The Xcode Source Editor Extension template is not available when creating a project.

Unfortunately, as its name imply, a Source Editor Extension only has access to the source code editor part of Xcode. So only a few plug-ins can be rewritten with the new official extension API. 馃槩

@fzwo

This comment has been minimized.

Show comment
Hide comment
@fzwo

fzwo Jun 14, 2016

In his tweets to me, Joe Groff asked for radars for missing functionality, implying that they are interested in giving us a powerful system. So I鈥檇 invite every dev whose plug-in is not supported under the new system to file radars.

f.

Am 14.06.2016 um 10:59 schrieb C茅dric Luthi notifications@github.com:

To create an Xcode Source Editor Extension, you have to add a new target to a project.

Unfortunately, as its name imply, a Source Editor Extension only has access to the source code editor part of Xcode. So only a few plug-ins can be rewritten with the new official extension API. 馃槩


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub #475 (comment), or mute the thread https://github.com/notifications/unsubscribe/AA7w_Z84ugZq3rYCc18nhM4VVz1g9buXks5qLm17gaJpZM4I0xyf.

fzwo commented Jun 14, 2016

In his tweets to me, Joe Groff asked for radars for missing functionality, implying that they are interested in giving us a powerful system. So I鈥檇 invite every dev whose plug-in is not supported under the new system to file radars.

f.

Am 14.06.2016 um 10:59 schrieb C茅dric Luthi notifications@github.com:

To create an Xcode Source Editor Extension, you have to add a new target to a project.

Unfortunately, as its name imply, a Source Editor Extension only has access to the source code editor part of Xcode. So only a few plug-ins can be rewritten with the new official extension API. 馃槩


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub #475 (comment), or mute the thread https://github.com/notifications/unsubscribe/AA7w_Z84ugZq3rYCc18nhM4VVz1g9buXks5qLm17gaJpZM4I0xyf.

@erikolofsson

This comment has been minimized.

Show comment
Hide comment
@erikolofsson

erikolofsson Jun 14, 2016

This is very unfortunate. For the plugins that I need I would suspect a very small portion of the functionality is feasible with the new plugin infrastructure.

A workaround is to remove the signature from Xcode.app. You can do this with https://github.com/steakknife/unsign

erikolofsson commented Jun 14, 2016

This is very unfortunate. For the plugins that I need I would suspect a very small portion of the functionality is feasible with the new plugin infrastructure.

A workaround is to remove the signature from Xcode.app. You can do this with https://github.com/steakknife/unsign

@fzwo

This comment has been minimized.

Show comment
Hide comment
@fzwo

fzwo Jun 14, 2016

@neonichu tweets that the template shows up when adding a new target to an existing macOS project.

fzwo commented Jun 14, 2016

@neonichu tweets that the template shows up when adding a new target to an existing macOS project.

@guillaumealgis

This comment has been minimized.

Show comment
Hide comment
@guillaumealgis

guillaumealgis Jun 14, 2016

Member

@erikolofsson I doubt this would solve the problem. Even if being itself unsigned, Xcode will probably refuse to load unsigned code.
Maybe you could tamper with the extension loading function once Xcode's signature is removed, but that would probably also implies disabling SIP... And well this doesn't seems like a good idea at all.

(Not to mention that we have not much to gain by irritating Apple on this kind of things, and everything to gain by playing nice and providing helpful feedback)

Member

guillaumealgis commented Jun 14, 2016

@erikolofsson I doubt this would solve the problem. Even if being itself unsigned, Xcode will probably refuse to load unsigned code.
Maybe you could tamper with the extension loading function once Xcode's signature is removed, but that would probably also implies disabling SIP... And well this doesn't seems like a good idea at all.

(Not to mention that we have not much to gain by irritating Apple on this kind of things, and everything to gain by playing nice and providing helpful feedback)

@pdcgomes

This comment has been minimized.

Show comment
Hide comment
@pdcgomes

pdcgomes Jun 14, 2016

@guillaume-algis I tired it a couple of hours ago and it did work.

pdcgomes commented Jun 14, 2016

@guillaume-algis I tired it a couple of hours ago and it did work.

@guillaumealgis

This comment has been minimized.

Show comment
Hide comment
@guillaumealgis

guillaumealgis Jun 14, 2016

Member

@pdcgomes you mean unsigning Xcode with https://github.com/steakknife/unsign to make it load arbitrary plugins?
To be honest I'm at work and I did not have time yet to play with the thing much. That was just random thoughts on the matter ;)

Member

guillaumealgis commented Jun 14, 2016

@pdcgomes you mean unsigning Xcode with https://github.com/steakknife/unsign to make it load arbitrary plugins?
To be honest I'm at work and I did not have time yet to play with the thing much. That was just random thoughts on the matter ;)

@pdcgomes

This comment has been minimized.

Show comment
Hide comment
@pdcgomes

pdcgomes Jun 14, 2016

Yes, correct. But agreed, not the way forward. I'm just concerned with how fast they'll be able to push additional extension points. We shall see!

pdcgomes commented Jun 14, 2016

Yes, correct. But agreed, not the way forward. I'm just concerned with how fast they'll be able to push additional extension points. We shall see!

@pdcgomes

This comment has been minimized.

Show comment
Hide comment
@pdcgomes

pdcgomes Jun 15, 2016

Managed to sit down with some of the Xcode engineers that are working on Xcode Extensions earlier today. As expected, anything that doesn't involve pure text manipulation can't really be achieved with the current extension point.
The good news is that this is just the beginning and they're very keen on getting as much feedback as they possibly can, so definitely submit radars with very clear use case cases.

Unfortunately there are no clear timelines, so who knows how long it'll take until we have a rich public API and more extension points.

And yes, they've confirmed that by removing code signing, existing plugins will work. Having that said, it adds even more friction to the whole process, so the average user will probably either opt out or just be completely unaware of it. The way forward is to definitely clearly document valid use cases and file radars.

Both sad and exciting times ahead.

pdcgomes commented Jun 15, 2016

Managed to sit down with some of the Xcode engineers that are working on Xcode Extensions earlier today. As expected, anything that doesn't involve pure text manipulation can't really be achieved with the current extension point.
The good news is that this is just the beginning and they're very keen on getting as much feedback as they possibly can, so definitely submit radars with very clear use case cases.

Unfortunately there are no clear timelines, so who knows how long it'll take until we have a rich public API and more extension points.

And yes, they've confirmed that by removing code signing, existing plugins will work. Having that said, it adds even more friction to the whole process, so the average user will probably either opt out or just be completely unaware of it. The way forward is to definitely clearly document valid use cases and file radars.

Both sad and exciting times ahead.

@dabing1022

This comment has been minimized.

Show comment
Hide comment
@alanhamlett

This comment has been minimized.

Show comment
Hide comment
@alanhamlett

alanhamlett Jun 17, 2016

Contributor

Looks like the user has to invoke new extensions from a menu or keyboard shortcut. This is a bummer.

Contributor

alanhamlett commented Jun 17, 2016

Looks like the user has to invoke new extensions from a menu or keyboard shortcut. This is a bummer.

@JasonWorking

This comment has been minimized.

Show comment
Hide comment
@JasonWorking

JasonWorking commented Jun 18, 2016

Bad news.~

@borisyurkevich

This comment has been minimized.

Show comment
Hide comment
@borisyurkevich

borisyurkevich Jun 18, 2016

Good news, Xcode 8 protected from old dangerous plugins. Stop thinking about yourself and think about the greater good. We all get safer tool. Horrible story with Xcode Ghost should never happen again. Please don't break Xcode signature. Remember that's priority should be to create great products, not making your development live more fun and pleasant.

borisyurkevich commented Jun 18, 2016

Good news, Xcode 8 protected from old dangerous plugins. Stop thinking about yourself and think about the greater good. We all get safer tool. Horrible story with Xcode Ghost should never happen again. Please don't break Xcode signature. Remember that's priority should be to create great products, not making your development live more fun and pleasant.

@alanhamlett

This comment has been minimized.

Show comment
Hide comment
@alanhamlett

alanhamlett Jun 18, 2016

Contributor

@borisyurkevich the new api is not yet ready but they disabled the current one anyway.

We all want secure plugins, but the way Apple disabled the current plugins without providing a sufficient replacement is why this is bad news.

Contributor

alanhamlett commented Jun 18, 2016

@borisyurkevich the new api is not yet ready but they disabled the current one anyway.

We all want secure plugins, but the way Apple disabled the current plugins without providing a sufficient replacement is why this is bad news.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost commented Jun 18, 2016

@alanhamlett Apple Maps

@alanhamlett

This comment has been minimized.

Show comment
Hide comment
@alanhamlett

alanhamlett Jun 18, 2016

Contributor

No point in arguing why Apple does things, let's just file Radars for the extension features we need and hope they get implemented:

https://bugreport.apple.com/

Contributor

alanhamlett commented Jun 18, 2016

No point in arguing why Apple does things, let's just file Radars for the extension features we need and hope they get implemented:

https://bugreport.apple.com/

@BeauNouvelle

This comment has been minimized.

Show comment
Hide comment
@BeauNouvelle

BeauNouvelle Jun 19, 2016

It would have been nice if we were given a transitionary period at least. Given time to port the plugins we have that will work with the new system, AND given time to submit radars for the added functionality. Everything we have built is pretty much dead overnight.

I'm glad we now have colors, and documentation creation built in to Xcode 8, as they were my most used plugins.

At least we'll be able to sell them on the mac store right?

BeauNouvelle commented Jun 19, 2016

It would have been nice if we were given a transitionary period at least. Given time to port the plugins we have that will work with the new system, AND given time to submit radars for the added functionality. Everything we have built is pretty much dead overnight.

I'm glad we now have colors, and documentation creation built in to Xcode 8, as they were my most used plugins.

At least we'll be able to sell them on the mac store right?

@ianmasters

This comment has been minimized.

Show comment
Hide comment
@ianmasters

ianmasters Jun 20, 2016

@BeauNouvelle

It would have been nice if we were given a transitionary period at least.

This is Xcode 8 beta; by it's very definition the transitory period! Your feedback to Apple as they push toward public release is critical to make them aware of what you think should be done.

ianmasters commented Jun 20, 2016

@BeauNouvelle

It would have been nice if we were given a transitionary period at least.

This is Xcode 8 beta; by it's very definition the transitory period! Your feedback to Apple as they push toward public release is critical to make them aware of what you think should be done.

@iphone-andy

This comment has been minimized.

Show comment
Hide comment
@iphone-andy

iphone-andy Jun 20, 2016

So why xcode8 can't load old plugins , Is there any hack ideal to fix it

iphone-andy commented Jun 20, 2016

So why xcode8 can't load old plugins , Is there any hack ideal to fix it

@ianmasters

This comment has been minimized.

Show comment
Hide comment
@ianmasters

ianmasters Jun 20, 2016

@iphone-andy it's to prevent executing potentially unsafe / insecure / unsigned code that could be malicious or otherwise.

ianmasters commented Jun 20, 2016

@iphone-andy it's to prevent executing potentially unsafe / insecure / unsigned code that could be malicious or otherwise.

@Isuru-Nanayakkara

This comment has been minimized.

Show comment
Hide comment
@Isuru-Nanayakkara

Isuru-Nanayakkara Jun 22, 2016

@borisyurkevich I've used plug-ins extensively and never came across any "dangerous" plug-ins. Third party plug-ins is what made Xcode, otherwise a terrible IDE, tolerable. What Apple should have done is provide a way to sign Xcode plug-ins instead of disabling everything altogether.

Isuru-Nanayakkara commented Jun 22, 2016

@borisyurkevich I've used plug-ins extensively and never came across any "dangerous" plug-ins. Third party plug-ins is what made Xcode, otherwise a terrible IDE, tolerable. What Apple should have done is provide a way to sign Xcode plug-ins instead of disabling everything altogether.

@BeauNouvelle

This comment has been minimized.

Show comment
Hide comment
@BeauNouvelle

BeauNouvelle Jun 22, 2016

I've already filed a bug report about it. I'm sure if enough of us say something they'll at least give us more time to transition.

BeauNouvelle commented Jun 22, 2016

I've already filed a bug report about it. I'm sure if enough of us say something they'll at least give us more time to transition.

stefanceriu added a commit to stefanceriu/SCXcodeMiniMap that referenced this issue Jun 23, 2016

stefanceriu added a commit to stefanceriu/SCXcodeTabSwitcher that referenced this issue Jun 23, 2016

stefanceriu added a commit to stefanceriu/SCXcodeEditorInset that referenced this issue Jun 23, 2016

fpg1503 added a commit to fpg1503/Polychromatic that referenced this issue Jun 24, 2016

Add support for Xcode 8 Beta
Please view [fpg1503/MakeXcodeGr8Again](github.com/fpg1503/MakeXcodeGr8Again)
(more info on alcatraz/Alcatraz#475)
@borisyurkevich

This comment has been minimized.

Show comment
Hide comment
@borisyurkevich

borisyurkevich Jul 4, 2016

@Isuru-Nanayakkara issue is not in current plugins but in the fact that Xcode allows not signed code. This lead to the Xcode ghost attack. BTW used many IDE's and Xcode is way ahead of everything else. I shipped many apps and never felt a need to install a plugin.

borisyurkevich commented Jul 4, 2016

@Isuru-Nanayakkara issue is not in current plugins but in the fact that Xcode allows not signed code. This lead to the Xcode ghost attack. BTW used many IDE's and Xcode is way ahead of everything else. I shipped many apps and never felt a need to install a plugin.

@erikolofsson

This comment has been minimized.

Show comment
Hide comment
@erikolofsson

erikolofsson Jul 4, 2016

I think we could keep using the current plugin system safely by:

  • Create self signed certificate and add it as trusted to Key Chain
  • Walk through all of Xcode.app and find all internal plugins
    • Verify the signature of the plugin against the Xcode main app signature
    • If verified put in list of verified plugins
  • Resign Xcode.app (and optionally xcodebuild) and all verified plugins with the self signed certificate
  • Sign all of the custom plugins you want to use with the self signed certificate.

erikolofsson commented Jul 4, 2016

I think we could keep using the current plugin system safely by:

  • Create self signed certificate and add it as trusted to Key Chain
  • Walk through all of Xcode.app and find all internal plugins
    • Verify the signature of the plugin against the Xcode main app signature
    • If verified put in list of verified plugins
  • Resign Xcode.app (and optionally xcodebuild) and all verified plugins with the self signed certificate
  • Sign all of the custom plugins you want to use with the self signed certificate.

@brockboland brockboland referenced this issue Jul 5, 2016

Closed

Xcode Extension? #24

3 of 3 tasks complete
@osolo

This comment has been minimized.

Show comment
Hide comment
@osolo

osolo Jul 8, 2016

[rant]
I am personally quite upset by this change. Hardening Xcode.app doesn't fix the Xcode Ghost problem, it just forces malicious parties to move elsewhere in the toolchain. I can think of 10 different ways to inject bad code that doesn't involve changing Xcode.

On the other hand, Xcode is now broken for me. I use 5-10 plugins from Alcatraz and Xcode 8 will suck without them. I have to disable the whole OS's system protection to get them back. How does THAT help security?

Also, if you watch the WWDC session, you see how concerned the Xcode team was about performance of plugins. This is such a non-issue. I've both used and written plugins for Xcode and other IDEs (namely Visual Studio) and this has never been a real issue. But now the IPC approach I'm afraid we can never things like real time code editing in plugins. Too bad. RIP plugins.
[/rant]

osolo commented Jul 8, 2016

[rant]
I am personally quite upset by this change. Hardening Xcode.app doesn't fix the Xcode Ghost problem, it just forces malicious parties to move elsewhere in the toolchain. I can think of 10 different ways to inject bad code that doesn't involve changing Xcode.

On the other hand, Xcode is now broken for me. I use 5-10 plugins from Alcatraz and Xcode 8 will suck without them. I have to disable the whole OS's system protection to get them back. How does THAT help security?

Also, if you watch the WWDC session, you see how concerned the Xcode team was about performance of plugins. This is such a non-issue. I've both used and written plugins for Xcode and other IDEs (namely Visual Studio) and this has never been a real issue. But now the IPC approach I'm afraid we can never things like real time code editing in plugins. Too bad. RIP plugins.
[/rant]

@Ronaldoh1

This comment has been minimized.

Show comment
Hide comment
@Ronaldoh1

Ronaldoh1 Aug 2, 2016

No 馃槩 this can't be true.

Ronaldoh1 commented Aug 2, 2016

No 馃槩 this can't be true.

@guillaumealgis

This comment has been minimized.

Show comment
Hide comment
@guillaumealgis

guillaumealgis Aug 3, 2016

Member

Disclaimer: Take those stats with a (huge) grain of salt.

@osolo Alcatraz uses git for its update process, but we monitor nothing.
One of the only stat we have is the number of clones during the last few days. This isn't very meaningful, as Alcatraz is installed by downloading a tarball (if you follow the instructions on alcatraz.io), and uses fetch not clone when updating.

Still, here are the stats I screenshot'd today:

capture d ecran 2016-08-03 a 13 01 03

I'd say we average at about ~250 unique cloners per day (which, again, tells us nothing).

You could also check the stats for the releases of Alcatraz using Github's API. The latest release, 1.1.18, pushed on March 26 has been downloaded 74548 times so far.

GET https://api.github.com/repos/alcatraz/alcatraz/releases/2892921

Which gives us a bit more than 570 downloads per day on average. Note that it's hard to interpret this number, as users frequently re-install Alcatraz because of the slightly broken update process (in particular, we handle Xcode version changes very poorly).

Member

guillaumealgis commented Aug 3, 2016

Disclaimer: Take those stats with a (huge) grain of salt.

@osolo Alcatraz uses git for its update process, but we monitor nothing.
One of the only stat we have is the number of clones during the last few days. This isn't very meaningful, as Alcatraz is installed by downloading a tarball (if you follow the instructions on alcatraz.io), and uses fetch not clone when updating.

Still, here are the stats I screenshot'd today:

capture d ecran 2016-08-03 a 13 01 03

I'd say we average at about ~250 unique cloners per day (which, again, tells us nothing).

You could also check the stats for the releases of Alcatraz using Github's API. The latest release, 1.1.18, pushed on March 26 has been downloaded 74548 times so far.

GET https://api.github.com/repos/alcatraz/alcatraz/releases/2892921

Which gives us a bit more than 570 downloads per day on average. Note that it's hard to interpret this number, as users frequently re-install Alcatraz because of the slightly broken update process (in particular, we handle Xcode version changes very poorly).

@Przemyslaw-Wosko

This comment has been minimized.

Show comment
Hide comment
@Przemyslaw-Wosko

Przemyslaw-Wosko Aug 3, 2016

i created new repo for Xcode extensions link , feel free to update it with your ported extensions. it's just repo that collects useful extensions.
I hope that closing Alcatraz will not affect badly community building add-ons for poor Xcode.

Przemyslaw-Wosko commented Aug 3, 2016

i created new repo for Xcode extensions link , feel free to update it with your ported extensions. it's just repo that collects useful extensions.
I hope that closing Alcatraz will not affect badly community building add-ons for poor Xcode.

@capnslipp

This comment has been minimized.

Show comment
Hide comment
@capnslipp

capnslipp Aug 7, 2016

FWIW, using unsign on /Applications/Xcode-beta.app/Contents/MacOS/Xcode as @erikolofsson's suggested plus adding the beta Xcode's UUID to Alcatraz and other plugins per #73 works flawlessly for me.

Of course, this reduces the security of Xcode.聽聽For my usage though I'm not worried; I primarily use Alcatraz for color schemes and currently have only one true plugin installed鈥 SCXcodeMinimap.

Is unsigning dev tools dangerous?聽 Maybe.
Is it the end of open-source add-ons/hacks to Apple apps?聽 No, not really.
Is it just the reality of Apple's protect-novice-users-while-still-technically-allowing-expert-usage?聽 Yup.

capnslipp commented Aug 7, 2016

FWIW, using unsign on /Applications/Xcode-beta.app/Contents/MacOS/Xcode as @erikolofsson's suggested plus adding the beta Xcode's UUID to Alcatraz and other plugins per #73 works flawlessly for me.

Of course, this reduces the security of Xcode.聽聽For my usage though I'm not worried; I primarily use Alcatraz for color schemes and currently have only one true plugin installed鈥 SCXcodeMinimap.

Is unsigning dev tools dangerous?聽 Maybe.
Is it the end of open-source add-ons/hacks to Apple apps?聽 No, not really.
Is it just the reality of Apple's protect-novice-users-while-still-technically-allowing-expert-usage?聽 Yup.

@FalconTT

This comment has been minimized.

Show comment
Hide comment
@FalconTT

FalconTT Aug 17, 2016

Well, I just posted a Apple Bug Report for my plugin; hopefully more developers will do the same thing and Apple will listen.

FalconTT commented Aug 17, 2016

Well, I just posted a Apple Bug Report for my plugin; hopefully more developers will do the same thing and Apple will listen.

@alanhamlett

This comment has been minimized.

Show comment
Hide comment
@alanhamlett

alanhamlett Aug 19, 2016

Contributor

This app gives unsign an easy to use GUI:
https://github.com/fpg1503/MakeXcodeGr8Again

Contributor

alanhamlett commented Aug 19, 2016

This app gives unsign an easy to use GUI:
https://github.com/fpg1503/MakeXcodeGr8Again

@tbodt

This comment has been minimized.

Show comment
Hide comment
@tbodt

tbodt Aug 20, 2016

unsign isn't really necessary:

codesign --remove-signature /Applications/Xcode\ beta.app

--remove-signature is an undocumented option. It does exactly what you think it does.

tbodt commented Aug 20, 2016

unsign isn't really necessary:

codesign --remove-signature /Applications/Xcode\ beta.app

--remove-signature is an undocumented option. It does exactly what you think it does.

@tbodt

This comment has been minimized.

Show comment
Hide comment
@tbodt

tbodt Aug 20, 2016

A little-known fact about GitHub releases is that there is a download counter. It's not visible in the UI, but you can get it through the GitHub API at https://api.github.com/repos/alcatraz/Alcatraz/releases.

Version Download Count
1.1.18 81,240
1.1.17 5,710
1.1.16 15,512
1.1.15 47,828
1.1.14 157
1.1.13 18,386
1.1.12 7,139
1.1.11 12,030
1.1.10 52,931
1.1.9 76
1.1.8 25,413
1.1.7 1333
1.1.6 37,751
1.1.5 22,576
1.1.4 2,990
1.1.3 393
1.1.2 18,413
1.1.1 4,931
1.1 10,017
1.0.9 23,546
1.0.8 19,232
1.0.7 11,897
1.0.6 2,086
1.0.4 31,383
1.0.3 39
1.0.1 45,320

tbodt commented Aug 20, 2016

A little-known fact about GitHub releases is that there is a download counter. It's not visible in the UI, but you can get it through the GitHub API at https://api.github.com/repos/alcatraz/Alcatraz/releases.

Version Download Count
1.1.18 81,240
1.1.17 5,710
1.1.16 15,512
1.1.15 47,828
1.1.14 157
1.1.13 18,386
1.1.12 7,139
1.1.11 12,030
1.1.10 52,931
1.1.9 76
1.1.8 25,413
1.1.7 1333
1.1.6 37,751
1.1.5 22,576
1.1.4 2,990
1.1.3 393
1.1.2 18,413
1.1.1 4,931
1.1 10,017
1.0.9 23,546
1.0.8 19,232
1.0.7 11,897
1.0.6 2,086
1.0.4 31,383
1.0.3 39
1.0.1 45,320
@inket

This comment has been minimized.

Show comment
Hide comment
@inket

inket Aug 21, 2016

unsign isn't really necessary:

codesign --remove-signature /Applications/Xcode\ beta.app
--remove-signature is an undocumented option. It does exactly what you think it does.

I believe codesign --remove-signature is fundamentally different from unsign.

When implementing Xcode unsigning in update_xcode_plugins, I tried going the codesign --remove-signature way at first, but Xcode seemed to lose access to the system keychain and couldn't login to the accounts in Preferences > Accounts > Apple IDs, so you would have to enter all your Apple ID passwords on every Xcode restart.

inket commented Aug 21, 2016

unsign isn't really necessary:

codesign --remove-signature /Applications/Xcode\ beta.app
--remove-signature is an undocumented option. It does exactly what you think it does.

I believe codesign --remove-signature is fundamentally different from unsign.

When implementing Xcode unsigning in update_xcode_plugins, I tried going the codesign --remove-signature way at first, but Xcode seemed to lose access to the system keychain and couldn't login to the accounts in Preferences > Accounts > Apple IDs, so you would have to enter all your Apple ID passwords on every Xcode restart.

@nrbrook

This comment has been minimized.

Show comment
Hide comment
@nrbrook

nrbrook Sep 12, 2016

I've scripted the process of unsigning Xcode and updating the UUID in plugins. Feedback appreciated. https://github.com/nrbrook/MakeXcodePluginsWork

nrbrook commented Sep 12, 2016

I've scripted the process of unsigning Xcode and updating the UUID in plugins. Feedback appreciated. https://github.com/nrbrook/MakeXcodePluginsWork

@michalzelinka

This comment has been minimized.

Show comment
Hide comment
@michalzelinka

michalzelinka Sep 13, 2016

My rdar contribution; do not hesitate to express your own mind:

Xcode is a primary tool for the development on all Apple platforms. People can either love or hate it, the fact is it's still the most powerful development tool around.

Lots of its power and usefulness has been achieved by 3rd-party plugins, later covered by the Alcatraz project, which is the number one extension management system for Xcode, as vital and needed as for example npm is needed for Node.js. It's all based on a fair, aware community developing its helpful open-source extras and publishing them on GitHub. It's not a code-injecting ghetto targeting infecting stuff. It's a community within a community.

Xcode 8 tends to drop support for these plugins, most often being narrated as a security step in favour of preventing distribution of injected stuff. This is false; you simply can't prevent that 'cause there's always someone who finds the way. This step simply makes Xcode was less usable, complicated and not that feature-rich. There are many important plugins which developers love, contribute and move forward to make Xcode even better, tell yourself honestly, mostly even better than you could in a short period.

The community needs powerful stuff. Way more powerful than basic source-editing magic. Please reconsider this step in a spirit of community and support to your developers.

In last years, there's a move towards closing your platform. First shutting down Spotlight plugins and its great Flashlight plugins manager, which is simply great and now I need to disable Rootless to use it. Now it's Xcode plugins. You're doing more and more to make developers and power users feel sad and not having their computing device in their hands.

There's a detailed discussion on Alcatraz repo, it says everything:
#475

I'm attaching a list of great plugins I simply can't spend a day without:

AxeMode 鈥 Xcode issues patching
Backlight 鈥 active line highlighting
ClangFormat 鈥 code formatter
DerivedData Exterminator 鈥撀燿aily need getting rid or bad stuff
FuzzyAutocomplete 鈥撀爊ame says it all, still more powerful than Xcode completion
HighlightSelectedString
MCLog 鈥 console log filtering, including regexes
OMColorSense
Polychromatic 鈥 variables colouring, cute stuff
RSImageOptimPlugin 鈥 processing PNG files before committing
SCXcodeMinimap 鈥 love this SublimeText-thingy!
XCFixin_FindFix 鈥 fixing Find features
XcodeRefactoringPlus 鈥 patching Refactor functionality, still buggy, but less than Xcode without plugin
XToDo 鈥 TODOs collection
ZLGotoSandbox 鈥 'cause dealing with your folders would be a hell without it

Most of them are not source code-related, thus deserve having a way to be loaded and working like a charm again.

michalzelinka commented Sep 13, 2016

My rdar contribution; do not hesitate to express your own mind:

Xcode is a primary tool for the development on all Apple platforms. People can either love or hate it, the fact is it's still the most powerful development tool around.

Lots of its power and usefulness has been achieved by 3rd-party plugins, later covered by the Alcatraz project, which is the number one extension management system for Xcode, as vital and needed as for example npm is needed for Node.js. It's all based on a fair, aware community developing its helpful open-source extras and publishing them on GitHub. It's not a code-injecting ghetto targeting infecting stuff. It's a community within a community.

Xcode 8 tends to drop support for these plugins, most often being narrated as a security step in favour of preventing distribution of injected stuff. This is false; you simply can't prevent that 'cause there's always someone who finds the way. This step simply makes Xcode was less usable, complicated and not that feature-rich. There are many important plugins which developers love, contribute and move forward to make Xcode even better, tell yourself honestly, mostly even better than you could in a short period.

The community needs powerful stuff. Way more powerful than basic source-editing magic. Please reconsider this step in a spirit of community and support to your developers.

In last years, there's a move towards closing your platform. First shutting down Spotlight plugins and its great Flashlight plugins manager, which is simply great and now I need to disable Rootless to use it. Now it's Xcode plugins. You're doing more and more to make developers and power users feel sad and not having their computing device in their hands.

There's a detailed discussion on Alcatraz repo, it says everything:
#475

I'm attaching a list of great plugins I simply can't spend a day without:

AxeMode 鈥 Xcode issues patching
Backlight 鈥 active line highlighting
ClangFormat 鈥 code formatter
DerivedData Exterminator 鈥撀燿aily need getting rid or bad stuff
FuzzyAutocomplete 鈥撀爊ame says it all, still more powerful than Xcode completion
HighlightSelectedString
MCLog 鈥 console log filtering, including regexes
OMColorSense
Polychromatic 鈥 variables colouring, cute stuff
RSImageOptimPlugin 鈥 processing PNG files before committing
SCXcodeMinimap 鈥 love this SublimeText-thingy!
XCFixin_FindFix 鈥 fixing Find features
XcodeRefactoringPlus 鈥 patching Refactor functionality, still buggy, but less than Xcode without plugin
XToDo 鈥 TODOs collection
ZLGotoSandbox 鈥 'cause dealing with your folders would be a hell without it

Most of them are not source code-related, thus deserve having a way to be loaded and working like a charm again.

@EchoZuo

This comment has been minimized.

Show comment
Hide comment
@EchoZuo

EchoZuo Sep 14, 2016

Xcode 8 can not be installed Alcatraz锛
How to do it?

EchoZuo commented Sep 14, 2016

Xcode 8 can not be installed Alcatraz锛
How to do it?

@jurre

This comment has been minimized.

Show comment
Hide comment
@jurre

jurre Sep 14, 2016

Member

@EchoZuo please read the thread, plugins are no longer supported in Xcode

Member

jurre commented Sep 14, 2016

@EchoZuo please read the thread, plugins are no longer supported in Xcode

@kaphacius

This comment has been minimized.

Show comment
Hide comment
@kaphacius

kaphacius Sep 14, 2016

Contributor

@jurre they are, just not as easy to install

Contributor

kaphacius commented Sep 14, 2016

@jurre they are, just not as easy to install

@jurre

This comment has been minimized.

Show comment
Hide comment
@jurre

jurre Sep 14, 2016

Member

Having to unsign xcode is not supported IMO :)

Member

jurre commented Sep 14, 2016

Having to unsign xcode is not supported IMO :)

@kaphacius

This comment has been minimized.

Show comment
Hide comment
@kaphacius

kaphacius Sep 14, 2016

Contributor

by whom?)

Contributor

kaphacius commented Sep 14, 2016

by whom?)

@nrbrook

This comment has been minimized.

Show comment
Hide comment
@nrbrook

nrbrook Sep 14, 2016

I've found Xcode seems to hang a lot when saving files when it is unsigned, requiring a force quit. Saving can happen automatically, so it can just randomly hang. Pretty sure it is saving anyway. The file is actually saved thankfully.

nrbrook commented Sep 14, 2016

I've found Xcode seems to hang a lot when saving files when it is unsigned, requiring a force quit. Saving can happen automatically, so it can just randomly hang. Pretty sure it is saving anyway. The file is actually saved thankfully.

@nrbrook

This comment has been minimized.

Show comment
Hide comment
@nrbrook

nrbrook Sep 14, 2016

It hangs even with no plugins activated, just unsigned.

nrbrook commented Sep 14, 2016

It hangs even with no plugins activated, just unsigned.

@Sephiroth87

This comment has been minimized.

Show comment
Hide comment
@Sephiroth87

Sephiroth87 Sep 14, 2016

A plugin could probably fix that 馃

Sephiroth87 commented Sep 14, 2016

A plugin could probably fix that 馃

@chrisbirch

This comment has been minimized.

Show comment
Hide comment
@chrisbirch

chrisbirch Sep 14, 2016

This is indeed terrible news. How can they have done this to us..?

My once tolerable workflow lies broken and lifeless on the floor. Arghhh

chrisbirch commented Sep 14, 2016

This is indeed terrible news. How can they have done this to us..?

My once tolerable workflow lies broken and lifeless on the floor. Arghhh

@AlexKvazos

This comment has been minimized.

Show comment
Hide comment
@AlexKvazos

AlexKvazos Sep 14, 2016

Should I have hope that Alcatraz will soon work with some patches? Or should I just give up and accept a miserable life since right now?

AlexKvazos commented Sep 14, 2016

Should I have hope that Alcatraz will soon work with some patches? Or should I just give up and accept a miserable life since right now?

@capnslipp

This comment has been minimized.

Show comment
Hide comment
@capnslipp

capnslipp Sep 15, 2016

Can we close this issue now?聽聽The core issue 鈥淴code 8 won't load plug-ins鈥 has now been fixed as best Alcatraz can fix it.聽 What remains is gripes about Apple's platform choices, which belong in rdars, on Twitter, and at WWDC conversations, not here.

capnslipp commented Sep 15, 2016

Can we close this issue now?聽聽The core issue 鈥淴code 8 won't load plug-ins鈥 has now been fixed as best Alcatraz can fix it.聽 What remains is gripes about Apple's platform choices, which belong in rdars, on Twitter, and at WWDC conversations, not here.

@andytriboletti

This comment has been minimized.

Show comment
Hide comment
@andytriboletti

andytriboletti Sep 15, 2016

I ran the install script with Xcode 8 installed. I don't see "Package Manager" in the Window menu. :(

andytriboletti commented Sep 15, 2016

I ran the install script with Xcode 8 installed. I don't see "Package Manager" in the Window menu. :(

@guillaumealgis

This comment has been minimized.

Show comment
Hide comment
@guillaumealgis

guillaumealgis Sep 15, 2016

Member

@andytriboletti please read the thread.

Member

guillaumealgis commented Sep 15, 2016

@andytriboletti please read the thread.

@kattrali

This comment has been minimized.

Show comment
Hide comment
@kattrali

kattrali Sep 15, 2016

Collaborator

Let鈥檚 close this up now, per #488.

Collaborator

kattrali commented Sep 15, 2016

Let鈥檚 close this up now, per #488.

@kattrali kattrali closed this Sep 15, 2016

@alcatraz alcatraz locked and limited conversation to collaborators Sep 15, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.