Osx 12.1 app always asks for permission to access Documents #5194
Comments
|
The last time this happened, #4974 , it appeared to be a corruption of some sort in the state macOS uses to determine whether a permissions prompt is triggered for an application. Apple has a command-line utility, tccutil, that's preinstalled. It may be useful to work around the problem you see. If you close Angband, if it's already running, and then run the following in a Terminal window (bring one up by Go->Utilities in the Finder menu and then double click on Terminal in the finder window that appears), , do you still get the problem with repeated prompts to access Documents when you rerun Angband? |
Thanks! That does seem to have fixed it. |
|
I spoke too soon. While the fix above does fix things, it was only a temporary fix and now it's back to the same old tricks. In fact, it's even worse now. With angband not running and a fresh terminal window up I can run those two commands, which report being successful, however when I start angband it's asking for permission with each file access - no reprieve whatsoever. Confused. |
|
I did some digging, and the problem is probably a combination of new permissions in recent os versions and the fact that the app isn't signed |
|
Then an easy solution, for the development team at least, is to stop shipping a macOS binary and let players compile it for themselves. To get a Developer ID for signing an application distributed outside of the AppStore requires membership in Apple's Developer Program (from https://help.apple.com/xcode/mac/current/#/dev520c0324f , "A Developer ID certificate is a type of distribution certificate you use to distribute your app outside the Mac App Store. Signing your macOS apps, plug-ins, and installer packages with a Developer ID certificate lets Gatekeeper verify that apps are not created by malware developers and haven't been tampered with since they were signed. Signed apps will launch on macOS when Gatekeeper is enabled. Developer ID certificates are issued only to members of the Apple Developer Program or Apple Developer Enterprise Program.") The requirements (see https://developer.apple.com/programs/enroll/ ) for enrolling as an organization in Apple's Developer Program look like they'd be hard to meet for Angband. Using one individual's Developer Program access would be easier, but these problems come to mind:
|
|
I have just updated to 12.1 in order to check this, and have no problem. Ironically, in 12.0 I was prompted for access to ~/Documents, but only on opening the game. |
|
As this seems machine-dependent and not fixable by Angband, should it be closed? |
|
I've found that by compiling locally I can avoid this for a time, but if I Force Quit out of the app it tends to get back to doing this. I've not tested it enough to be sure that's the issue, but it's my hunch. Curiously, it's now an intermittent problem regardless if I've recently compiled a fresh copy or recently done a force quit of the app. |
|
A bit off-topic for the discussion here, but why are you finding it necessary to frequently use Force Quit on Angband? Is it just a case of shutting the system down while Angband's running or are you encountering instances where it doesn't respond to user input? |
|
Neither of those. After years away I'm re-learning the game and figuring out strategies for various situations. I will save the game at what I think of as a decision point prior to engaging a foe I've not learned how to deal with or where I want to try out a strategy. If the engagement goes poorly I force quit and restart from my save point to try something different. This is cheating, I know, but it's also how I like to try out things and enjoy the game. I'm not posting to the ladder with this technique - in fact, I've never posted to the ladder. If my force quitting the app is the cause of the problems I've seen, then I've brought them on myself and this may not be something that needs fixing at all. It's curious though that even with recompiling the app I sometimes see this issue and sometimes don't. If others aren't seeing it with OSX 12 then it's probably my own fault for force quitting like I've been doing. |
|
My experience, both with macOS 11 and macOS 12 (the latter sparingly and only in a virtual machine), is like Nick's, I may get one prompt for accessing Documents after installing a new version or recompiling, but that's it. The link posted by j8le above and the WWDC sessions that iare mentioned in it suggest that Apple is planning to require code signing for applications at some point. |
|
I mean, they basically already do; the hoops required to run an unsigned application are non-trivial. It seems unlikely that they'll ever fully require it, but it'd be a worthwhile thing to figure out how to get Angband signed. |
|
If this doesn't qualify as Annoying, I don't know what does. |
|
To chip in on this issue – |
…Info.plist since it matches the format Apple expects. The version from version.sh will still be used as the in-game version and for the package name. May help mitigate angband#5194 .
…Info.plist since it matches the format Apple expects. The version from version.sh will still be used as the in-game version and for the package name. May help mitigate #5194 .
…Info.plist since it matches the format Apple expects. The version from version.sh will still be used as the in-game version and for the package name. May help mitigate angband/angband#5194 .
…Info.plist since it matches the format Apple expects. The version from version.sh will still be used as the in-game version and for the package name. May help mitigate angband/angband#5194 .
|
Any news on this? It started happening for me on 4.2.4 when I migrated to a new M1 machine. None of the fixes here worked, including deleting, reinstalling, resetting everything, etc. It will ask for permissions when opening, saving, going up or down stairs (3 or 4 times in a row), dying, etc. Tried the most recent nightly, same results. |
|
There was a change to the version information included in the Info.plist file a bit before the 4.2.4 release. That was in response to AndyXuna's post above and, if it did have an impact on this issue, would have only helped the nightly releases (which, without change, had version information that didn't fit the format expected by Apple). In your attempts to workaround the problem, did you try the tccutil commands mentioned above? |
|
Yes, I did try that. The reset of All failed as shown, the reset of SystemPolicyDocumentsFolder seemed to be successful, but it didn’t fix the problem.
squatbox:~ slinberg$ tccutil reset All org.rephial.angband
tccutil: executable_is_endpoint_security_client failed for path file:///Applications/Angband/Angband.app/Contents/MacOS/angband with error: code object is not signed at all
squatbox:~ slinberg$ tccutil reset SystemPolicyDocumentsFolder org.rephial.angband
Successfully reset SystemPolicyDocumentsFolder approval status for org.rephial.angband
… On Apr 8, 2022, at 1:08 PM, backwardsEric ***@***.***> wrote:
There was a change to the version information included in the Info.plist file a bit before the 4.2.4 release. That was in response to AndyXuna's post above and, if it did have an impact on this issue, would have only helped the nightly releases (which, without change, had version information that didn't fit the format expected by Apple). In your attempts to workaround the problem, did you try the tccutil commands mentioned above?
—
Reply to this email directly, view it on GitHub <#5194 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ASPBECWNNBJFPKTTYB2BZDLVEBRYBANCNFSM5KGQW6CQ>.
You are receiving this because you commented.
|
|
Since we don't have a signed executable, the only other workaround that is likely to work is to compile from source yourself. Instructions for how to do that is here, https://angband.readthedocs.io/en/latest/hacking/compiling.html#macos (those instructions assume you have Xcode and its command line compilers installed). |
In the latest release (4.23-172-g6cad8b535), and at least recent builds such as 4.2.3-158-ga262294bd, the app always asks for permission to access the Documents folder. It does this persistently - no matter how many times you authorize permission it will ask again each time it opens or saves a file.
When saving a game you may get the dialog requesting permission to access the Documents folder several times - once for each file it reads or writes. This takes place regardless of if you've got the app authorized for file and folder access via the System Preferences > Security & Privacy > Privacy > Files and Folders setting where the app shows for the OS as already having permission set correctly.
The text was updated successfully, but these errors were encountered: