New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
open .scad first time --> need to confirm "access to Documents" every time + for every Preset #4059
Comments
I haven't been able to reproduce this on MacOS 12.1, Intel processor. |
OK, I now have 12.1 installed on my M1 machine, and still cannot reproduce it requesting permission for every preset. |
Just dropped in the latest dev build and I'm seeing the same issue: Even though I've given OpenSCAD full disk access, I get "OpenSCAD wants to access…" prompts dozens of times. I wonder if its thrashing of the Documents folder involves library access; I'll see if removing a bunch of the custom libraries I've installed helps. |
And I still cannot reproduce that. I suspect something is very wrong with the permissions or security settings on your system. |
cannot reproduce OpenSCAD version 2022.03.14 (git 9f68ea0). I removed any previous OpenSCAD, and in before first run removed OpenSCAD from SystemPreferences >Security&Privacy>Files&Folders After a restart, I opened, rendered, and edited a file that #included a BOSL2 file. Although on first launch, I did get the "OpenSCAD” cannot be opened because the developer cannot be verified. alert, I never got any complaints about access to any folders. macOS Monterery version 12.3, M1 Mac Mini. |
I am seeing the same thing. It seems a little suspicious that there are no entitlements at all
Some that could be relevant:
The strange thing is - even adding OpenSCAD to full disk access it keeps asking. I still have a pending macOS upgrade and see if that makes a difference. |
@tcurdt, are you by any chance storing your Desktop and Documents folders in iCloud? It just occurred to me that I'm doing that on both machines I tested with; by default, that also places OpenSCAD's Libraries folder in an iCloud controlled directory as well. |
@eaton No, I am not using iCloud (more than I have to). |
Just upgraded to the latest macOS 12.3 - still the same behaviour. |
If OpenSCAD does not plan on releasing through the MAS, maybe the entitlement
would save us from all the headaches? Within the sandbox it probably also needs full disk permissions to make use of |
Interesting - and weird! It happens only when the file is on the desktop (or a sub dir thereof). When I move it somewhere else everything just works. When I move it back to the desktop I again get the permission popups. |
Just a shot in the dark, are any of the paths with problems containing symbolic links? |
@thehans Na, the path to the desktop doesn't contain any links. |
Just had a chance to set up a fresh new Mac and re-image the MacBook where I initially spotted the issue; it's definitely still present. On both freshly-imaged machines, before and after enabling iCloud Desktop/Document sharing, I downloaded OpenSCAD-2022.04.15.dmg from the site and installed it.
Other than this particular issue, the new dev builds are BLISTERINGLY fast on the M1. When I have a chance next week I'm going to dig in and do some more specific controlled tests around individual operations to see if there are any other patterns. As noted upthread, the Desktop folder (or any subfolders) seem to trigger it consistently, while other directories don't. |
I'm having this same issue. OpenSCAD version 2022.04.09 (git b13ec70), MacOS Monterey 12.3.1. It doesn't matter if I have a .scad file on the desktop, in a folder on the desktop, or in the documents folder. It asks me for permission every single time. When opening the documents folder, it sometimes asks thirty or forty times in a row. Clean system install. A mitigation strategy is to put files in your home directory only, which at least works for me. There does not appear to be a way to turn off privacy protections on MacOS anymore. |
@tkircher Does it also ask for permission when in a subfolder of home? |
@tcurdt A subdirectory of the home directory also works fine. So Desktop and Documents are basically unusable directories in MacOS. |
@tkircher I just tried the documents folder. I can confirm the same. |
I can also confirm this bug. I can also confirm that moving the relevant This bug does not appear when using the current release download (2021.01). Maybe this might be related to code signing on Apple Silicon? https://developer.apple.com/forums/thread/125794 I don't know enough about OpenSCAD's internals, but maybe something isn't quite right with code signing and that's causing the security measures to freak out by thinking the binary is constantly changing? I wonder if this issue with the nightly build also exists on Intel Macs, and whether it can be cleared up by stripping the code signature if it does. Unfortunately unsigned ARM binaries will refuse to run, so I can't test that idea on an M1 directly. |
The problem is: this only happens to small subset of users. |
Probably - but for me it happened on a fresh system. |
Mine isn't fresh, but I installed it to the normal I am using iCloud while @tcurdt (I assume based on earlier posts) is not, so it seems like it's likely not an iCloud issue. The common thread between the two of us seems to be that we're both on M1 Macs, so I'm tempted to think this is something specific to that. The only thing I've found that's different is that MacOS running on M1's is more strict about code signing than on Intel (Edit: Though I'm admittedly unsure why that'd affect permissions requests) Is there maybe a way to get an intel only build so we can see if running under Rosetta clears this up? That would at least narrow it down to an M1 issue. |
Clean system here, M1 Max, Monterey 12.3.1, official ARM build of OpenSCAD downloaded from the website, development snapshot 2022.04.09 (git b13ec70) |
Not using iCloud. So that doesn't seem to be related.
Do you have more info about that? I am not aware of the "more strict" part. (Was a) clean system, M1 Pro, Monterey 12.3.1, still on ARM build 2022.03.16 (git a6392b3) |
@tcurdt It is correct that M1 macs have a more tightly locked down system than Intel macs. |
I've been testing on ARM (universal) 2022.05.09 (The "nightly" build available from the website). M1 Air, Monterey 12.3.1.
This Apple Developer release note mentions that Apple Silicon systems will refuse to run unsigned code, but that Xcode will sign the code as part of the linking process. That's enough to allow the code to run, but Gatekeeper will still flag it. (You'd need to go through the whole Apple Developer registration process thing to get around that which isn't necessary) They also mention some caveats where the signing process may not work correctly. That said, I'd expect that kind of issue to prevent OpenSCAD from running, not to cause this weird permissions issue. So Code Signing itself might not be the problem, but maybe something adjacent to how M1 systems are more strict on security policies? |
I also have an M1 iMac (in addition to a few Intel systems), and no such problems. |
@tcurdt If I change the Bundle Version I get Either way, if I don't modify anything, the last build (2022.10.31 (git 5944914)) I am only asked a few times after opening a file, but not while trying to render. So I see an improvement. |
@elxris without more details of your situation it's hard say anything. The workaround works fine for me on macOS 12.6 with a M1. 🤷♂️ |
@tcurdt I am sorry I was unable to provide more details, I really don't know how to debug these things as I am not a OSX developer. I want to add that I did a quick Ecosia search and found this command to fix my problems on my M1 as the workaround Info.plist didn't work for me. Source: alacritty/alacritty#5845 |
@elxris Things like processor architecture and macOS version would always be helpful :) TBH I am surprised that changing the bundle version without a |
@tcurdt my bad! I forgot. |
I just gave you an example of details, I can fix it with rolling the version but just curious why. And if you need some tests in different environments please let me know. I have a Macbook Pro M1 max 2021 with Monterey and a Macbook Air M1 with Monterey. |
I am wondering if the issue with the bundle version is something to do with that fact that it is improperly formatted?
I would suggest:
where
|
They have increased the strictness of the format - not entirely sure why.
The current scheme And given the latest findings the version does not seem to be the final piece of this puzzle. |
@tcurdt Ah, my mistake, i was looking at one of your edited versions with 4 numbers. Though it is strange if adding a 4th number somehow helps, since the docs claim it should be ignored. But also, I think it would be best to guarantee a unique build version, regardless of rarity of being built on the same day. |
I read through all the comments last evening, but I guess I didn't pick up on this. If you are talking about @elxris's issue:
This is the same issue @sroeper reported, and then said it was fixed:
|
@thehans A uniq bundle version would be nice - but it seems not to help this issue. Multiple builds per day is also more a developer concern and they are probably are less affected by this anyway. I guess this should be handled in a different issue as this isn't the cause for this issue. FWIW: I used to use just the major version and as minor the total number of commits for the bundle version. That worked pretty well for me. Maybe for OpenSCAD it could be just I think the summary of the findings are as follows:
|
Hello! Sorry to add more conflicting info to this issue:
I've been seeing this issue with the various dev snapshots (2022.09.05 & 2022.11.21) I've downloaded since getting the Mac about 3 months ago. The latest was 2022.12.19. They've all suffered from the same repeated requests for access to the Documents folder. I've just run the codesign command posted above |
I lately also had to The question is how that |
Hallelujah! I've had the repeated permission request problem ever since I bought my M1 Macbook about a year ago. Today I decided to visit the forum again to see if there's a fix. Downloaded the latest snapshot build [2023.01.20] - no difference. Tried the Thanks for everyone's persistence on this. |
Could someone who experiences this issue try these new binaries? These have been adhoc codesigned by the snapshot build system: |
@kintel unfortunately it even crashes (for me)
|
Thanks, I'll keep investigating.. |
@kintel No longer crashes! After I removed the quarantine, I opened a few files but unfortunately it still forgets the permissions given. Side note: During the lifetime of the ticket I have since upgraded to macOS 14 and are still seeing the exact same behaviour. |
Thanks for testing! Next I'll try to manually sign the same bundle and see if that changes anything |
@tcurdt One more time, this time manually re-signed the app bundle which was previously signed by macdeployqt: https://files.openscad.org/OpenSCAD-2023.10.11-signed.dmg |
I'm on macOS Ventura 13.5.2, on an M1 Mini. When I launch the Openscad on OpenSCAD-2023.10.11-signed.dmg - on first launch the OS says in an alert box that it can't verify that it has no malware, so I <control>-click opened it, and on following launches it did not ask. The first time I opened a .scad file on auxiliary disk the OS asked in alert box if I should give OpenSCAD permission. It did not ask on following launches. Even when I opened and previewed .scad files that used libraries (example: the first line of one file was But, that isn't surprising. Last year I was so annoyed by the repeating OS alert that I added a file:
to set the environment variable that ordinary double-clicked apps see to move my library directory somewhere that OpenSCAD is already allowed to see. Edit to add: I tried launching OpenSCAD from the commandl ine via: |
@kintel Holy smokes - the manually signed one works as expected! |
This also worked for me. I opened stuff from Downloads without an issue before, but after adding a library to the OpenSCAD path in documents I just got this permissions-infinite-loop. |
Still getting this on the latest dev nightly.
had to do the codesign. |
We haven't set up codesign yet - I kind of lost steam after the automated signing failed. |
OpenSCAD Version 2022.01.20:
macOS 12.0.1, MBAir 2020 M1
Every time I open a file.scad with presets the first time, I need to confirm for every preset(!) to get access to documents
what strange is: since installation and running this new OpenSCAD, I get this question also in OpenSCAD 2021.01. For every freashly opened file.scad
Bildschirmaufnahme.2022-01-20.um.17.55.26.mov
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: