Mora Catalina permissions woes....
panagiotis merakos
merakosp at gmail.com
Tue Jun 30 04:02:48 EDT 2020
Hello Paul,
I was thinking that a way to make things simpler, which might solve these
permissions woes is to not have the separate libraries folder sitting
outside the app bundle, but instead add the whole folder in the Copy Files
section of the standalone, and then in your code access this folder by:
local tLibsFolder
put specialFolderPath("resources") & slash & "OurStacks" into tLibsFolder
start using stack tLibsFolder & slash & myLib1.livecode
start using stack tLibsFolder & slash & myLib2.livecode
...
This has several advantages:
- The app file and the OurStacks folder will never be separated (e.g. by
the App Translocation security thing)
- The code for detecting and using the library stacks will become simpler
and cleaner
- And the most important - you will probably overcome these permissions
problems, since all you have to do now to distribute your app will be what
LC does. i.e. sign the .app, create a dmg and sign, notarize and staple the
dmg. No installers are needed.
Kind regards,
Panos
--
On Mon, 29 Jun 2020 at 22:34, Paul Dupuis via use-livecode <
use-livecode at lists.runrev.com> wrote:
> List Folks: A head up of a Catalina issue:
>
> If your code signed Standalone is trying to access stacks that are
> OUTSIDE the app bundle under Catalina, sometimes Catalina will not
> properly detect your apps need for access. You will not get an "App
> wants access to blah blah: Allow or Deny" dialogs and you app will throw
> a script error (if you have assumed successful access and not coded for
> errors)
>
> In our case, we have the App (bundle) and a folder of stacks that sits
> next to it, both in a containing folder that is what is installed where
> the user installs it. So
>
> FOLDER: OurAppFolder
> > OurApp.app
> >FOLDER: OurStacks
> >> Some library stacks
>
> We construct a full path to each library stack in "OurStacks" in a
> variable called tLibrary and when we execute
> if there is a file tLibrary then
> start using tLibrary
> end if
> for the 1st library, we get a script error on the start using statement.
> The test for existence does return true.
>
> start: can't find object
>
> If you go to Apple (menu) > System Preferences (menu item) > Security &
> Privacy (panel) > Privacy (tab) > Full Disk Access and grant
> "OurApp.app" access, then subsequent launches work flawlessly.
>
> This is clearly a Catalina entitlements/permissions issue.
>
> We have distilled a test stack and have seen the error occur multiple
> times. The problem is we have not found a recipe that reproduces the
> error 100% reliably.
>
> I have seen discussions that suggest Apple has provided NO entitlement
> you can code sign your app with to allow full disk access. They see
> individual folder access (like Documents, Desktop, etc.) and Full Disk
> Access (which subsumes all individual folder access) as being only
> grantable by the user.
>
> QUESTIONS:
>
> 1) Any one else run into any situations where Catalina is failing to
> detect and ask for ANY given entitlement?
>
> 2) Any one else run into failures in detecting and asking for disk
> access entitlements?
>
> 3) If you have this problem, do you you tell customers to grant the app
> full disk access before running it? If so, how do you phrase that in a
> way that makes them comfortable and works?
>
> 4) Does anyone know of an entitlement for macOS Catalina that allows
> full disk access? Or even access to say the Applications folder?
>
>
> P.S. If we can produce a recipe that is reliable, we will file a bug
> report on this. At the very least, LC may want to update "start using"
> to return an error code so you don't have to trap it with a try...end
> try block.
>
>
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
More information about the use-livecode
mailing list