Opened 10 months ago

Last modified 8 months ago

#69240 assigned defect

Launch item "Joshua Root" created on installation without explanation

Reported by: databu (Bastian) Owned by:
Priority: Normal Milestone:
Component: base Version:
Keywords: Cc:
Port:

Description

When I was installing Macports for Sonoma (14.3), I was notified that a background item "Joshua Root" was added. Others have reported the same.

Looking into System Settings -> General -> Login Items, I find it under "Allow in the Background".

The name "Joshua Root" doesn't give any info on what it does or why it's required. There was also no hint during the installation process that I can remember. Given the sensitivity of launch items and background processes wrt. security and privacy, I don't think this is acceptable. I therefore file it as a defect.

Change History (12)

comment:1 Changed 10 months ago by ryandesign (Ryan Carsten Schmidt)

Component: portsbase
Owner: set to jmroot
Status: newassigned

Josh is the person who creates the MacPorts installers and signs them with his certificate. Therefore, the MacPorts daemondo program that is used as a wrapper in most launch items is reported as being provided by Josh, even though he has nothing to do with the software that daemondo is launching. Launch items can be created by any port and they are not usually individually identified in these macOS notifications.

comment:2 Changed 10 months ago by databu (Bastian)

Thanks for the explanation. It would be much better if a better name could be given to the launch item. Other launch items have the name of the app or component that they're launching. So e.g. naming it "MacPorts daemondo" would be better, then one would see that it comes from MacPorts and which process it refers to. That would make it easy to online-search and find an appropriate documentation page, which could then explain what it does, and that it's used by different ports.

comment:3 Changed 10 months ago by jmroot (Joshua Root)

Owner: jmroot deleted

We don't have any control over how Apple reports things. We don't set my name as the name of the software anywhere, so Apple is just pulling it from the Developer ID used to sign the binaries. The exact wording of the message is "software from Joshua Root" to be fair, which is accurate. The name of the executable is daemondo and the identifier used for the MacPorts installer package is org.macports.base. The launchd .plists installed by ports (which are what run daemondo) set their Label property to org.macports.${portname}.

Unless the work is done to make MacPorts a legal entity that Apple would issue a Developer ID to, and someone pays for the Apple Developer subscription for the project, there isn't much we could do about this.

Last edited 10 months ago by jmroot (Joshua Root) (previous) (diff)

comment:4 Changed 10 months ago by databu (Bastian)

I see. That's unfortunate.

I thought one could maybe set the name somewhere, as I have several apps which have different launch items with different names. E.g. "Docker" and "Docker.app", or "IDrive Incorporated" and "IDWebManagement". But maybe these guys just have registered multiple entities and Apple dev accounts then?

Anyway, at least the doc page or section could still be created for it?

comment:5 Changed 10 months ago by jmroot (Joshua Root)

If you find out a way to change what is displayed without using a different Developer ID to sign the code, we would of course love to hear about it.

comment:6 Changed 10 months ago by ryandesign (Ryan Carsten Schmidt)

I wanted to point out that just installing MacPorts itself does not install a startup item or cause that notification to appear. But using MacPorts to install or upgrade particular ports will do so because those ports install startup items. For example, if you use MacPorts to install apache2 or a port that depends on it, then apache2 will be installed along with its startup item that lets you keep the Apache web server running in the background. For the vast majority of ports that have startup items, the startup items do not run anything until you use an additional command to tell them to start running. MacPorts prints a note to the terminal at the end of the installation process telling you these things so hopefully the additional notification that macOS now presents about it isn't much of a surprise.

Not all ports that install startup items use daemondo. Those that don't will show notifications about whatever program they run. The vast majority of software installed by MacPorts is built by MacPorts from source so it is not signed so since the notification cannot pull the name of the entity that signed it, the notification shows the name of the executable. For example, if you install the dbus port, which is a dependency of many ports, on macOS 13 or later you would see this notification:

"dbus-daemon" is an item that can run in the background. You can manage this in Login Items Settings.

If we want to move away from plastering Josh's name over every user's notification system, we could try to move away from using daemondo. daemondo was created 19 years ago back when launchd was new in Mac OS X 10.4 and many server programs could not be started by launchd directly; they needed daemondo to act as an intermediary. These days, that's probably much less necessary.

comment:7 in reply to:  5 Changed 10 months ago by databu (Bastian)

Replying to jmroot:

If you find out a way to change what is displayed without using a different Developer ID to sign the code, we would of course love to hear about it.

Sure, I'll do some research, though I don't have much Mac dev experience to speak of, and no subscription to test with myself.

comment:8 in reply to:  6 ; Changed 10 months ago by databu (Bastian)

Replying to ryandesign:

I wanted to point out that just installing MacPorts itself does not install a startup item or cause that notification to appear. But using MacPorts to install or upgrade particular ports will do so because those ports install startup items. For example, if you use MacPorts to install apache2 or a port that depends on it, then apache2 will be installed along with its startup item that lets you keep the Apache web server running in the background. For the vast majority of ports that have startup items, the startup items do not run anything until you use an additional command to tell them to start running. MacPorts prints a note to the terminal at the end of the installation process telling you these things so hopefully the additional notification that macOS now presents about it isn't much of a surprise.

Right. I did the whole upgrade process from a previous version, including re-installing all ports. But I seem to remember that the notification appeared when installing the new Macports version, rather than when re-installing the ports. But I can't verify this now.

Not all ports that install startup items use daemondo. Those that don't will show notifications about whatever program they run. The vast majority of software installed by MacPorts is built by MacPorts from source so it is not signed so since the notification cannot pull the name of the entity that signed it, the notification shows the name of the executable. For example, if you install the dbus port, which is a dependency of many ports, on macOS 13 or later you would see this notification:

"dbus-daemon" is an item that can run in the background. You can manage this in Login Items Settings.

That's actually much better; I hope more ports move away from daemondo...

If we want to move away from plastering Josh's name over every user's notification system, we could try to move away from using daemondo. daemondo was created 19 years ago back when launchd was new in Mac OS X 10.4 and many server programs could not be started by launchd directly; they needed daemondo to act as an intermediary. These days, that's probably much less necessary.

Maybe forcing them isn't necessary, if we can document it. You mentioned that there's terminal output about it, but if you miss that -- which is easy because there's a lot of terminal output e.g. when re-installing all ports --, it's not easy at all to find out what this startup item is about. If you have many packages installed, chances are that the reinstall command runs in a terminal in the background somewhere, while the user is doing other things.

So when I noticed the notification, I wasn't even sure what might have caused it. And searching for it lead me to the above linked Reddit page, rather than a docs page on https://www.macports.org .

comment:9 in reply to:  8 ; Changed 10 months ago by ryandesign (Ryan Carsten Schmidt)

Replying to databu:

You mentioned that there's terminal output about it, but if you miss that -- which is easy because there's a lot of terminal output e.g. when re-installing all ports --, it's not easy at all to find out what this startup item is about.

That's why the notes are printed at the end, after all installations have finished.

comment:10 in reply to:  8 Changed 10 months ago by jmroot (Joshua Root)

Replying to databu:

Right. I did the whole upgrade process from a previous version, including re-installing all ports. But I seem to remember that the notification appeared when installing the new Macports version, rather than when re-installing the ports. But I can't verify this now.

It could well be that upgrading base triggered a new notification for existing LaunchDaemons because the daemondo binary was changed.

comment:11 in reply to:  3 Changed 8 months ago by ryandesign (Ryan Carsten Schmidt)

Replying to jmroot:

We don't have any control over how Apple reports things. We don't set my name as the name of the software anywhere, so Apple is just pulling it from the Developer ID used to sign the binaries. The exact wording of the message is "software from Joshua Root" to be fair, which is accurate.

Per the screenshot in the Reddit post linked in the issue description, in macOS Sonoma at least, and maybe already in macOS Ventura, in System (Settings|Preferences) -> General -> Login Items, there is a section below the login items that shows launchd plists. It doesn't say "software from Joshua Root" there; it says only "Joshua Root".

The developer of Tunnelblick is having a similar problem with his software: https://github.com/Tunnelblick/Tunnelblick/issues/771

comment:12 in reply to:  9 Changed 8 months ago by databu (Bastian)

Replying to ryandesign:

That's why the notes are printed at the end, after all installations have finished.

Sorry I forgot to answer earlier.

Ok, next time I'll try to pay more attention to see when exactly the notification happens, and when the note is given in the shell.

It might still be good to add info about this to the docs though, so it's more easily web-searchable.

Note: See TracTickets for help on using tickets.