Opened 7 weeks ago
Last modified 5 weeks ago
#70945 new defect
All code needs to be signed as of macOS 15
| Reported by: | ryandesign (Ryan Carsten Schmidt) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | base | Version: | 2.10.1 |
| Keywords: | sequoia | Cc: | |
| Port: |
Description (last modified by ryandesign (Ryan Carsten Schmidt))
After installing the buildbot worker software on a 2018 Mac mini running macOS Sequoia, it could not connect to the buildmaster, claiming "No route to host", despite ping and ssh being able to reach that host just fine from the Terminal.
It sounds like macOS 15 requires all code to be signed to access devices on the local network, unless they are run manually in the Terminal. After I ran
sudo codesign --force -s - /opt/bblocal/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python
I got a dialog box asking if I wanted to allow Python to connect to devices on the local network, and after I said yes, then buildbot was able to connect to the master. Only after doing this did Python appear in System Settings > Privacy & Security > Local Network.
Previously I had installed buildbot on an unsupported Mac running macOS Sequoia via OpenCore Legacy Patcher and had not encountered this problem, probably because OCLP disables some aspects of System Integrity Protection.
The need to sign all code on macOS 15 was also mentioned in https://github.com/macports/macports-ports/pull/25862 where it was proposed to add code to a single port to sign its files. It needs to be handled in MacPorts base so that such signing code doesn't need to be added to all 40,000 ports individually.
How we are going to handle pushing out signed versions of all the ports that macOS 15 users have already installed without revbumping all ports, I don't know.
Change History (7)
comment:1 Changed 7 weeks ago by ryandesign (Ryan Carsten Schmidt)
| Description: | modified (diff) |
|---|
comment:2 Changed 7 weeks ago by jmroot (Joshua Root)
comment:3 Changed 7 weeks ago by ryandesign (Ryan Carsten Schmidt)
It has always done so on arm64 but it doesn't appear to on x86_64.
comment:4 Changed 7 weeks ago by ryandesign (Ryan Carsten Schmidt)
It has sign to on arm64 because otherwise programs would not run at all. On x86_64 unsigned code can still run it just can't have special privileges, which apparently now includes accessing local network devices.
comment:5 Changed 7 weeks ago by ryandesign (Ryan Carsten Schmidt)
What I was reading before filing this ticket:
comment:6 Changed 7 weeks ago by jmroot (Joshua Root)
Have you observed this with programs other than python? We've had previous reports of similar problems with python27 and the firewall, e.g. #53168.
comment:7 Changed 5 weeks ago by ryandesign (Ryan Carsten Schmidt)
I haven't tried to observe it with any other program but it seems like it should affect any program.
Does the toolchain not add ad-hoc signatures automatically? This requirement has been in place on arm64 for quite a while.