[Vm-dev] [squeak-dev] Squeak 6 on Mac

Andrei Chis chisvasileandrei at gmail.com
Wed Jul 6 20:42:31 UTC 2022


Hi,
(resending the message as before I attached a picture and the message
was too large)

Not sure if relevant for Squeak, or if it still works, but we hit the
same issue some time ago in GT.
At that time we used SecTranslocateIsTranslocatedURL from
/System/Library/Frameworks/Security.framework/Security to
"untranslocate" the app (something like [1]).

Currently we check the vm directory and based on it, in case we detect
translocation, we do some workarounds. Not ideal, but avoid the issue
from a user perspective.

Cheers,
Andrei

[1] https://github.com/feenkcom/opensmalltalk-vm/blob/f33d1e66904066d0e1b71e225af480f5a86bae66/src/fileDialogMac.m#L15

On Wed, Jul 6, 2022 at 9:55 PM Tobias Pape <Das.Linux at gmx.de> wrote:
>
>
>
> Hi Eliot
> > On 6. Jul 2022, at 18:32, Eliot Miranda <eliot.miranda at gmail.com> wrote:
> >
> >
> >
> > On Tue, Jul 5, 2022 at 10:08 PM Tobias Pape <Das.Linux at gmx.de> wrote:
> > Hi Eliot
> >
> > > On 6. Jul 2022, at 00:24, Eliot Miranda <eliot.miranda at gmail.com> wrote:
> > >
> > [...]
> > > >
> > > > I'm not using the DMG.  I downloaded the all-in-one, and moved it.
> >
> > judging from the path below, yes you moved it, but not _out of_ anything in ~/Downloads ...
> >
> > Yes I did.  My downloads folder is ~/Downloads.
> > My Squeak folder is ~/Squeak.
>
> That's why I said "judging from the path below".
> Sorry, I may have be misled by the Squeak6 in this one:
> ==
> > > Squeak$ xattr -l Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
> > > com.apple.quarantine: 0083;62c487a3;Safari;2D1FCF49-69DA-447C-BA51-16CC663654C4
>
> ==
>
> I thought this Squeak6 was below ~/Downloads, as you indicated there was a Squeak6 in ~/Downloads
>
> But I now see that the Quarantine UUID is different....
>
> > Safari downloaded Squeak6.0-22101-64bit-All-in-One.zip to Dowenloads, unpacked it to ~/Downloads/Squeak6, and moved the zip to the trash folder (~/.Trash)
> > I moved Squeak6 to Squeak ($ mv ~/Downloads/Squeak6 ~/Squeak) and ran it there.
>
> Ahh did you  really do mv or did you drag-n-drop via finder?
> The first one won't remove the quarantine, the second one will.
> Apple's choice
>
> >
> > Look, the issue isn't whether I can do the right thing or not.  The issue is that new users on the Mac will download via the website, likely just as I did, and they will get something that doesn't work.  So instead of telling me what the right thing to do is, update the Web site so that people going there can do the right thing.
>
> Look the issue is that Apple wants all developers to jump on the App/Sandbox-bandwagon and make handwaving security claims as to why
> things we do is scary.
>
> They only support exactly one workflow:
> - Download
> - (maybe open DMG or extract zip)
> - Drag-and-drop the thing to Somewhere else
> - run.
>
> For any other workflow it is extremely likely to trip of Gatekeeper and its translocation.
>
> We Cant Change that.
>
> What we can do is:
> - DO not offer the AIO anymore
> - Force users to use the DMG
> - and somehow force users to move the App out of the DMG
>   (remember the fancy background images with arrows to indicate you should drag-n-drop the newfangled program to the /Applications folder?)
>
> Sorry, Apple seems to hate people that do not stick to the One Workflow™
>
> Best regards
>         -Tobias
>
> >
> >
> > >
> > > In that case, I really wonder what's going on.
> > > Can you give me the output of
> > >
> > > ls -le@ Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
> > >
> > > Squeak$ ls -le@ Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
> > > -rwxr-xr-x@ 1 eliot  staff  4100688 Jul  4 16:30 Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
> > > com.apple.quarantine      57
> >
> > This quarantine will trip of Translocation
> >
> > > Squeak$ ls -le@ Squeak6/Squeak6.0-22101-64bit-All-in-One.app
> > > total 0
> > > drwxr-xr-x@ 10 eliot  staff  320 Jul  4 16:32 Contents
> > > com.apple.quarantine 57
> > >
> > >
> > > xattr -l Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
> > >
> > > Squeak$ xattr -l Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
> > > com.apple.quarantine: 0083;62c487a3;Safari;2D1FCF49-69DA-447C-BA51-16CC663654C4
> > >
> > > Squeak$ xattr -l Squeak6/Squeak6.0-22101-64bit-All-in-One.app
> > > com.apple.quarantine: 0083;62c487a3;Safari;2D1FCF49-69DA-447C-BA51-16CC663654C4
> > >
> > >
> > > xattr -l $PATH_OF_THE_DOWNLOADED_THING
> > >
> > > xattr -l ~/Downloads/Squeak6
> > > com.apple.quarantine: 0083;62c4b913;Safari;90386985-D5B9-4492-AF0B-766931630126
> > >
> > > Squeak$ xattr -l ~/Downloads/Squeak6/Squeak6.0-22101-64bit-All-in-One.app
> > > com.apple.quarantine: 0083;62c4b913;Safari;90386985-D5B9-4492-AF0B-766931630126
> >
> > Same.
> >
> > Can you please try again:
> >  * unzip
> >  * move the AIO somewhere _not_ below ~/Donwloads a
> >
> > and check that xattr or ls -le@ on the binary do not contain the quarantine?
> >
> >
> >
> > >
> > >
> > > please?
> > >
> > >
> > > >
> > > > (this is unavoidable.)
> > > >
> > > > Have you got a pointer to the relevant documentation?
> > >
> > > Apple is scarce on any usable stuff lately…
> > >
> > >
> > > >  Do I have to duplicate the Squeak6 directory?
> > >
> > > you should not, if you moved stuff, macOS should have disabled translocation -.-
> > >
> > > Lapcatsoftware has old info:
> > >         https://lapcatsoftware.com/articles/app-translocation.html
> > >
> > > Here's someone avoiding translocation via some exploit, hence not recommendable:
> > >         https://www.synack.com/blog/untranslocating-apps/
> > >
> > > Forum says signing the dmg or bundle helps (https://developer.apple.com/forums/thread/133743):
> > > "
> > > >Another solution is to sign the .dmg file too, that should avoid app translocation if I remember correctly.
> > > Right.
> > > "
> > >
> > > This I can help with.  We have to do this for Virtend.  We sign both the app bundle and the DMG.  I guess one can also sign a zip for the all-in-one (since one uploads a zip containing either the app bundle or the dmg).
> >
> > Cool, maybe the signing helps.
> > But let's first make sure the translocation does not happen when the fresh bundle is moved out of the "contaminated" location.
> >
> > Best regards
> >         -Tobias
> >
> > >
> > >
> > > We probably have to be tighter in stuff, I just found a "howto":
> > > - https://developer.apple.com/forums/thread/701581#701581021
> > > - https://developer.apple.com/forums/thread/701514#701514021 (for signing or so…)
> > >
> > >
> > > :( yay more work.
> > >
> > > I have scripts etc.  So LMK
> > >
> > >
> > > Best regards
> > >         -Tobias
> > >
> > > thanks!
> > >
> > > >
> > > > Best regards
> > > >         -Tobias
> > > > >
> > > > > Best,
> > > > > Marcel
> > > > >> Am 05.07.2022 21:03:47 schrieb Eliot Miranda <eliot.miranda at gmail.com>:
> > > > >>
> > > > >> Hi all,
> > > > >>
> > > > >>     apologies for raining on the parade. Here's what I get when I either launch the Squeak6 app bundle or drop an image on it.  How can this be fixed?  It's not a good default.
> > > > >>
> > > > >>
> > > > >> <image.png>
> > > > >> _,,,^..^,,,_
> > > > >> best, Eliot
>
>
>


More information about the Vm-dev mailing list