MobileRead Forums - View Single Post - Sigil-2.3.0 Released

KevinH · 08-16-2024, 11:13 PM

Okay, I manually removed all of those "dangling" rpaths manually using the install_name_tool and then rebuilt Sigil then signed and notarized it.

Then created a tar.xz from it and uploaded it to my BuildSigilOnMac github repo.

I then downloaded it from there, checked to verify that the com.apple.quarantine extended attribute was set.

Unpacked it and then double-clicked to run Sigil.app and this time got a different Warning Message saying that this was downloaded from the internet, and asked if a I was sure I wanted to run it. It went on to say that Apple has checked the software for malware (malicious behavior) and none was found.

So I think that is the best we are gonna get.

So the problem was the dangling rpaths made GateKeeper barf even though Sigil.app was fully code-signed and fully notarized.

So we may have a way forward without having to use curl or xattr -d.

What a pain in the ass they are making this.

They call it security but allow our embedded Python to run any code as long as it uses pure .py files which could really do something nasty but that doesn't matter because we would not want "dangling" rpaths would we ....

So insanely stupid.

I am too tired to fight with this anymore tonight. I will try to build new tar.xz packages for both PageEdit and Sigil for both x86_64 and arm64 tomorrow and use them to replace the builds that are there now. That will of course require another full dangling rpath hunt on the arm64 side since the problems will exist there as well and could impact different files given the python site-packages are different.

08-16-2024, 11:13 PM	#25
KevinH Sigil Developer Posts: 8,884 Karma: 6120478 Join Date: Nov 2009 Device: many	Okay, I manually removed all of those "dangling" rpaths manually using the install_name_tool and then rebuilt Sigil then signed and notarized it. Then created a tar.xz from it and uploaded it to my BuildSigilOnMac github repo. I then downloaded it from there, checked to verify that the com.apple.quarantine extended attribute was set. Unpacked it and then double-clicked to run Sigil.app and this time got a different Warning Message saying that this was downloaded from the internet, and asked if a I was sure I wanted to run it. It went on to say that Apple has checked the software for malware (malicious behavior) and none was found. So I think that is the best we are gonna get. So the problem was the dangling rpaths made GateKeeper barf even though Sigil.app was fully code-signed and fully notarized. So we may have a way forward without having to use curl or xattr -d. What a pain in the ass they are making this. They call it security but allow our embedded Python to run any code as long as it uses pure .py files which could really do something nasty but that doesn't matter because we would not want "dangling" rpaths would we .... So insanely stupid. I am too tired to fight with this anymore tonight. I will try to build new tar.xz packages for both PageEdit and Sigil for both x86_64 and arm64 tomorrow and use them to replace the builds that are there now. That will of course require another full dangling rpath hunt on the arm64 side since the problems will exist there as well and could impact different files given the python site-packages are different. Last edited by KevinH; 08-17-2024 at 01:29 PM.