search

OpenIntelWireless / HeliPort

Intel Wi-Fi Client for itlwm
https://OpenIntelWireless.github.io/HeliPort
BSD 3-Clause "New" or "Revised" License
1.09k stars 123 forks source link

Heliport can't be opened because of system policy changes on Sequoia beta #259

Closed perez987 closed 1 month ago

perez987 commented 1 month ago

What happened?

On Sequoia beta 3, Heliport 1.5.0-alpha can't be opened, dialog says that it's damaged and must go to recycle bin.

Before Sequoia, I can do sudo spctl --global-disable and apps from not authorized developers can be run. But sequoia has lost sudo spctl--global-disable and sudo spctl--global-enable commands. We must run gktool instead.

As far as I know, gktool is applied in a per app way, e.g. gktool scan /Applications/HeliPort.app . Doing so, a warnign says that Heliport can't be included in the software allowed by system policy.

If I run these commands:

sudo xattr -rd com.apple.quarantine /Applications/HeliPort.app
xattr -cr /Applications/HeliPort.app 
codesign --sign - --force --deep /Applications/HeliPort.app

Heliport can be opened with no issue.

Did you have this issue?

Sorry if I can´t give a deeper info. Tell me how can I help.

Steps To Reproduce

  1. Download Heliport
  2. Run it
  3. Warning says it's damaged and must go to recycle bin
  4. Run gktool, no fix
  5. Run xattr
  6. Heliport now can be run as expected.

Software Version

v1.4.0-alpha

OS Version

15 developer beta 3

Relevant Log Output

No bug report file.

williambj1 commented 1 month ago

Hi, thanks for reporting this issue.

Got my hands on a VM running beta 3 and gave it a try. Seems that it is still possible to run HeliPort without touching the command line. However users would need to go to System Settings - Privacy & Security, scroll all the way to the bottom and manually allow the app to run.

Unfortunately, there's not much we can do since we neither have a membership in the Apple Developer Program nor intend to pay and enrol in it.

Zyvoxi commented 1 month ago

Disable Gatekeeper.mobileconfig.zip Profile to disable GateKeeper in beta 3, courtesy of dhinakg (one of the developers of OCLP).

perez987 commented 1 month ago

@Zyvoxi Thank you! @williambj1 Thanks, I close the issue, maybe we'll have good news later.

Zyvoxi commented 1 month ago

Got my hands on a VM running beta 3 and gave it a try. Seems that it is still possible to run HeliPort without touching the command line. However users would need to go to System Settings - Privacy & Security, scroll all the way to the bottom and manually allow the app to run.

I tested it on my machine without the profile to disable Gatekeeper, and it says that the HeliPort is damaged and cannot be opened, offering no option to open it in the Privacy and Security settings.

perez987 commented 1 month ago

Reopened to go ahead with the comments.

perez987 commented 1 month ago

@Zyvoxi My system has different behaviour, it says that the HeliPort is damaged and cannot be opened but it offers the option to allow the app in Privacy and Security Settings. By the way, dhinakg's profile works fine, it's not signed so maybe is not totally confiable for some users but it works as expected.

perez987 commented 1 month ago

There is a free app written in swift, Sentinel:

dhinakg profile (thanks @Zyvoxi) or Sentinel app are enough for me to fix this issue. Closing it.