Open sneak opened 1 year ago
Hey @sneak, this is currently required so that the we can install the certificates for IMAP and SMTP. We are looking into ways on how to improve this for the future.
Why not let it work without installing the certificates? The older versions worked fine (with a certificate trust prompt).
If I can't use the bridge any longer (there is zero percent chance I am giving it root) I have to migrate my domains off of PM. I suppose I can use the old bridge version until the API diverges far enough.
To clarify. You need to give permission to Bridge to install the certificates, it's a security feature on macOS. Bridge does not run in admin mode.
I think it is a bug then that bridge completely fails if it is denied root to install the certificates.
I will personally go back to using the last version that doesn't fail in this way. Seems to me that bridge should still, well, bridge even in the case where it isn't given arbitrary permission to modify my local certificate store without consent.
Unfortunately, this is a currently requirement for Bridge. Apple has increased their security requirements/validations in latest versions of macOS.
If you could report which version of Mac OS you are using and which was the last version of Bridge that did not have this issue, we can potentially investigate what changed.
Would adding them manually to the system be a way to resolve this problem then? FWIW, I have this issue too and would consider it nice to be able to confirm what certs are being trusted in advance on my system if that's the source of the issue.
@GoodPants the certificate is required for the encryption of the IMAP/SSL connection.
We are currently working on improving this by using the user keychain rather than the system keychain.
We will release this improvement as soon as it is ready.
Expected Behavior
email client bridge runs as a normal user and does not modify my system
Current Behavior
bridge is demanding administrative privs on launch and fails with the error "Bridge application exited before providing a gRPC service configuration file." when they are not provided.
Possible Solution
This didn't happen to me with previous older versions of Bridge. I'm not sure when this behavior was introduced.
Steps to Reproduce
Version Information
v3.0.20
Context (Environment)
macOS