search

quicksilver / Quicksilver

Quicksilver Project Source
http://qsapp.com
Apache License 2.0
2.73k stars 285 forks source link

Codesigning problem: QS doesn't have entitlements to access contacts/ #2676

Closed pjrobertson closed 2 years ago

pjrobertson commented 2 years ago

If I download a signed build from GH Actions, e.g. download the 'Quicksilver 1.6.1.dmg' from: https://github.com/quicksilver/Quicksilver/actions/runs/1978443344

When I try to either grab selection from Finder (open QS then hit ⌘G) or get the current selection from Finder (highlight a file in Finder then hi ⌘⎋) all I get is this:

Screenshot 2022-03-14 at 15 38 42

However if I download the unsigned build Quicksilver.zip or if I build myself from master I can correctly use both services no problem:

Screenshot 2022-03-14 at 15 45 34

Update: this isn't an issue just with the 'Get selection'. The 'Contacts' plugin also doesn't work. It seems like we need to properly set the entitlements for QS on signing. Here are the entitlements for Alfred.app:

/Alfred ❯❯❯ codesign --display --entitlements :- Alfred\ 4.app
Executable=/Volumes/Alfred/Alfred 4.app/Contents/MacOS/Alfred
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.automation.apple-events</key>
    <true/>
    <key>com.apple.security.device.audio-input</key>
    <true/>
    <key>com.apple.security.device.camera</key>
    <true/>
    <key>com.apple.security.personal-information.addressbook</key>
    <true/>
    <key>com.apple.security.personal-information.calendars</key>
    <true/>
    <key>com.apple.security.personal-information.location</key>
    <true/>
    <key>com.apple.security.personal-information.photos-library</key>
    <true/>
</dict>
</plist>

And then for Quicksilver (built after I merged my 'Library validation' stuff:

Executable=/Volumes/Quicksilver/Quicksilver.app/Contents/MacOS/Quicksilver
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
</dict>
</plist>
pjrobertson commented 2 years ago

It looks like there's no entitlement to grant 'full' access to files and folders :(

Here's how Alfred does it though:

Screenshot 2022-03-14 at 16 04 48