Open rvsit opened 1 year ago
Does this work in vanilla chromium?
Unsure, but it seems to have something to do with the signature/entitlements, see https://chromium.googlesource.com/chromium/src/+/lkgr/device/fido/mac/touch_id_context.mm So I don't think there is anything we can do to fix it?
This is an old issue, that didn't show much activity recently and probably lost its significance — closing. If you have any more information to add, let us know.
Can we reopen this ticket please? This is still an issue, for instance with GitHub:
Sure, to improve the visibility, but apart from that it could very well be that this issue is inherently unsolvable.
Sure, to improve the visibility, but apart from that it could very well be that this issue is inherently unsolvable.
because of this previous message? https://github.com/ungoogled-software/ungoogled-chromium-macos/issues/93#issuecomment-1256893007
because of this previous message? #93 (comment)
Partially, yes. Someone has to debug it, but no one seems to be eager enough.
Unfortunately I do not have the knowledge to help, not my field.
@MrChocolatine Can you confirm how this behaves on Vanilla Chromium (Chromium w/ Google)?
@Cubik65536
I cannot test with vanilla Chromium as it conflicts with Ungoogled-Chromium:
➜ ~ brew install --cask chromium
==> Downloading https://formulae.brew.sh/api/cask.jws.json
...
Error: Cask 'chromium' conflicts with 'eloston-chromium'.
Maybe there is a way to bypass this conflict I am not aware of.
@Cubik65536
I cannot test with vanilla Chromium as it conflicts with Ungoogled-Chromium:
➜ ~ brew install --cask chromium ==> Downloading https://formulae.brew.sh/api/cask.jws.json ... Error: Cask 'chromium' conflicts with 'eloston-chromium'.
Maybe there is a way to bypass this conflict I am not aware of.
Don't download via HomeBrew, just download dmg from Chromium site and directly run the .app
.
Any updates? And can you check if signed binaries at https://github.com/claudiodekker/ungoogled-chromium-binaries works with this? /cc @MrChocolatine
Don't download via HomeBrew, just download dmg from Chromium site and directly run the
.app
.
Still unable to execute Chromium:
“Chromium.app” is damaged and can’t be opened. You should move it to the Bin.
And I tried several times.
Don't download via HomeBrew, just download dmg from Chromium site and directly run the
.app
.Still unable to execute Chromium:
“Chromium.app” is damaged and can’t be opened. You should move it to the Bin.
And I tried several times.
@MrChocolatine Right-Click the app, select open, and then the system will prompt you with the option to run anyway.
Oh I might misunderstood your issue, you need to download the version with the right architecture (arm or intel). The Chromium page seems to provide only one.
Yep, that's what I did and I get the above error.
I just tried again and same result when running the .app
file, even with Ungoogled-Chromium closed.
https://download-chromium.appspot.com/dl/Mac_arm?type=snapshots
Ummm, this runs very well for me. Are you running M-series chips?
I tested on Vanilla Chromium, and it seems that auth doesn't work either with Vanilla Chromium...
I got a different prompt though (it is just the QR Code with a message saying USB key is available as option). Do you have the most recent version of UGC? If not, can you update and test again? /cc @MrChocolatine
This was also discussed here: https://github.com/ungoogled-software/ungoogled-chromium/issues/2606
Apparently it's because of a missing entitlement: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_web-browser_public-key-credential?changes=_3
Sorry for my lack of response. Still same issue, Touch ID not recognised.
And I am using the latest version of UGC available for macOS: https://github.com/ungoogled-software/ungoogled-chromium-macos/releases/tag/125.0.6422.141-1.1
Sorry for my lack of response. Still same issue, Touch ID not recognised.
And I am using the latest version of UGC available for macOS:
125.0.6422.141-1.1
(release)
Maybe also try the signed version: https://github.com/claudiodekker/ungoogled-chromium-macos/releases/tag/125.0.6422.141-1.1
As it may be this problem:
it's because of a missing entitlement
The signed app doesn't have the com.apple.developer.web-browser.public-key-credential
entitlement either.
Is there a way to locally sign the app with the restricted entitlement? I naively tried running
codesign --force --options runtime --deep --entitlements ./Chromium.app_entitlements.plist --sign 'Apple Development: REDACTED' ./Chromium.app
, but as soon as I add a restricted entitlement, I get this:
❯ open Chromium.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600001061950 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
The signed app doesn't have the
com.apple.developer.web-browser.public-key-credential
entitlement either.Is there a way to locally sign the app with the restricted entitlement? I naively tried running
codesign --force --options runtime --deep --entitlements ./Chromium.app_entitlements.plist --sign 'Apple Development: REDACTED' ./Chromium.app
, but as soon as I add a restricted entitlement, I get this:
❯ open Chromium.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600001061950 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
I'll look into it.
The signed app doesn't have the
com.apple.developer.web-browser.public-key-credential
entitlement either.Is there a way to locally sign the app with the restricted entitlement? I naively tried running
codesign --force --options runtime --deep --entitlements ./Chromium.app_entitlements.plist --sign 'Apple Development: REDACTED' ./Chromium.app
, but as soon as I add a restricted entitlement, I get this:
❯ open Chromium.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600001061950 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
@RobusK There's a codesign command at the end of build.sh
, would you like to try to modify it and try to see if you can sign with your entitlement? I don't have a paid developer account and unfortunately cannot test it myself.
@Cubik65536 I don't have an entitlement, nor a paid development either. I merely used the personal certificate one can generate in Xcode. Sorry for the confusion.
@Cubik65536 I don't have an entitlement, nor a paid development either. I merely used the personal certificate one can generate in Xcode. Sorry for the confusion.
Okay, thanks for the clarification...
@claudiodekker could you try to build one version on your side with the entitlement mentioned above (com.apple.developer.web-browser.public-key-credential
)?
I am trying to get a development certificate for UGC, but I just can't afford to pay that at the moment... maybe we need to look further for some solutions.
@Cubik65536 Adding that caused a failure, which has to do with the fact that the web browser entitlement needs to be requested and assigned by Apple manually. I've submitted a request to them to obtain this entitlement for embedding as part of my builds.
@Cubik65536 Adding that caused a failure, which has to do with the fact that the web browser entitlement needs to be requested and assigned by Apple manually. I've submitted a request to them to obtain this entitlement for embedding as part of my builds.
Thanks! Keep me posted please!
In the current build of ungoogled chromium on macos there is no option to authenticate with Touch ID through webauthn.
Steps to reproduce:
Left is Ungoogled Chromium, right is Chrome![Left Ungoogled Chromium, right Chrome](https://user-images.githubusercontent.com/7634471/191872619-d42fe176-6743-42df-aff4-d86368d9ec1c.jpeg)
I understand this might have something to do with signatures, is there anything we could do to possibly self sign it or something?