networkException
commented
1 year ago Does this work in vanilla chromium?
Open rvsit opened 1 year ago
networkException
commented
1 year ago Does this work in vanilla chromium?
rvsit
commented
1 year ago Unsure, but it seems to have something to do with the signature/entitlements, see https://chromium.googlesource.com/chromium/src/+/lkgr/device/fido/mac/touch_id_context.mm So I don't think there is anything we can do to fix it?
PF4Public
commented
4 months ago This is an old issue, that didn't show much activity recently and probably lost its significance — closing. If you have any more information to add, let us know.
MrChocolatine
commented
3 months ago Can we reopen this ticket please? This is still an issue, for instance with GitHub:
PF4Public
commented
3 months ago Sure, to improve the visibility, but apart from that it could very well be that this issue is inherently unsolvable.
MrChocolatine
commented
3 months ago Sure, to improve the visibility, but apart from that it could very well be that this issue is inherently unsolvable.
because of this previous message? https://github.com/ungoogled-software/ungoogled-chromium-macos/issues/93#issuecomment-1256893007
PF4Public
commented
3 months ago because of this previous message? #93 (comment)
Partially, yes. Someone has to debug it, but no one seems to be eager enough.
MrChocolatine
commented
3 months ago Unfortunately I do not have the knowledge to help, not my field.
Cubik65536
commented
3 months ago @MrChocolatine Can you confirm how this behaves on Vanilla Chromium (Chromium w/ Google)?
MrChocolatine
commented
3 months ago @Cubik65536
I cannot test with vanilla Chromium as it conflicts with Ungoogled-Chromium:
➜ ~ brew install --cask chromium
==> Downloading https://formulae.brew.sh/api/cask.jws.json
...
Error: Cask 'chromium' conflicts with 'eloston-chromium'.Maybe there is a way to bypass this conflict I am not aware of.
Cubik65536
commented
3 months ago @Cubik65536
I cannot test with vanilla Chromium as it conflicts with Ungoogled-Chromium:
➜ ~ brew install --cask chromium ==> Downloading https://formulae.brew.sh/api/cask.jws.json ... Error: Cask 'chromium' conflicts with 'eloston-chromium'.Maybe there is a way to bypass this conflict I am not aware of.
Don't download via HomeBrew, just download dmg from Chromium site and directly run the .app.
Cubik65536
commented
3 months ago Any updates? And can you check if signed binaries at https://github.com/claudiodekker/ungoogled-chromium-binaries works with this? /cc @MrChocolatine
MrChocolatine
commented
3 months ago Don't download via HomeBrew, just download dmg from Chromium site and directly run the
.app.
Still unable to execute Chromium:
“Chromium.app” is damaged and can’t be opened. You should move it to the Bin.
And I tried several times.
Cubik65536
commented
3 months ago Don't download via HomeBrew, just download dmg from Chromium site and directly run the
.app.Still unable to execute Chromium:
“Chromium.app” is damaged and can’t be opened. You should move it to the Bin.
And I tried several times.
@MrChocolatine Right-Click the app, select open, and then the system will prompt you with the option to run anyway.
Cubik65536
commented
3 months ago Oh I might misunderstood your issue, you need to download the version with the right architecture (arm or intel). The Chromium page seems to provide only one.
MrChocolatine
commented
2 months ago Yep, that's what I did and I get the above error.
I just tried again and same result when running the .app file, even with Ungoogled-Chromium closed.
https://download-chromium.appspot.com/dl/Mac_arm?type=snapshots
Cubik65536
commented
2 months ago Ummm, this runs very well for me. Are you running M-series chips?
Cubik65536
commented
2 months ago I tested on Vanilla Chromium, and it seems that auth doesn't work either with Vanilla Chromium...
I got a different prompt though (it is just the QR Code with a message saying USB key is available as option). Do you have the most recent version of UGC? If not, can you update and test again? /cc @MrChocolatine
RobusK
commented
2 months ago This was also discussed here: https://github.com/ungoogled-software/ungoogled-chromium/issues/2606
Apparently it's because of a missing entitlement: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_web-browser_public-key-credential?changes=_3
MrChocolatine
commented
1 week ago Sorry for my lack of response. Still same issue, Touch ID not recognised.
And I am using the latest version of UGC available for macOS: https://github.com/ungoogled-software/ungoogled-chromium-macos/releases/tag/125.0.6422.141-1.1
Cubik65536
commented
1 week ago Sorry for my lack of response. Still same issue, Touch ID not recognised.
And I am using the latest version of UGC available for macOS:
125.0.6422.141-1.1(release)
Maybe also try the signed version: https://github.com/claudiodekker/ungoogled-chromium-macos/releases/tag/125.0.6422.141-1.1
As it may be this problem:
it's because of a missing entitlement
RobusK
commented
1 week ago The signed app doesn't have the com.apple.developer.web-browser.public-key-credential entitlement either.
Is there a way to locally sign the app with the restricted entitlement? I naively tried running
codesign --force --options runtime --deep --entitlements ./Chromium.app_entitlements.plist --sign 'Apple Development: REDACTED' ./Chromium.app, but as soon as I add a restricted entitlement, I get this:
❯ open Chromium.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600001061950 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
Cubik65536
commented
1 week ago The signed app doesn't have the
com.apple.developer.web-browser.public-key-credentialentitlement either.Is there a way to locally sign the app with the restricted entitlement? I naively tried running
codesign --force --options runtime --deep --entitlements ./Chromium.app_entitlements.plist --sign 'Apple Development: REDACTED' ./Chromium.app, but as soon as I add a restricted entitlement, I get this:
❯ open Chromium.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600001061950 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
I'll look into it.
Cubik65536
commented
1 week ago The signed app doesn't have the
com.apple.developer.web-browser.public-key-credentialentitlement either.Is there a way to locally sign the app with the restricted entitlement? I naively tried running
codesign --force --options runtime --deep --entitlements ./Chromium.app_entitlements.plist --sign 'Apple Development: REDACTED' ./Chromium.app, but as soon as I add a restricted entitlement, I get this:
❯ open Chromium.app The application cannot be opened for an unexpected reason, error=Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x600001061950 {Error Domain=NSPOSIXErrorDomain Code=153 "Unknown error: 153" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}
@RobusK There's a codesign command at the end of build.sh, would you like to try to modify it and try to see if you can sign with your entitlement? I don't have a paid developer account and unfortunately cannot test it myself.
RobusK
commented
1 week ago @Cubik65536 I don't have an entitlement, nor a paid development either. I merely used the personal certificate one can generate in Xcode. Sorry for the confusion.
Cubik65536
commented
1 week ago @Cubik65536 I don't have an entitlement, nor a paid development either. I merely used the personal certificate one can generate in Xcode. Sorry for the confusion.
Okay, thanks for the clarification...
@claudiodekker could you try to build one version on your side with the entitlement mentioned above (com.apple.developer.web-browser.public-key-credential)?
I am trying to get a development certificate for UGC, but I just can't afford to pay that at the moment... maybe we need to look further for some solutions.
claudiodekker
commented
1 week ago @Cubik65536 Adding that caused a failure, which has to do with the fact that the web browser entitlement needs to be requested and assigned by Apple manually. I've submitted a request to them to obtain this entitlement for embedding as part of my builds.
Cubik65536
commented
1 week ago @Cubik65536 Adding that caused a failure, which has to do with the fact that the web browser entitlement needs to be requested and assigned by Apple manually. I've submitted a request to them to obtain this entitlement for embedding as part of my builds.
Thanks! Keep me posted please!
In the current build of ungoogled chromium on macos there is no option to authenticate with Touch ID through webauthn.
Steps to reproduce:
Left is Ungoogled Chromium, right is Chrome
I understand this might have something to do with signatures, is there anything we could do to possibly self sign it or something?