wakatime / xcode-wakatime

Xcode plugin for automatic time tracking and metrics generated from your programming activity.
https://wakatime.com/xcode
BSD 3-Clause "New" or "Revised" License
393 stars 28 forks source link

Installing plugin makes Xcode require new sign-in on each launch #36

Open cseder opened 6 years ago

cseder commented 6 years ago

After installing this plugin I have to re-authenticate with my Apple ID each time I open Xcode to access my code-signing certificates.

I suspect all the certificate signing processes needed for installing this plugin is causing this extremely annoying behavior. Every time I use a tool that launches an Xcode build process it fails to sign the produced build because the session has expired in Xcode.

Using Xcode Version 10.1 (10B61) on MacOS 10.14.1.

alanhamlett commented 6 years ago

Tested on same versions and couldn't reproduce. Maybe it's a Keychain Access setting?

hujaber commented 6 years ago

I have the same issue. Every time I open Xcode, all accounts are logged out and I have to sign in again. I add 3 accounts (one of them is my personal account) and on next launch I can only find 2 out of 3 (both have login expired) and the third one (mine) is totally missing.

cseder commented 6 years ago

@alanhamlett Tested on same versions and couldn't reproduce. Maybe it's a Keychain Access setting?

Keychain Access was functioning just fine. I believe it was the re-signing of Xcode with a non-apple certificate that caused the problem.

@hujaber I have the same issue. Every time I open Xcode, all accounts are logged out and I have to sign in again. I add 3 accounts (one of them is my personal account) and on next launch I can only find 2 out of 3 (both have login expired) and the third one (mine) is totally missing.

What I ended up having to do to get this problem fixed was to uninstall Xcode altogether, then create a new user account on my Mac and re-install Xcode from the App Store.

hujaber commented 6 years ago

@cseder So:

  1. uninstall Xcode
  2. Create a new user account? System user? Or wakatime? Didn't get that point clearly
  3. Reinstall Xcode.

Right?

cseder commented 6 years ago

@hujaber

Correct.

  1. Uninstall Xcode
  2. Create a new system admin user, log in and install Xcode

I just backed up my files and started using the new user instead of the old one, but it's possible that it's sufficient to just install Xcode using the new user and then log back into your old account, I'm not sure. Depends on what causes the problem in the first place. If it's a keychain or ~/Library related thing, it's probably best to keep using the new user and just delete the old after restoring the backup.

You could try it out and see how it goes! It solved my problems at least. Now Xcode keeps all my logins intact, both to AppleID, GitHub and BitBucket.

jonathansolorzn commented 5 years ago

Same for me, I installed wakatime today, every time I open Xcode I have to re-login for each account, so annoying!, is there any fix for this?

jonathansolorzn commented 5 years ago

@alanhamlett Could you please check this issue?

yahyatabba commented 5 years ago

Same for me on XCode 10.1 and Xcode 10.2 beta.

I have multiple accounts and every time the accounts were removed

yahyatabba commented 5 years ago

Hello, can anyone fix this issue? @fenixsolorzano @cseder

alanhamlett commented 5 years ago

I've tested on 3 different macbook pro, but both with XCode 10.1. Unable to reproduce, so it's difficult for me to fix it. However, I'm still working on it.

gandarez commented 5 years ago

Could not reproduce yet.

gtfunes commented 5 years ago

Was having the same issue so I had to uninstall the plugin. Accounts were logged out every time I opened Xcode and some deleted at random.

alanhamlett commented 5 years ago

some deleted at random

Local mac accounts deleted? Not sure, but I don't think Xcode extensions could do that.

gtfunes commented 5 years ago

Local mac accounts deleted? Not sure, but I don't think Xcode extensions could do that.

Sorry, I meant developer accounts logged in from Xcode. Same that happened to @hujaber and @cseder.

alanhamlett commented 5 years ago

I'm able to reproduce this now. The reason I wasn't able to reproduce it was I wasn't signed into Xcode.

Screen Shot 2019-07-27 at 12 06 06 PM

Not sure how to prevent this from happening, Xcode must need to be signed with it's original cert to store logins?

yahyatabba commented 5 years ago

yes but it reset all accounts passwords every time we quit the Xcode

cseder commented 5 years ago

Still no love for this issue @alanhamlett ? It's been like this for for almost a year now... No Wakatime + Xcode without seriously annoying side-effects. Are you throwing in the towel or what?

At least the Jetbrains IntelliJ and AppCode plugins works as expected and I mostly use these anyway.

I think the only way to get this plugin working is to develop it as an Xcode extension using XcodeKit if that has sufficient abilities, and use the procedures required for getting it signed and shipped via the Apple AppStore.

yahyatabba commented 4 years ago

Everything is Great with Xcode.

Except for this issue still now :(

Thank you for your help.

cseder commented 4 years ago

Except for this issue still now :(

Really? Still an issue with disappearing developer accounts? Is the install procedure the same with the signing of Xcode using an unofficial certificate and all?

I've given up on this plugin. I only use JetBrains IDEs, VSCodium and Sublime Text now so I could actually start using it again now that I no longer depend on Xcode... Started using Code::Stats instead. It has no Xcode plugin that I'm aware of though.

Not as sophisticated as Wakatime, but does the job for my needs, anyway. And, it ALWAYS works!

ihwf commented 4 years ago

has this issue for a long time, it's bad experience💩

SensehacK commented 4 years ago

Still present on Xcode 11.3.1, Have wasted about 1 hour debugging stuff, trying different things suggested on Stack overflow.

It seems Apple checks whether Xcode is signed by Apple certificate and not just our personal certificate. Quitting Xcode, opening it again and navigating to preferences -> Accounts leads to sign in again with the user profile.

I have 2 step authentication turned on for about 2 years now. This issue popped up when I installed Wakatime.

alanhamlett commented 4 years ago

I think the only way to get this plugin working is to develop it as an Xcode extension using XcodeKit if that has sufficient abilities, and use the procedures required for getting it signed and shipped via the Apple AppStore.

Xcode Source Editor Extensions don't support running without first selecting the extension from a menu item. That won't work for WakaTime, since it needs to execute on user events like clicking or typing.

That means currently the only way to use extensions like WakaTime is resigning Xcode. XVim has similar install steps: https://github.com/XVimProject/XVim2/blob/master/SIGNING_Xcode.md https://github.com/XVimProject/XVim2/blob/master/why_resign_xcode.md

Might be worth looking into any differences between XVim's install steps and WakaTime's, and if XVim's install also triggers the new sign-in bug.

demistry commented 4 years ago

Still an issue. Even uninstalling wakatime doesnt solve it, a new version of xcode has to be installed altogether

alanhamlett commented 4 years ago

Anyone know some devs at Apple who could help? We don't have many options to fix this without support for extensions from Apple.

cseder commented 4 years ago

Yes, regular plugins got seriously crippled since Xcode 9. The last version of Xcode that allows injecting code into a running Xcode instance is Xcode 8.

Stripping the Xcode signature leads to a bypass of this restrictive behavior, but my theory is that having non-existing / invalid signatures (not signed by Apple) causes the underlying safety-mechanisms to refuse access to some parts of the APIs, like the authentication part, which keep alive the authentication with both Apple's Developer Account servers and others, like Atlassian / BitBucket, GitHub etc.

But I'm thinking, these security mechanisms (more concretely, the sand-box / signing part) is dependent on SIP to do its "magic", aren't they? Which in turn uses the T2 Chip for various security checks? So how about turning it off?

Has anybody tried using the following sequence:

  1. Install Xcode, but not from the AppStore, download the .xip file from developer.apple.com
  2. Start Xcode, install the Command Line Tools etc, and sign into your Apple Dev account + get certificates etc
  3. Accept all licenses with sudo xcodebuild -license accept and build a simple project, to make sure xcodebuild loads.
  4. Reboot to recovery mode and turn off SIP (csrutil disable in a terminal)
  5. Now after a restart try to install the plugin and do the certificate re-signing with SIP inactive.
  6. Do a sudo xattr -r -d com.apple.quarantine /Applications/Xcode.app to disable the Gatekeeper service on Xcode.
  7. Fire up Xcode, cross fingers and pray.
  8. If it does work without SIP, consider taking responsibility for your own shit and keep SIP disabled.
  9. Or try turning SIP on again and maybe after the re-signing and gatekeeper manipulation it runs, don't know, just an idea.

I don't use Xcode much anymore and gave up on this plugin after a year or so, when restrictions just kept getting worse, but if you have some time to spare, it might be a useful exercise to troubleshoot the "signing bug" or putting it differently "why the hell can't this security system be fooled?" Because all that's happening here is the macOS security doing its job.

mobile-sergey commented 3 years ago
  1. Install Xcode, but not from the AppStore, download the .xip file from developer.apple.com

https://developer.apple.com/download/all/ Here all versions of XCode in .xip files (need to login with Apple ID)

mobile-sergey commented 3 years ago

I have same problem on XCode 12.5.1 I install wakatime plugin with resign app And after next open of XCode I can't link my Apple ID to project I hope that solving from @cseder helped me

mobile-sergey commented 3 years ago

Unfortunately solving from @cseder after enable SIP - don't worked. After first start with enabled SIP - connect with Apple ID was broken again. But I install plugin with copy of original app:

curl -fsSL https://raw.githubusercontent.com/wakatime/xcode-wakatime/master/install.sh | sh -s copy

And I use XcodeWithPlugins.app for develop with wakatime plugin but without connect with Apple ID And I use original Xcode.app for publish without wakatime plugin but with connect with Apple ID

cseder commented 3 years ago

Still present on Xcode 11.3.1, It seems Apple checks whether Xcode is signed by Apple certificate and not just our personal certificate.

This will (or is actually) the new way of doing things. Not that it helps, but the idea behind this new security model is to have a reproducible "core OS" including vendor specific software that can ALWAYS be rolled back to known state, and what you actually are changing within the system partition's applications are "shadow-files" while the real files are immutable, even when using sudo.

A Blessing and a curse, basically. Personally I cant't stand it when a company that I've paid triple the price to for similar hardware I can get anywhere, on top of that starts playing dictator-mode with it's customers. "You're music is to loud! I'll just turn it down...", "Wait! You're trying to tell ME where that file should be stored?? Uh, uh, I'll just move it back when you sleep! WOAHAHA!".

Sad but true end of an era I have mostly enjoyed, technology-wise at least. Oops, Digressius Maximus.

adrianseraspi12 commented 3 years ago

I also get this error. I can't even add an apple id account on Xcode 12.5 so my workaround is by preserving the original app signature and run this script curl -fsSL https://raw.githubusercontent.com/wakatime/xcode-wakatime/master/install.sh | sh -s copy. This will create a copy of Xcode.app and named XcodeWithPlugins

kemicky commented 2 years ago

Hi, Tried all this in my terminal but I Keep getting error, no such file description. Any help on how to fix this?