Re: [gtk-osx-users] CodeSigning and Catalina security issue.





On May 29, 2020, at 7:53 AM, Pascal <p p14 orange fr> wrote:


Le 21 févr. 2020 à 09:15, Gabriele Greco <gabrielegreco gmail com> a écrit :

For the demo program you might see if you can set enough of the environment in Info.plis using 
https://developer.apple.com/documentation/bundleresources/information_property_list/lsenvironment to get 
it to run. For your actual program the easiest solution is to rewrite your launcher in python and put it 
in Resources, compile python-launcher.c and use the result as the main-binary.

I don't know how it works with python gtk+ apps, but with C/C++ apps it's quite easy to avoid using a 
launcher script, I have a setup_paths() function that I run before gtk_init(), that does a job similar to 
the launcher script, it has the advantage over the LSEnvorinment stuff to be able to bind the resources to 
the current app bundle path, I'm sharing it here if someone is interested:

void
setup_paths()
{
   char execpath[MAXPATHLEN+1];
   char path[MAXPATHLEN * 4], *c;

   uint32_t pathsz = sizeof (execpath);
   _NSGetExecutablePath (execpath, &pathsz);

// if we are not in a bundle let's use the system GTK enviroment...
   if (!strstr(execpath, ".app")) {
       ILOG << "Not in bundle, doing normal startup";
       return;
   }

   fprintf(stderr, "EXECPATH: %s\n", execpath);
   c = strrchr(execpath, '/');
   *c = 0;
   strcat(execpath, "/../Resources");
   chdir(execpath);
   getcwd(path, sizeof(path));
   fprintf(stderr, "CWD: %s\n", path);

   strcpy(path, execpath);
   strcat(path, "/lib/gtk-2.0");
   setenv ("GTK_PATH", path, 1);
   strcpy(path + strlen(execpath), "/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache");
   setenv ("GDK_PIXBUF_MODULE_FILE", path, 1);
   // pango prefix
   strcpy(path + strlen(execpath), "/etc");
   setenv("PANGO_SYSCONFDIR", path, 1);
   strcpy(path + strlen(execpath), "/lib");
   setenv("PANGO_LIBDIR", path, 1);
   ILOG << "OSX GTK resource setup completed";
//  strcpy(path + strlen(execpath), "/../Resources/share/themes");
//  setenv ("GTK_DATA_PREFIX", path, 1);
}

Hello Gabry,

Sorry for the delay, I've just taken the opportunity of some days off to go on.
Thanks for your code sample, it helps, now it is ok for me with Catalina GateKeeper / Sandboxing.
The launch script was preventing GateKeeper to work correctly.

My steps are:
- add the needed setenv in  setup_paths and call it before gtk_init in main.c
- run gtk-mac-bundler with my_app.bundle
- suffix the script shell with ".sh" in my_app.app/Contents/MacOS
- suppress the "-bin" at the end of the executable in my_app.app/Contents/MacOS
- open my_app

Then, clic OK in the GateKeeper popup for the access to your Document folder.
You will have now access to your files :-)

I'm happy that it haven't required more code to add or change.

If you remove or comment out the launcher-script element in your bundle file bundler won't copy in the script 
and will rename the binary to the bundle name without the -bin suffix. Having moved the environment setup to 
main.c you don't need the launcher script any more.

Regards,
John Ralls




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]