0.7.0 problems with Mac OS X 10.7 firewall

Report & discuss bugs found in SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
User avatar
Norbertus
Newbie
Newbie
Posts: 33
Joined: January 21st, 2011, 2:11 pm

0.7.0 problems with Mac OS X 10.7 firewall

Post by Norbertus »

CPU: MacMini 3,1 - 2.26GHz - 4GB
OS: Mac OS X 10.7.4
SABnzbd: 0.7.0
IP: IPv4, using the local IP address

Extra info: Firewall: ON, Automatically allow signed software to receive incoming connections: ON, other settings: OFF.

Problem: Each time when SABnzbd starts after log-in, Mac OS X asks permission from an administrator to allow SABnzbd to accept incoming connections. This is then set to 'allow' in the firewall settings, but after the next log-in the system asks to set them again >:(

Cause: Although the SABnzbd software is signed,

Code: Select all

codesign --verify --verbose=4 /Applications/SABnzbd.app/
shows that "a sealed resource is missing or invalid" which means that the source has been changed after initial signing. After the first execution more is changed.

Possible Solution: Use /Library/Application Support/SABnzbd/lib/ instead of /Applications/SABnzbd.app/Contents/Resources/lib/ to store and change python resources. The source can contain a hard link to that location, so it doesn't have to change. Another option is to use ~/Library/Application Support/SABnzbd/lib/.

-- This has been tested with an upgrade from 0.6.x and with a clean install in Mac OS X.
O0
Top
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: 0.7.0 problems with Mac OS X 10.7 firewall

Post by shypike »

Interesting. I thought we solved this some time ago.
There was one stock Python file that kept being re-compiled after each run.
Needless to say that we don't test against OSX firewalls, maybe we should.
I'll see what I can do, but py2app seems to have a will of its own :(

BTW: the right solution is not to put part of the program in the profile.
I think that defeats the purpose of signing. You want to be certain that the app hasn't been tampered with.
How can you when part of it is stored in a user location?
An app should not be self-modifying and we did our best to separate code from data.
The Linux and Windows distros pull it off and so should the OSX one.
Top
User avatar
sander
Release Testers
Release Testers
Posts: 9061
Joined: January 22nd, 2008, 2:22 pm

Re: 0.7.0 problems with Mac OS X 10.7 firewall

Post by sander »

shypike wrote:Interesting. I thought we solved this some time ago.
There was one stock Python file that kept being re-compiled after each run.
Needless to say that we don't test against OSX firewalls, maybe we should.
... or promote Norbertus to be a release tester, and let him do the tests ...
Top
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: 0.7.0 problems with Mac OS X 10.7 firewall

Post by shypike »

There's an easy fix.
I just need to remove all .py files (except two) from the distribution (before signing).
I guess this is an anomaly of py2app: for some reason the Cheetah and xml module sources are
included, while none of the other modules include sources.
The presence of .py files makes Python want to touch the corresponding .pyc files.
Top
Post Reply

Return to “Bug Reports”