Running on MacOS Catalina

Question

Running on MacOS Catalina

Closed this issue 4 years ago · 5 comments

Hi,
Trying to get my flow back up and running since upgrading my macbook to catalina, I've run across an issue.

Catalina is awkward if you don't have notarized builds; the plugin's strategy of downloading a temporary unsigned binary and running it each time is going to be a pain.

My first thought was to force it to use v0.8.0 via OP_VERSION; this is a signed binary. Unfortunately, it's packaged as a .pkg file rather than a .zip file because of this, and so that doesn't work as the plugin fails to download it.

So instead, I modified the source slightly so that an environment variable OP_BINARY pointing at the op binary would take precedence and avoid the download. That way I could point it at /usr/local/bin/op where I have the 0.8.0 version installed. That works for me, but is a bit of a kludge so I thought I'd raise an issue initially rather than submit a PR. Happy to do the latter if you want (although it's literally a 3 line change).

Cheers,
Olly

Answer 1 · 2019-11-14T06:55:44.000Z

Would this code from @mitchellh make notarized builds easier?

https://github.com/mitchellh/gon

Answer 2 · 2019-11-14T06:58:45.000Z

I thought files downloaded directly like this don't set the com.apple.quarantine extended attribute and sneakily bypass gatekeeper. This is why you can curl unsigned/unnotarized binaries and run them but you can't download them via browsers, Mail.app, etc.

If not, then hopefully upstreams start notarizing soon! 😄

Answer 3 · 2019-11-14T13:37:20.000Z

I may have jumped to the wrong conclusion about notarization being the issue here.
But the error I'm seeing when I let the provider download op itself is:

Error: some error in command [get vault XXX]
Error: fork/exec /tmp/terraform-provider-onepassword/0.5.5/op: operation not permitted

This only happened since the upgrade to Catalina.
Oddly though, having looked into it a bit more, there's something weird going on, as after than failure I can manually do:

% /tmp/terraform-provider-onepassword/0.5.5/op --version
0.5.5
% /tmp/terraform-provider-onepassword/0.5.5/op get vault "XXX"
{"uuid":"abc123","name":"XXX","type":"U","desc":"a vault"}

Answer 4 · 2020-05-01T18:13:45.000Z

This would be fixed by: #33

After this it will make use of anything you've installed already.

Answer 5 · 2020-05-01T18:14:25.000Z

@ollystephens I ran into that error when doing dev, in that case I deleted the downloaded zip from tmp, and tried again, and everything was fine.