The Application that is running AXElements is not trused to control your computer
Closed this issue · 4 comments
After playing around with this a bit (due to AXElements/accessibility_core#19) I came up with the following solution. Before installing AXElements I do the following`
def install_accessibility_core_gem
directory '/usr/local/src/accessibility_core' do
recursive true
end.run_action(:create)
git '/usr/local/src/accessibility_core' do
repository 'https://github.com/AXElements/accessibility_core.git'
end.run_action(:sync)
execute 'gem build accessibility_core.gemspec' do
cwd '/usr/local/src/accessibility_core'
end.run_action(:run)
gem_file = '/usr/local/src/accessibility_core/accessibility_core-0.6.1.gem'
gem_package 'accessibility_core' do
options '--clear-sources'
source gem_file
end.run_action(:install)
chef_gem 'accessibility_core' do
options '--clear-sources'
compile_time(false) if respond_to?(:compile_time)
source gem_file
action :nothing
end.run_action(:install)
endThat gets me to at least install the AXElements gem but then trying to start the mac app store I run into permission problems (below error).
================================================================================
Error executing action `open` on resource 'mac_app_store[default]'
================================================================================
RuntimeError
------------
-------------------------------------------------------------------
The Application that is running AXElements is not trused to control
your computer. A window prompting you to grant permission to the
application should appear right now. Please grant the application
permission to control your computer and try again.
-------------------------------------------------------------------
Cookbook Trace:
---------------
/Users/mhenrixon/installs/sprout-wrap/cookbooks/mac-app-store/libraries/provider_mac_app_store.rb:68:in `block in <class:MacAppStore>'
Resource Declaration:
---------------------
# In /Users/mhenrixon/installs/sprout-wrap/cookbooks/mac-app-store/recipes/default.rb
35: mac_app_store 'default' do
36: username node['mac_app_store']['username']
37: password node['mac_app_store']['password']
38: action :open
39: notifies :quit, 'mac_app_store[default]'
40: end
41:
Compiled Resource:
------------------
# Declared in /Users/mhenrixon/installs/sprout-wrap/cookbooks/mac-app-store/recipes/default.rb:35:in `from_file'
mac_app_store("default") do
action [:open]
updated true
updated_by_last_action true
retries 0
retry_delay 2
cookbook_name :"mac-app-store"
recipe_name "default"
username "mikael@zoolutions.se"
password "****************"
end
Prior to OS 10.11, the OS would pop up a dialog asking about granting Accessibility permissions to the application trying to use the accessibility core. Probably "Ruby" in your case.
The dialog box hasn't been showing up in 10.11 Beta. Still a problem in 10.11 beta 6. I had to add the application to directly the access DB. By issuing:
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db "insert into access(service,client,client_type,allowed,prompt_count) values('kTCCServiceAccessibility','/usr/bin/ruby',1,1,1)"
For me, navigating to system preferences, security and privacy, going to accessibility section, and adding iTerm as an 'approved' application for 'controlling your computer' solved the issue.
Looks like this is, sadly, still the case in the final release of El Capitan. Apple replaced the explanatory pop-up message with just assuming users would know to go into their Accessibility settings.
The cookbook attempts to "just work" and grant itself accessibility rights. This has been tested against Chef running inside iTerm, Terminal, and over SSH, but results may vary from one app to another. I remember it being tricky to figure out that much, and the worst case scenario remains, as mentioned, watching the first Chef run fail and having to go into the Accessibility settings manually.
@jacobjennings How were you running Chef where you were seeing errors even with using iTerm? I'm curious to see if I can reproduce that. I tried deleting iTerm from my Accessibility settings just now, and doing a Chef run correctly re-added it (this is on 10.11.2 beta).
Was provisioning a brand new laptop on El Capitan and suddenly able to reproduce this in both Terminal and iTerm. I think it was a behavior change introduced in newer versions of the privacy_services_manager script the cookbook uses.
The auto-detection is fixed by #27 so both Terminal and iTerm will again get their access privileges granted as part of the Chef run. I'll cut a new release soon.
OS X still won't pop up a helper dialog anymore when the app running Chef isn't trusted, but there's not much that can be done about that.