macOS Ventura 13.0 sync fails due to com.apple.provenance metadata
luckman212 opened this issue ยท 18 comments
update: This should be fixed once v1.22.2 is released, scroll down for details...
Since upgrading one of my Macs to Ventura 13.0, my folder will no longer sync (getting stuck on a piece of undocumented metadata called com.apple.provenance
I have tried removing the xattr with sudo xattr -d com.apple.provenance /path/to/file but that isn't working either.
Google has nothing about this really... anyone else running into this? Using syncthing-macos 1.22.0-1
Thanks for the report, I have old hardware which doesn't run Ventura. So I need to figure out a way to reproduce this or dig up some documentation. I think it is some sort of extra security mechanism (again). Probably I need some help from other people with this unfortunately.
Thanks, I've just posted a question over on AskDifferent as well.
Hi @calmh I moved it to the https://github.com/syncthing/syncthing project as it is a Syncthing (macOS build) issue and not part of the syncthing-macos application bundle. Thanks!
Moved because it is not an syncthing-macos application bundle problem. But the Syncthing daemon itself with trying to sync xattrs between two devices with macOS Ventura 13.0 and macOS < 13.0. See also the forum.
As noted on the forum, this can be disabled by configuration, unfortunately only by hand editing the config at the moment:
<folder id="..." ...>
<xattrFilter>
...
<entry match="com.apple.provenance" permit="false"/>
<entry match="*" permit="true"/>
</xattrFilter>
</folder>
We might want to look into some sort of default black list per operating system perhaps, in the future.
I need to document the note on manual file editing in the FAQ so I transfered the issue back to syncthing-macos.
As noted on the forum, this can be disabled by configuration, unfortunately only by hand editing > the config at the moment:
<folder id="..." ...> <xattrFilter> ... <entry match="com.apple.provenance" permit="false"/> <entry match="*" permit="true"/> </xattrFilter> </folder>We might want to look into some sort of default black list per operating system perhaps, in the > future.
See also
#185 (comment)
I leave this open until I have documented this in the README.md
Thanks @luckman212 for reporting
The README.md has been updated with appropiate information. Manual editing is the only way for now. See commit 7fa1d1a
Adding a note here, regarding somewhat-related bug #8657 (since it relates to syncing xattrs)
Note from @luckman212 (here #154 (comment)) copied over here for convience:
Just adding this note here related to debugging going on over at https://forum.syncthing.net/t/com-apple-provenance/19262/17
For anyone who wants to increase the logfile size using the macOS bundle, you can use:
# sets logfile size to 50MB, and keep the last 5 during logrotate
defaults write com.github.xor-gate.syncthing-macosx Arguments '--log-max-size=52428800 --log-max-old-files=5'And when you're done debugging, use this to revert things back to default:
defaults delete com.github.xor-gate.syncthing-macosx ArgumentsI believe you need to fully quit the Syncthing app after each of these changes (not just stop/start the service) for it to take effect.
Thanks @luckman212 !
Commenting on your findings:
I believe you need to fully quit the Syncthing app after each of these changes (not just stop/start the service) for it to take effect.
Yes the Arguments are loaded only on startup. Not when changed.
@xor-gate v1.22.2-rc.1 was pushed that aims to fix this, among other things. Is it possible for me to compile my own bundle to test? I have Xcode 14.1 but I don't have a Developer account so I can only sign locally.
@xor-gate Answered my own question... and I'm happy to report that this pre-release build has fixed the original issue for me. ๐ So hopefully once the upstream release drops we can all benefit.
For anyone else who's curious: here are the steps I figured out in order to build a pre-release. It was confusing at first because the default repo branch is develop which is very far out of date from the latest release. I had to clone the 1.22.1-1 branch and build from that in order to get it to work (a full clone and separate git checkout would probably work fine too).
Steps
- Clone the repo & some prereqs
git clone --depth 1 --branch v1.22.1-1 https://github.com/syncthing/syncthing-macos
cd syncthing-macos
git submodule update --init- Change version strings
vi syncthing/Scripts/syncthing-resource.sh- update
SYNCTHING_VERSION(removing thev):
SYNCTHING_VERSION="1.22.2-rc.1"
- update
CFBundleShortVersionStringin Info.plist:
vi syncthing/Info.plist- find & export your developer account / codesigning identity:
security find-identity -v -p codesigning
export SYNCTHING_APP_CODE_SIGN_IDENTITY="Apple Development: you@domain (XXXXXXXXXX)"- build
make release- look in syncthing-macos/Build/Products/Release/ for your newly minted Syncthing.app
syncthing-macos only ships releases no -rcs. The README.md includes some build and release management instructions. I will include this build instructions into the readme when I have some spare time. Thanks for reporting the issue is resolved.
Not fully out of the woods yet on this one... syncthing/syncthing#8667
Compiled a build this morning based on v1.22.2-rc.2 and this is now 100% fixed for me ๐
Good, we need to wait for the v1.22.2 release window on 6 dec. Then we can close this ticket. Thanks for your effort!
Still looking good, on 1.22.2-rc.3 now and all is working well.
Syncthing macOS is now shipping with release v1.22.2 (see commit bf62e12). Only the auto-updater is broken for some unknown reason, you can wait or download the signed/secure DMG.