Mac issue - no authorization/password prompts for etc/hosts & trusting certificates

What issue or error are you experiencing?

Hello!

I am struggling with a strange issue that I have worked very hard to troubleshoot. Sadly, my DuckDuck-Fu has failed me!

What’s happening is that, after installing Local and setting up a test site, I am getting persistent “Missing host entry. This site may be inaccessible” warnings and, after clicking Fix it in the warning, I am seeing the associated “Uh-oh! Could not update hosts file” error pop-up. I also see a “Host Redirection: Local is requesting administrative privileges to modify your /etc/hosts file” system notification, but I am not given a system authorization prompt and the hosts file is not updated.

Furthermore, if I manually update the hosts file (or ignore this issue) and attempt to Trust the test site’s SSL certificate, I am then faced with similar warnings/pop-ups and system notifications (“Local is requesting administrative privileges to trust a certificate.”) but, again, no authorization prompt and the cert isn’t added to my Keychain.

However…if I load up the same Local install with a fresh Mac user account (also an Admin account), everything works properly. I see the warnings and system notifications, but I am also presented with a prompt to enter my system account password. And then the host file is properly updated and the cert is properly added to my Keychain.

What steps can be taken to replicate the issue? Feel free to include screenshots, videos, etc

Simply adding a fresh site and attempting to start it (or Trust its SSL certificate) causes the issue on my Mac’s primary account (which is set to Admin). I have no anti-virus.

I suspect this problem is deeper than Local, but I haven’t had much luck finding others with similar issues. In addition to extensive searching, here and elsewhere, I’ve also:

• Dug through GitHub issues for other Electron apps, thinking the issue might have to do with node/Electron/Keychain
• Completely uninstalled Local a few times
• Updated Node and tried to install Local fresh with different Node versions (via nvm and per suggestions from this thread)
• Manually installed Rosetta2 via the command line
• Tried the Intel 8.2.1 version
• Updated my OS and XCode
• Tried in Safe Mode
• Reset Default Keychains in Keychain Access
• Manually give Full Disk Access & Accessibility permissions to Local
• Used tccutil to reset ALL of my permissions

System Details

• Local Version: 8.2.1 ARM

• Operating System (OS) and OS version: M1 Mac with Ventura 13.6.4

Local Logs

Attach your Local Logs here (Help Doc - Retrieving Local’s Log)

{"level":"info","message":"Finished maybeCopyBundledServices in 0.001s","thread":"main","timestamp":"2024-02-02T17:08:31.214Z"}
{"class":"AddonLoaderService","level":"info","message":"Loading Add-on: %%userDataPath%%/lightning-services/mailhog-1.0.0+3/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.215Z"}
{"class":"AddonLoaderService","level":"info","message":"Successfully Loaded Add-on: %%userDataPath%%/lightning-services/mailhog-1.0.0+3/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.216Z"}
{"class":"AddonLoaderService","level":"info","message":"Loading Add-on: %%userDataPath%%/lightning-services/mariadb-10.4.10+4/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.216Z"}
{"class":"AddonLoaderService","level":"info","message":"Successfully Loaded Add-on: %%userDataPath%%/lightning-services/mariadb-10.4.10+4/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.224Z"}
{"class":"AddonLoaderService","level":"info","message":"Loading Add-on: %%userDataPath%%/lightning-services/mysql-8.0.16+6/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.224Z"}
{"class":"AddonLoaderService","level":"info","message":"Successfully Loaded Add-on: %%userDataPath%%/lightning-services/mysql-8.0.16+6/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.230Z"}
{"class":"AddonLoaderService","level":"info","message":"Loading Add-on: %%userDataPath%%/lightning-services/nginx-1.16.0+7/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.231Z"}
{"class":"AddonLoaderService","level":"info","message":"Successfully Loaded Add-on: %%userDataPath%%/lightning-services/nginx-1.16.0+7/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.238Z"}
{"class":"AddonLoaderService","level":"info","message":"Loading Add-on: %%userDataPath%%/lightning-services/php-8.1.23+0/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.238Z"}
{"class":"AddonLoaderService","level":"info","message":"Successfully Loaded Add-on: %%userDataPath%%/lightning-services/php-8.1.23+0/lib/main.js","thread":"main","timestamp":"2024-02-02T17:08:31.244Z"}
{"class":"AddonLoaderService","level":"info","message":"Add-on does not have \"productName\" specified in package.json: %%appPath%%/node_modules/@getflywheel/local-components/package.json","thread":"main","timestamp":"2024-02-02T17:08:31.245Z"}
{"class":"AddonLoaderService","level":"info","message":"Add-on does not have \"productName\" specified in package.json: %%appPath%%/node_modules/@getflywheel/localcert/package.json","thread":"main","timestamp":"2024-02-02T17:08:31.245Z"}
{"class":"AddonLoaderService","level":"info","message":"Add-on does not have \"productName\" specified in package.json: %%appPath%%/node_modules/@getflywheel/localtunnel/package.json","thread":"main","timestamp":"2024-02-02T17:08:31.245Z"}
{"class":"AddonLoaderService","level":"info","message":"Add-on does not have \"main\" or \"renderer\" specified in package.json: %%appPath%%/node_modules/@getflywheel/replacestream/package.json","thread":"main","timestamp":"2024-02-02T17:08:31.245Z"}
{"class":"GraphQLService","level":"verbose","message":"GraphQL server ready at http://127.0.0.1:4000/graphql","thread":"main","timestamp":"2024-02-02T17:08:31.277Z"}
{"class":"GraphQLService","level":"verbose","message":"GraphQL subscriptions ready at ws://127.0.0.1:4000/graphql","thread":"main","timestamp":"2024-02-02T17:08:31.277Z"}
{"level":"warn","linuxEdition":null,"localVersion":"8.2.1+6583","message":"Electron Event ready","osArch":"arm64","osPlatform":"darwin","osRelease":"22.6.0","timestamp":"2024-02-02T17:08:31.319Z","windowsEdition":null}
{"class":"Updater","level":"info","message":"Checking for updates for: darwin-arm64-production","thread":"main","timestamp":"2024-02-02T17:08:31.347Z"}
{"class":"Updater","level":"debug","message":"Check for updates result","release":null,"thread":"main","timestamp":"2024-02-02T17:08:31.696Z"}
{"class":"HostsFileService","level":"debug","message":"maybeUpdate","sites":{"UDYGkuz5D":{"domain":"loctest1.local","environment":"flywheel","id":"UDYGkuz5D","localVersion":"8.2.1+6583","multiSite":"","mysql":{"database":"local","password":"[REDACTED]","user":"root"},"name":"loctest1","path":"~/Local Sites/loctest1","ports":{},"services":{"mailhog":{"name":"mailhog","ports":{"SMTP":[10001],"WEB":[10000]},"type":"lightning","version":"1.0.0"},"mysql":{"name":"mysql","ports":{"MYSQL":[10004]},"role":"db","type":"lightning","version":"8.0.16"},"nginx":{"name":"nginx","ports":{"HTTP":[10003]},"role":"http","type":"lightning","version":"1.16.0"},"php":{"name":"php","ports":{"cgi":[10002]},"role":"php","type":"lightning","version":"8.1.23"}},"workspace":null,"xdebugEnabled":false}},"thread":"main","timestamp":"2024-02-02T17:08:37.350Z"}
{"class":"HostsFileService","level":"debug","message":"Updating hosts","thread":"main","timestamp":"2024-02-02T17:08:37.351Z"}
{"class":"HostsFileService","level":"info","message":"Updating hosts with","thread":"main","timestamp":"2024-02-02T17:08:37.353Z"}
{"class":"HostsFileService","level":"debug","message":"Updating hosts with command","thread":"main","timestamp":"2024-02-02T17:08:37.353Z","updateCommand":"/Applications/Local.app/Contents/MacOS/Local","updateCommandArgs":["%%appPath%%/main/dns/workers/updateHostsFileWorker.js","loctest1.local","www.loctest1.local"]}
{"class":"HostsFileService","error":{},"exitCode":{},"level":"error","message":"Could not update hosts.","stderr":{},"stdout":{},"thread":"main","timestamp":"2024-02-02T17:08:37.678Z"}
{"class":"X509CertService","level":"debug","message":"security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain %%router.runPath%%/nginx/certs/loctest1.local.crt","thread":"main","timestamp":"2024-02-02T17:08:41.028Z"}

Any help would be greatly appreciated!

Thanks for your time,
Ryan

Hi @rgw!

So was this your first time installing Local on this machine? Or did you have it installed previously but it was having issues after an update of the app or your OS?

Could you share all your Local Logs here in a zip file? There are some different ways to access and share Local Logs. For us to be able to troubleshoot thoroughly, please click the Download Local Logs button from the Support tab in Local. This will generate a zip archive that contains the Local log along with some other diagnostic information to help quickly zero in on any issues that Local is encountering.

@Nick-B,

Thank you so much for the (speedy!) response. I really appreciate it.

This was my first install of Local, and I experienced the issue immediately. After several complete uninstalls and reinstalls, the problem persists.

After resetting my keychain to default and using tccutil to clear permissions for all of my programs, I’m getting administrative privilege/password prompts for everything else as expected. However, I still do not get these system prompts from Local for the actions that require them (editing the etc/hosts and adding certs to the keychain).

However, as previously mentioned, a fresh user account displays the admin password prompts as expected. So, for now, I’m going to use that fresh account to use Local. Unfortunately, my full logs contain too much work-related stuff, so I don’t feel comfortable posting them here. But maybe this thread can help someone else having my very specific issue (no mac system privilege prompts) in the future.

Thanks again for the reply! Local is rad, and I look forward to putting it to work!

Hi @rgw -

Thank you for the follow-up!

I’m going to close this thread for now, but feel free to create a new one if anything else comes up.

All my best,

Sam

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.