Local Community

macOS 13 Ventura and Open Site Shell

I can’t start Open Site Shell in Local app for any sites after installing macOS 13.0 Ventura. I can however start site shell directly in Terminal after finding the correct script. I’m using Local 6.4.3. Anyone else with this problem?

~/Library/Application\ Support/Local/ssh-entry/M6nzofBLY.sh

site-shell

1 Like

And when I start a site I get the same dialog all the time. I really love all the apps that don’t work with macOS Ventura. :rofl:

I hate to say it works on my machine, but it does. Local 6.4.3, Ventura 13.0

I can open site shell and start sites.

@afragen Many thanx for your reassuring reply.

Do you mind answering a few more questions as I’m having some trouble tracking down the issues? I have searched in Local log files for any clues but there are nothing at all related to these issues.

If we start with the first issue that I can’t use Open Site Shell in Local app. The error message that “M6nzofBLY.sh” can’t be opened because (null) is not allowed to open documents in Terminal is obviously from the Terminal app. I’m still using bash as the default shell in Terminal app (yeah I know but it just works for me…).

Have you set Terminal as the default app in Local preferences or are you using any other terminal app? Which shell are you using as default in your terminal app?

There must be some new security measures in macOS 13.0 Ventura and Terminal app since the error message clearly states that Local (null) is not allowed to open documents in Terminal.

Is there a parameter or something else missing in the command used in Local app to be able to open the site shell script with the built-in terminal app in macOS 13.0 Ventura?

I have no problems to open any site shells manually in Terminal app with bash as default (after finding the right script for the site in ssh-entry folder).

~/Library/Application\ Support/Local/ssh-entry/M6nzofBLY.sh

Setting Local environment variables...
----
WP-CLI:   WP-CLI 2.6.0
Composer: 2.1.5 2021-07-23
PHP:      8.1.9
MySQL:    mysql  Ver 14.14 Distrib 5.7.28, for macOS 10.14 (x86_64) using  EditLine wrapper
----
Launching shell: /bin/bash ...
bash-3.2$

The other issue with reapeting dialogs that I have to accept incoming network connections from httpd whenever I start a site in Local is more complex to track down.

When I check the settings in Firewall pane everything looks ok and it’s the same settings I used before updating macOS. And if I turn off the firewall in Network Settings I still get the dialog that I have to accept incoming connections.

Are you using the built-in firewall in macOS and are you using Apache or Nginx in Local for your sites?

I have reset all firewall settings and deleted the firewall plist (com.apple.alf) if it was corrupt in some way. There are no errors in the firewall logs but there are several errors in Console related to httpd and Local when I start a site in Local.

/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate --getblockall --getallowsigned --getstealthmode

Firewall is enabled. (State = 1) 
Block all DISABLED! 
Automatically allow signed built-in software ENABLED 
Automatically allow downloaded signed software ENABLED 
Stealth mode enabled

/usr/libexec/ApplicationFirewall/socketfilterfw --listapps

ALF: total number of apps = 5 

4 :  /Applications/Local.app 
 	 ( Allow incoming connections ) 

5 :  /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/bin/httpd 
 	 ( Allow incoming connections )

@austinwendt Any ideas what’s going on and how to track down the issues? I read in another post that you haven’t been able to start testing Local with macOS 13.0 Ventura yet.

@emmtre I’m using Terminal.app and a zsh shell since it became the default. I do also use oh-my-zsh.

I do have other versions of PHP installed via homebrew, but I don’t have any other web server active. I don’t think this will work, except maybe in the localhost router mode.

My built-in firewall is off. I typically use ngnix with Local.

➜  AJF-M1-MBA arm64: ~ /Users/afragen/Library/Application\ Support/Local/ssh-entry/Qh50_ZR6y.sh ; exit;
-n -e 
Setting Local environment variables...
----
WP-CLI:   WP-CLI 2.6.0
Composer: 2.1.5 2021-07-23
PHP:      8.0.22
MySQL:    mysql  Ver 8.0.16 for macos10.14 on x86_64 (MySQL Community Server - GPL)
----
Launching shell: /bin/zsh ...
➜  AJF-M1-MBA arm64: ~/Local_Sites/lightning/app/public

There seem to be differences in our MySQL versions. Not sure how you get MySQL 14.14?

@afragen Many thanx again. I don’t think php versions have any effect on these issues but you never know.

Are you running any sites with Apache right now and have you tried to start them after updating to macOS 13.0 Ventura? It looks like a problem with the included Apache build so if you only running sites with Ngnix you probably haven’t noticed. I have no idea where 14.14 comes from since I’m running MySQL 5.7.28

@austinwendt Do you have any machines with macOS 13.0 Ventura so you can check this? The second issue with reapeting dialogs to accept incoming network connections from httpd looks like a problem with the included Apache and some new security measures in macOS 13.0 Ventura. (see error messages from Console).

httpd (libsystem_info.dylib) send failed: Invalid argument
/Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/bin/httpd
(/usr/lib/system/libsystem_info.dylib)

kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_access_compat.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_alias.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_auth_basic.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authn_core.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authn_file.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authz_core.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authz_host.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authz_user.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_autoindex.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_dir.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_env.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_filter.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_mime.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_negotiation.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_proxy.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_proxy_fcgi.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_rewrite.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_setenvif.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_status.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_log_config.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_unixd.so
/kernel
(/System/Library/Extensions/Sandbox.kext/Contents/MacOS/Sandbox)

I was able to switch a site from ngnix to Apache and it worked fine.

When I create a new site with Ngnix (PHP 8.0.22 and MySQL 5.7.28) I don’t get the dialog to accept incoming network connections but as soon as I switch from ngnix to Apache the repeating dialog returns again when I start the site so it looks like a problem with the included Apache build and the invalid argument in httpd (error message in Console).

Hey @emmtre - no, these are the first reports we’re hearing of these on Ventura! I’m know that doesn’t make you feel any better, but not something others who have been testing on Ventura have run into…

I don’t personally have a machine running Ventura, but let me talk to some people and see if I can get my hands on one to repro.

Remind me - do you build exclusively with Apache? I’ll confirm the expected behavior too on Monterey v12.6.1. This was working for you there, correct?

@austinwendt Many thanks for your quick response.

Well, someone has to be the first one. It looks more and more like permission errors of some sort. There may also be a difference in how errors appear depending if your machine is running Intel or Apple Silicon.

I was running macOS Monterey 12.6.0 and Local 6.4.3 before updating and everything worked perfectly then.

So yes, both these issues that I can’t use Open Site Shell in Local app and that I have to accept incoming network connections from httpd whenever I start a site appeared after I updated to macOS 13.0 Ventura.

Apparently there is a privacy permissions bug in macOS 13.0 Ventura for apps that require full disk assess that was introduced a week or two just before release of 13.0 in an effort to solve another privacy issue.

I also tried to reset alla privacy settings for Local app and when you re-start Local you should be presented with a dialog if you want to give Local permission to full disk access and possible other permissions.

tccutil reset All com.getflywheel.lightning.local
tccutil reset SystemPolicyAllFiles com.getflywheel.lightning.local

But I don’t get such a dialog so I have to add Local app manually to Full Disk Access in Privacy & Security in System Settings. Maybe one of your developers can look into this and search for more information.

I have quite a few clients running Apache servers and we are using htaccess directives so I also need to run Apache in Local app to make sure everything works but we are also running staging servers to test.

I seem to recall always having to set Full Disk Access manually. Perhaps that’s why I didn’t have issues.

@austinwendt If I disable System Integrity Protection I can use Open Site Shell in Local app as before updating to macOS 13.0 Ventura. Apple has definitely tighten up the security in the new macOS version and that’s the reason Local can’t open the shell script in Terminal.

Disabling and Enabling System Integrity Protection

@afragen Have you disabled System Integrity Protection on your machine? You can check the status via the terminal command below.

csrutil status

Some more recently updated info about System Integrity Protection.

About System Integrity Protection

➜  AJF-M1-MBA arm64: ~ csrutil status
System Integrity Protection status: enabled.

@afragen interesting that my system seems to be more restrictive and I have to disable SIP to be able to use Open Site Shell in Local app.

I have tried to also check file and folder permissions for Local app but I can’t find anything strange in the permission list that stands out.

ls -al /Applications/Local.app 
drwxr-xr-x@  4 emmtre  admin   128 Oct 28 08:52 .
drwxr-xr-x+ 34 root    admin  1088 Oct 28 08:51 ..
drwxr-xr-x@  8 emmtre  admin   256 Sep 12 17:53 Contents
-rw-r--r--@  1 emmtre  admin     0 Oct 28 08:52 Icon?

ls -al /Users/emmtre/Library/Application\ Support/Local 
drwx------  39 emmtre  staff   1248 Oct 28 08:39 .
drwx------+ 92 emmtre  staff   2944 Oct 26 23:47 ..
drwx------  26 emmtre  staff    832 Oct 26 12:34 Cache
drwx------   4 emmtre  staff    128 May  8 21:58 Code Cache
-rw-------@  1 emmtre  staff  20480 Apr 20  2022 Cookies
-rw-------   1 emmtre  staff      0 Apr 20  2022 Cookies-journal
drwx------   2 emmtre  staff     64 Apr 20  2022 Dictionaries
drwx------   7 emmtre  staff    224 Apr 20  2022 GPUCache
drwx------   3 emmtre  staff     96 Apr 20  2022 Local Storage
-rw-------@  1 emmtre  staff    602 Oct 28 08:39 Network Persistent State
-rw-------   1 emmtre  staff     41 Apr 20  2022 Preferences
drwx------   8 emmtre  staff    256 Oct 28 01:33 Session Storage
-rw-------@  1 emmtre  staff    540 Oct 28 08:25 TransportSecurity
drwxr-xr-x   3 emmtre  staff     96 Apr 20  2022 addons
drwx------   3 emmtre  staff     96 Oct 28 08:25 blob_storage
-rw-r--r--   1 emmtre  staff     63 Jun 15 19:39 blueprintDetails.json
drwxr-xr-x   3 emmtre  staff     96 Apr 20  2022 blueprints
drwxr-xr-x   3 emmtre  staff     96 Oct 26 21:02 cached-wordpress
-rw-r--r--   1 emmtre  staff     18 Apr 20  2022 data-collection.json
-rw-r--r--@  1 emmtre  staff     27 Oct 28 08:25 enabled-addons.json
-rw-r--r--   1 emmtre  staff     18 Apr 20  2022 error-reporting.json
-rw-r--r--@  1 emmtre  staff    243 Oct 28 08:25 graphql-connection-info.json
drwxr-xr-x   7 emmtre  staff    224 Oct 26 21:26 lightning-services
-rw-r--r--   1 emmtre  staff     97 Sep 13 00:13 machine-info.json
-rw-r--r--@  1 emmtre  staff     36 Oct 28 08:25 migrations.json
-rw-r--r--@  1 emmtre  staff     20 Oct 26 21:41 router.json
drwxr-xr-x  19 emmtre  staff    608 Oct 26 21:12 run
-rw-r--r--@  1 emmtre  staff     57 Oct 26 12:53 settings-default-apps.json
-rw-r--r--@  1 emmtre  staff     97 Oct 28 08:25 settings-new-site-defaults.json
-rw-r--r--   1 emmtre  staff     29 Apr 20  2022 settings-theme-appearance.json
-rw-r--r--   1 emmtre  staff     14 Apr 20  2022 showLiveLinksUpdateBanner.json
-rw-r--r--   1 emmtre  staff     14 Apr 20  2022 showMagicSyncPreferenceBanner.json
-rw-r--r--@  1 emmtre  staff    338 Oct 28 08:39 site-statuses.json
-rw-r--r--@  1 emmtre  staff   1467 Oct 28 08:34 sites-organization.json
-rw-r--r--@  1 emmtre  staff  15080 Oct 28 08:34 sites.json
drwxr-xr-x  36 emmtre  staff   1152 Oct 28 08:26 ssh-entry
-rw-r--r--   1 emmtre  staff     38 Apr 20  2022 user-preferences.json
-rw-r--r--@  1 emmtre  staff    138 Oct 28 08:39 window-state.json
-rw-r--r--@  1 emmtre  staff     20 Oct 26 21:02 wordpress-info.json

ls -al /Users/emmtre/Library/Application\ Support/Local/lightning-services 
drwxr-xr-x   7 emmtre  staff   224 Oct 26 21:26 .
drwx------  39 emmtre  staff  1248 Oct 28 08:39 ..
drwxr-xr-x   7 emmtre  staff   224 Sep 17 23:17 apache-2.4.43+7
drwxr-xr-x   7 emmtre  staff   224 Sep 17 23:17 mysql-5.7.28+4
drwxr-xr-x@  7 emmtre  staff   224 Oct 26 21:26 php-7.4.30+3
drwxr-xr-x@  7 emmtre  staff   224 Oct 26 21:10 php-8.0.22+4
drwxr-xr-x@  7 emmtre  staff   224 Oct 26 21:07 php-8.1.9+6

I made one last attempt to delete and re-download all the services (apache, mysql and php) in the lightning-services folder. But I did a big mistake this time to open an existing site and not to create a new site as I usually do. So the existing site stalled and crashed during provisioning and then the site was just blank in the Local app after re-starting. I managed to delete the site by control click in the sidebar and then installed the site again by creating a new site and import the database backup and files. And all of a sudden I can use Open shell script again in Local app both for the crashed site and all my other around 20 sites. I have no idea what happened and why Open shell script works again. I remember this site also stalled when re-download php services after updating to macOS Ventura så maybe a corrupt preference file somewhere? But I still have the problem with the recurring dialog if I want to accept incoming network connections from httpd every time a start sites.

That is weird!! We’re still digging on the Open Site Shell one - we haven’t seen the shell refuse to open, but we do see the shell opens with a double exit; that could be causing it not to open if the security settings are such? Still looking into this one! Good news is we have Ventura machines now, so this is much easier to look into. :slightly_smiling_face: I’ll give you the credit for expediting that for the team, ha!

2 Likes

So if I click on the blue info circle the dialog box expands.

Double clicking on the shell script opens the finder to that file and double clicking it opens the site shell.

And the issue with Open site shell is back again for me. :rage: I have tried to replicate what is trigging this warning. Now I just deleted the Local app, downloaded and installed the app again and restarted my machine. The only difference is that the attributes com.apple.provenance and com.apple.quarantine are back again which I removed earlier. It must be some sort of permission error.

ls -ale@ /Applications/Local.app 
total 520
drwxr-xr-x@  4 root  admin   128 Nov  4 14:08 .
	com.apple.FinderInfo	  32 
	com.apple.macl	  72 
	com.apple.provenance	  11 
	com.apple.quarantine	  57 
drwxr-xr-x+ 34 root  admin  1088 Nov  4 14:03 ..
 0: group:everyone deny delete
drwxr-xr-x@  8 root  admin   256 Nov  1 15:55 Contents
	com.apple.quarantine	  57 
-rw-r--r--@  1 root  admin     0 Nov  4 14:08 Icon?
	com.apple.FinderInfo	  32 
	com.apple.ResourceFork	263170