I can’t start Open Site Shell in Local app for any sites after installing macOS 13.0 Ventura. I can however start site shell directly in Terminal after finding the correct script. I’m using Local 6.4.3. Anyone else with this problem?
~/Library/Application\ Support/Local/ssh-entry/M6nzofBLY.sh
And when I start a site I get the same dialog all the time. I really love all the apps that don’t work with macOS Ventura. 
I hate to say it works on my machine, but it does. Local 6.4.3, Ventura 13.0
I can open site shell and start sites.
@afragen Many thanx for your reassuring reply.
Do you mind answering a few more questions as I’m having some trouble tracking down the issues? I have searched in Local log files for any clues but there are nothing at all related to these issues.
If we start with the first issue that I can’t use Open Site Shell in Local app. The error message that “M6nzofBLY.sh” can’t be opened because (null) is not allowed to open documents in Terminal is obviously from the Terminal app. I’m still using bash as the default shell in Terminal app (yeah I know but it just works for me…).
Have you set Terminal as the default app in Local preferences or are you using any other terminal app? Which shell are you using as default in your terminal app?
There must be some new security measures in macOS 13.0 Ventura and Terminal app since the error message clearly states that Local (null) is not allowed to open documents in Terminal.
Is there a parameter or something else missing in the command used in Local app to be able to open the site shell script with the built-in terminal app in macOS 13.0 Ventura?
I have no problems to open any site shells manually in Terminal app with bash as default (after finding the right script for the site in ssh-entry folder).
~/Library/Application\ Support/Local/ssh-entry/M6nzofBLY.sh
Setting Local environment variables...
----
WP-CLI: WP-CLI 2.6.0
Composer: 2.1.5 2021-07-23
PHP: 8.1.9
MySQL: mysql Ver 14.14 Distrib 5.7.28, for macOS 10.14 (x86_64) using EditLine wrapper
----
Launching shell: /bin/bash ...
bash-3.2$
The other issue with reapeting dialogs that I have to accept incoming network connections from httpd whenever I start a site in Local is more complex to track down.
When I check the settings in Firewall pane everything looks ok and it’s the same settings I used before updating macOS. And if I turn off the firewall in Network Settings I still get the dialog that I have to accept incoming connections.
Are you using the built-in firewall in macOS and are you using Apache or Nginx in Local for your sites?
I have reset all firewall settings and deleted the firewall plist (com.apple.alf) if it was corrupt in some way. There are no errors in the firewall logs but there are several errors in Console related to httpd and Local when I start a site in Local.
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate --getblockall --getallowsigned --getstealthmode
Firewall is enabled. (State = 1)
Block all DISABLED!
Automatically allow signed built-in software ENABLED
Automatically allow downloaded signed software ENABLED
Stealth mode enabled
/usr/libexec/ApplicationFirewall/socketfilterfw --listapps
ALF: total number of apps = 5
4 : /Applications/Local.app
( Allow incoming connections )
5 : /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/bin/httpd
( Allow incoming connections )
@austinwendt Any ideas what’s going on and how to track down the issues? I read in another post that you haven’t been able to start testing Local with macOS 13.0 Ventura yet.
@emmtre I’m using Terminal.app and a zsh shell since it became the default. I do also use oh-my-zsh.
I do have other versions of PHP installed via homebrew, but I don’t have any other web server active. I don’t think this will work, except maybe in the localhost router mode.
My built-in firewall is off. I typically use ngnix with Local.
➜ AJF-M1-MBA arm64: ~ /Users/afragen/Library/Application\ Support/Local/ssh-entry/Qh50_ZR6y.sh ; exit;
-n -e
Setting Local environment variables...
----
WP-CLI: WP-CLI 2.6.0
Composer: 2.1.5 2021-07-23
PHP: 8.0.22
MySQL: mysql Ver 8.0.16 for macos10.14 on x86_64 (MySQL Community Server - GPL)
----
Launching shell: /bin/zsh ...
➜ AJF-M1-MBA arm64: ~/Local_Sites/lightning/app/public
There seem to be differences in our MySQL versions. Not sure how you get MySQL 14.14?
@afragen Many thanx again. I don’t think php versions have any effect on these issues but you never know.
Are you running any sites with Apache right now and have you tried to start them after updating to macOS 13.0 Ventura? It looks like a problem with the included Apache build so if you only running sites with Ngnix you probably haven’t noticed. I have no idea where 14.14 comes from since I’m running MySQL 5.7.28
@austinwendt Do you have any machines with macOS 13.0 Ventura so you can check this? The second issue with reapeting dialogs to accept incoming network connections from httpd looks like a problem with the included Apache and some new security measures in macOS 13.0 Ventura. (see error messages from Console).
httpd (libsystem_info.dylib) send failed: Invalid argument
/Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/bin/httpd
(/usr/lib/system/libsystem_info.dylib)
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_access_compat.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_alias.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_auth_basic.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authn_core.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authn_file.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authz_core.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authz_host.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_authz_user.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_autoindex.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_dir.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_env.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_filter.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_mime.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_negotiation.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_proxy.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_proxy_fcgi.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_rewrite.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_setenvif.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_status.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_log_config.so
kernel Sandbox: logd_helper(513) deny(1) file-read-data /Users/emmtre/Library/Application Support/Local/lightning-services/apache-2.4.43+7/bin/darwin/modules/mod_unixd.so
/kernel
(/System/Library/Extensions/Sandbox.kext/Contents/MacOS/Sandbox)
I was able to switch a site from ngnix to Apache and it worked fine.
When I create a new site with Ngnix (PHP 8.0.22 and MySQL 5.7.28) I don’t get the dialog to accept incoming network connections but as soon as I switch from ngnix to Apache the repeating dialog returns again when I start the site so it looks like a problem with the included Apache build and the invalid argument in httpd (error message in Console).
Hey @emmtre - no, these are the first reports we’re hearing of these on Ventura! I’m know that doesn’t make you feel any better, but not something others who have been testing on Ventura have run into…
I don’t personally have a machine running Ventura, but let me talk to some people and see if I can get my hands on one to repro.
Remind me - do you build exclusively with Apache? I’ll confirm the expected behavior too on Monterey v12.6.1. This was working for you there, correct?
@austinwendt Many thanks for your quick response.
Well, someone has to be the first one. It looks more and more like permission errors of some sort. There may also be a difference in how errors appear depending if your machine is running Intel or Apple Silicon.
I was running macOS Monterey 12.6.0 and Local 6.4.3 before updating and everything worked perfectly then.
So yes, both these issues that I can’t use Open Site Shell in Local app and that I have to accept incoming network connections from httpd whenever I start a site appeared after I updated to macOS 13.0 Ventura.
Apparently there is a privacy permissions bug in macOS 13.0 Ventura for apps that require full disk assess that was introduced a week or two just before release of 13.0 in an effort to solve another privacy issue.
I also tried to reset alla privacy settings for Local app and when you re-start Local you should be presented with a dialog if you want to give Local permission to full disk access and possible other permissions.
tccutil reset All com.getflywheel.lightning.local
tccutil reset SystemPolicyAllFiles com.getflywheel.lightning.local
But I don’t get such a dialog so I have to add Local app manually to Full Disk Access in Privacy & Security in System Settings. Maybe one of your developers can look into this and search for more information.
I have quite a few clients running Apache servers and we are using htaccess directives so I also need to run Apache in Local app to make sure everything works but we are also running staging servers to test.
I seem to recall always having to set Full Disk Access manually. Perhaps that’s why I didn’t have issues.
@austinwendt If I disable System Integrity Protection I can use Open Site Shell in Local app as before updating to macOS 13.0 Ventura. Apple has definitely tighten up the security in the new macOS version and that’s the reason Local can’t open the shell script in Terminal.
Disabling and Enabling System Integrity Protection
@afragen Have you disabled System Integrity Protection on your machine? You can check the status via the terminal command below.
csrutil status
Some more recently updated info about System Integrity Protection.
➜ AJF-M1-MBA arm64: ~ csrutil status
System Integrity Protection status: enabled.
@afragen interesting that my system seems to be more restrictive and I have to disable SIP to be able to use Open Site Shell in Local app.
I have tried to also check file and folder permissions for Local app but I can’t find anything strange in the permission list that stands out.
ls -al /Applications/Local.app
drwxr-xr-x@ 4 emmtre admin 128 Oct 28 08:52 .
drwxr-xr-x+ 34 root admin 1088 Oct 28 08:51 ..
drwxr-xr-x@ 8 emmtre admin 256 Sep 12 17:53 Contents
-rw-r--r--@ 1 emmtre admin 0 Oct 28 08:52 Icon?
ls -al /Users/emmtre/Library/Application\ Support/Local
drwx------ 39 emmtre staff 1248 Oct 28 08:39 .
drwx------+ 92 emmtre staff 2944 Oct 26 23:47 ..
drwx------ 26 emmtre staff 832 Oct 26 12:34 Cache
drwx------ 4 emmtre staff 128 May 8 21:58 Code Cache
-rw-------@ 1 emmtre staff 20480 Apr 20 2022 Cookies
-rw------- 1 emmtre staff 0 Apr 20 2022 Cookies-journal
drwx------ 2 emmtre staff 64 Apr 20 2022 Dictionaries
drwx------ 7 emmtre staff 224 Apr 20 2022 GPUCache
drwx------ 3 emmtre staff 96 Apr 20 2022 Local Storage
-rw-------@ 1 emmtre staff 602 Oct 28 08:39 Network Persistent State
-rw------- 1 emmtre staff 41 Apr 20 2022 Preferences
drwx------ 8 emmtre staff 256 Oct 28 01:33 Session Storage
-rw-------@ 1 emmtre staff 540 Oct 28 08:25 TransportSecurity
drwxr-xr-x 3 emmtre staff 96 Apr 20 2022 addons
drwx------ 3 emmtre staff 96 Oct 28 08:25 blob_storage
-rw-r--r-- 1 emmtre staff 63 Jun 15 19:39 blueprintDetails.json
drwxr-xr-x 3 emmtre staff 96 Apr 20 2022 blueprints
drwxr-xr-x 3 emmtre staff 96 Oct 26 21:02 cached-wordpress
-rw-r--r-- 1 emmtre staff 18 Apr 20 2022 data-collection.json
-rw-r--r--@ 1 emmtre staff 27 Oct 28 08:25 enabled-addons.json
-rw-r--r-- 1 emmtre staff 18 Apr 20 2022 error-reporting.json
-rw-r--r--@ 1 emmtre staff 243 Oct 28 08:25 graphql-connection-info.json
drwxr-xr-x 7 emmtre staff 224 Oct 26 21:26 lightning-services
-rw-r--r-- 1 emmtre staff 97 Sep 13 00:13 machine-info.json
-rw-r--r--@ 1 emmtre staff 36 Oct 28 08:25 migrations.json
-rw-r--r--@ 1 emmtre staff 20 Oct 26 21:41 router.json
drwxr-xr-x 19 emmtre staff 608 Oct 26 21:12 run
-rw-r--r--@ 1 emmtre staff 57 Oct 26 12:53 settings-default-apps.json
-rw-r--r--@ 1 emmtre staff 97 Oct 28 08:25 settings-new-site-defaults.json
-rw-r--r-- 1 emmtre staff 29 Apr 20 2022 settings-theme-appearance.json
-rw-r--r-- 1 emmtre staff 14 Apr 20 2022 showLiveLinksUpdateBanner.json
-rw-r--r-- 1 emmtre staff 14 Apr 20 2022 showMagicSyncPreferenceBanner.json
-rw-r--r--@ 1 emmtre staff 338 Oct 28 08:39 site-statuses.json
-rw-r--r--@ 1 emmtre staff 1467 Oct 28 08:34 sites-organization.json
-rw-r--r--@ 1 emmtre staff 15080 Oct 28 08:34 sites.json
drwxr-xr-x 36 emmtre staff 1152 Oct 28 08:26 ssh-entry
-rw-r--r-- 1 emmtre staff 38 Apr 20 2022 user-preferences.json
-rw-r--r--@ 1 emmtre staff 138 Oct 28 08:39 window-state.json
-rw-r--r--@ 1 emmtre staff 20 Oct 26 21:02 wordpress-info.json
ls -al /Users/emmtre/Library/Application\ Support/Local/lightning-services
drwxr-xr-x 7 emmtre staff 224 Oct 26 21:26 .
drwx------ 39 emmtre staff 1248 Oct 28 08:39 ..
drwxr-xr-x 7 emmtre staff 224 Sep 17 23:17 apache-2.4.43+7
drwxr-xr-x 7 emmtre staff 224 Sep 17 23:17 mysql-5.7.28+4
drwxr-xr-x@ 7 emmtre staff 224 Oct 26 21:26 php-7.4.30+3
drwxr-xr-x@ 7 emmtre staff 224 Oct 26 21:10 php-8.0.22+4
drwxr-xr-x@ 7 emmtre staff 224 Oct 26 21:07 php-8.1.9+6
I made one last attempt to delete and re-download all the services (apache, mysql and php) in the lightning-services folder. But I did a big mistake this time to open an existing site and not to create a new site as I usually do. So the existing site stalled and crashed during provisioning and then the site was just blank in the Local app after re-starting. I managed to delete the site by control click in the sidebar and then installed the site again by creating a new site and import the database backup and files. And all of a sudden I can use Open shell script again in Local app both for the crashed site and all my other around 20 sites. I have no idea what happened and why Open shell script works again. I remember this site also stalled when re-download php services after updating to macOS Ventura så maybe a corrupt preference file somewhere? But I still have the problem with the recurring dialog if I want to accept incoming network connections from httpd every time a start sites.
That is weird!! We’re still digging on the Open Site Shell one - we haven’t seen the shell refuse to open, but we do see the shell opens with a double exit; that could be causing it not to open if the security settings are such? Still looking into this one! Good news is we have Ventura machines now, so this is much easier to look into. 
I’ll give you the credit for expediting that for the team, ha!
So if I click on the blue info circle the dialog box expands.
Double clicking on the shell script opens the finder to that file and double clicking it opens the site shell.
And the issue with Open site shell is back again for me. 
I have tried to replicate what is trigging this warning. Now I just deleted the Local app, downloaded and installed the app again and restarted my machine. The only difference is that the attributes com.apple.provenance and com.apple.quarantine are back again which I removed earlier. It must be some sort of permission error.
ls -ale@ /Applications/Local.app
total 520
drwxr-xr-x@ 4 root admin 128 Nov 4 14:08 .
com.apple.FinderInfo 32
com.apple.macl 72
com.apple.provenance 11
com.apple.quarantine 57
drwxr-xr-x+ 34 root admin 1088 Nov 4 14:03 ..
0: group:everyone deny delete
drwxr-xr-x@ 8 root admin 256 Nov 1 15:55 Contents
com.apple.quarantine 57
-rw-r--r--@ 1 root admin 0 Nov 4 14:08 Icon?
com.apple.FinderInfo 32
com.apple.ResourceFork 263170