Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
GnuPG and macOS App Sandbox
gnupg-devel at lists
May 19, 2022, 2:34 AM
Post #1 of 3 (381 views)
Permalink
Hi, Is there any way to put GnuPG into a macOS App Bundle? Or has anyone already tried it? Especially the macOS App Bundle, when the security sandbox mechanism is on, access to executable files or resources outside the App Bundle is prohibited.

Also, I am concerned that even if it is possible to wrap gpg into a macOS App Bundle, it may need access to some additional resources, which is not allowed in the sandbox.
Re: GnuPG and macOS App Sandbox [ In reply to ]
patrick at enigmail
May 21, 2022, 1:48 AM
Post #2 of 3 (381 views)
Permalink
Saturneric via Gnupg-devel wrote on 19.05.2022 11:34:
> Hi, Is there any way to put GnuPG into a macOS App Bundle? Or has anyone
> already tried it? Especially the macOS App Bundle, when the security
> sandbox mechanism is on, access to executable files or resources outside
> the App Bundle is prohibited.
>
> Also, I am concerned that even if it is possible to wrap gpg into a
> macOS App Bundle, it may need access to some additional resources, which
> is not allowed in the sandbox.

I that it's not possible to put GnuPG into a macOS App Bundle. GnuPG
works with absolute paths for its helper tools and daemons. Even though
the default installation location for Apps on macOS is in /Applications,
a macOS App Bundle may be installed or started from anywhere in the file
system. This collides with the absolute paths of GnuPG.

-Patrick

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@lists.gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: GnuPG and macOS App Sandbox [ In reply to ]
kloecker at kde
May 21, 2022, 8:08 AM
Post #3 of 3 (381 views)
Permalink
On Samstag, 21. Mai 2022 10:48:20 CEST Patrick Brunschwig wrote:
> Saturneric via Gnupg-devel wrote on 19.05.2022 11:34:
> > Hi, Is there any way to put GnuPG into a macOS App Bundle? Or has anyone
> > already tried it? Especially the macOS App Bundle, when the security
> > sandbox mechanism is on, access to executable files or resources outside
> > the App Bundle is prohibited.
> >
> > Also, I am concerned that even if it is possible to wrap gpg into a
> > macOS App Bundle, it may need access to some additional resources, which
> > is not allowed in the sandbox.
>
> I that it's not possible to put GnuPG into a macOS App Bundle. GnuPG
> works with absolute paths for its helper tools and daemons. Even though
> the default installation location for Apps on macOS is in /Applications,
> a macOS App Bundle may be installed or started from anywhere in the file
> system. This collides with the absolute paths of GnuPG.

This isn't true anymore. GnuPG works perfectly well as part of an AppImage
which is mounted at a different path on each start. The AppImage uses a
wrapper script to set up the necessary environment variables. For the App
Bundle a similar wrapper script may be needed.

Regards,
Ingo

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal