Call for testing: TeX Collection 2019

Richard Koch koch at uoregon.edu
Sun Apr 14 21:36:39 CEST 2019 

Manfred,

I'm very sorry to report that there is indeed a problem, but only on Mojave. This problem is my fault, or else Apple's fault for springing this on us at the last moment.

I'll describe the problem in a moment. I don't want to hold up the production of the DVD, and I believe that there are two possible solutions and we should choose between them

	a) Stick with the current contents of the DVD (which I lean to)

	b) Retreat to the original iso file we supplied. Do you have that file, or should I upload it again?

I'll also raise this question in the MacTeX mailing list. I think you should proceed on the assumption that we stick with the current DVD.

The problem occurred when I tried to typeset on Mojave with latex --> dvips --> ghostscript.

-----------------------

PROBLEM: When flat install packages are signed and notarized, the apps and command line programs in the package must also be signed and notarized. Signing causes no problems, but before an app or program is notarized, it must adopt a "hardened runtime." The problem lies in that "hardened runtime."

In the new MacTeX, only three pieces adopted a hardened runtime: TeXShop, gs-X11, and gs-noX11. TeXShop has used a hardened runtime for several months with no reported problems. So we focus on gs-X11 and gs-noX11. 

When running with a hardened runtime, an application is not allowed to do certain tasks unless it has requested an exception for that task. TeXShop request just one exception, to run applescript. I didn't ask for any exceptions for ghostscript. 

I'll give the full list of exceptions below for any reader who is interested. Here is the key one:

	Disable Library Validation Entitlement
	A Boolean value that indicates whether the app may load plug-ins or frameworks signed by other developers.
	Key: com.apple.security.cs.disable-library-validation

Now obviously both TeXShop and ghostscript are going to load certain Apple libraries. This is about third-party libraries. When I create TeX binaries, I disable /usr/local, so almost all third party libraries cannot be involved. BUT: X11 is no longer provided by Apple, who turned over maintenance to a third party. And we do activate X11 for gs-X11 and for all TeX binaries.

In my test on Sierra, ghostscript gs-X11 worked because Sierra isn't enforcing hardened runtime. But on Mojave, gs-X11 failed because Mojave is enforcing them.

In the Mac installation, gs is a symbolic link to either gs-X11 or gs-noX11 depending on whether the user has installed X11 before installing Ghostscript. So on Mojave I switched the link to point to gs-noX11 and then typesetting as above worked. So the only problem with Ghostscript is that it doesn't work with X11.

-------------------------

Incidentally, if you are worried about TeX binaries running into this problem, don't, because the Unix install script handles those (and I certainly don't sign or require hardened runtime when compiling them).

-------------------------

If you keep the DVD as it is now, the only problem will be that users updating Ghostscript AND running Mojave will run into a problem: if they already installed X11, then their new Ghostscript will not work. This can be easily fixed in two different ways.
First, they can just change the link, or they can reinstall Ghostscript from my web site. 

If you revert the DVD back, there will not be problems until the next operating system is released in the fall, and then all of our install packages will fail. Maybe Apple's current workaround will continue to work, but I think it would be unprofessional of us to say on our web site "Here's how to work around Apple's security barriers." We don't know for sure that there will be a workaround.

There is one other possibility. I could add a one page document to the install directory explaining how to fix the Ghostscript problem if users run into it. I'll provide that in a new iso if you wish. But at this stage of the game, maybe it is better to leave the DVD alone so others will continue testing.

Dick Koch

------------

Here is the full list of exceptions:

RUNTIME Exceptions

Allow Execution of JIT-compiled Code Entitlement
A Boolean value that indicates whether the app may create writable and executable memory using the MAP_JIT flag.
Key: com.apple.security.cs.allow-jit
Allow Unsigned Executable Memory Entitlement
A Boolean value that indicates whether the app may create writable and executable memory without using the MAP_JIT flag.
Key: com.apple.security.cs.allow-unsigned-executable-memory
Allow DYLD Environment Variables Entitlement
A Boolean value that indicates whether the app may be impacted by dyld environment variables, which can be used to inject code into the process.
Key: com.apple.security.cs.allow-dyld-environment-variables
Disable Library Validation Entitlement
A Boolean value that indicates whether the app may load plug-ins or frameworks signed by other developers.
Key: com.apple.security.cs.disable-library-validation
Disable Executable Memory Protection Entitlement
A Boolean value that indicates whether to disable code signing protections while launching the app.
Key: com.apple.security.cs.disable-executable-page-protection
Debugging Tool Entitlement
A Boolean value that indicates whether the app is a debugger and may attach to other processes or get task ports.
Key: com.apple.security.cs.debugger


RESOURCE Access

Audio Input Entitlement
A Boolean value that indicates whether the app may record audio using the built-in microphone and access audio input using Core Audio.
Key: com.apple.security.device.audio-input
Camera Entitlement
A Boolean value that indicates whether the app may capture movies and still images using the built-in camera.
Key: com.apple.security.device.camera
Location Entitlement
A Boolean value that indicates whether the app may access location information from Location Services.
Key: com.apple.security.personal-information.location
Address Book Entitlement
A Boolean value that indicates whether the app may have read-write access to contacts in the user's address book.
Key: com.apple.security.personal-information.addressbook
Calendars Entitlement
A Boolean value that indicates whether the app may have read-write access to the user's calendar.
Key: com.apple.security.personal-information.calendars
Photos Library Entitlement
A Boolean value that indicates whether the app may have read-write access to the user's Photos library.
Key: com.apple.security.personal-information.photos-library
Apple Events Entitlement
A Boolean value that indicates whether the app may send Apple Events to other apps.
Key: com.apple.security.automation.apple-events

More information about the tex-live mailing list