"Open in BBEdit" repository command fails
See original GitHub issueDescribe the bug
When using “Open in BBEdit” to open a repository in BBEdit, the operation fails silently. This occurs because GitHub Desktop is built using the hardened runtime, and needs an entitlement to send Apple Events to other applications, as well as an “NSAppleEventsUsageDescription” entry in its application property list.
Version & OS
application version 2.3.1 macOS version 10.14.6
Steps to reproduce the behavior
- Download and install BBEdit 12.6.7 or later.
- Start GitHub Desktop, if necessary.
- If necessary, choose “BBEdit” as the external editor in GitHub’s “Integrations” preferences.
- Add or import a Git repository, if necessary.
- Choose “Open in BBEdit” from the Repository menu.
Expected behavior
=> repository opens in BBEdit
Actual behavior
=> no visible activity
Additional context
Observing in Console, it looks like GitHub Desktop tries to run the bbedit
command-line tool. This works by sending an Apple Event to BBEdit to perform the requested operation. However, the execution context of the tool is such that the OS thinks that it’s GitHub Desktop trying to automate BBEdit.
In turn, this fails because GitHub Desktop is using the macOS Hardened Runtime, but does not have a code-signing entitlement to allow it to send Apple Events to other applications.
In order for this to work, I believe there are two things that need to be done in GitHub Desktop:
- Add a code signing entitlement, as follows:
<key>com.apple.security.automation.apple-events</key>
<true />
- Add an
NSAppleEventsUsageDescription
to GitHub Desktop’s application property list. Something along these lines should work:
<key>NSAppleEventsUsageDescription</key>
<string>GitHub Desktop uses Apple Events to implement integration features with external editors.</string>
Logs
Here are the relevant log excerpts from the system console, coincident with choosing the “Open in BBEdit” command from the Repository menu:
error 17:12:16.646817 -0500 tccd Prompting policy for hardened runtime; service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for RESP:{ID: com.github.GitHubClient, PID[55912], auid: 501, euid: 501, responsible path: '/Applications/GitHub Desktop.app/Contents/MacOS/GitHub Desktop', binary path: '/Applications/GitHub Desktop.app/Contents/MacOS/GitHub Desktop'}, ACC:{ID: com.barebones.bbedit-tool, PID[56080], auid: 501, euid: 501, binary path: '/Applications/BBEdit.app/Contents/Helpers/bbedit_tool'}, REQ:{ID: com.apple.appleeventsd, PID[53], auid: 55, euid: 55, binary path: '/System/Library/CoreServices/appleeventsd'}
default 17:12:16.650544 -0500 BBEdit TCCAccessRequestIndirect: TCCAccessRequestIndirect with pid 55522: target_identity: {
kTCCCodeIdentityAuthority = kTCCCodeIdentityDesignatedRequirementAuthority;
kTCCCodeIdentityCSFlags = 570491665;
kTCCCodeIdentityCanSendToAnyTarget = 0;
kTCCCodeIdentityDesignatedRequirementData = <fade0c00 000000a4 00000001 00000006 00000002 00000017 636f6d2e 67697468 75622e47 69744875 62436c69 656e7400 00000006 0000000f 00000006 0000000e 00000001 0000000a 2a864886 f7636406 02060000 00000000 00000006 0000000e 00000000 0000000a 2a864886 f7636406 010d0000 00000000 0000000b 00000000 0000000a 7375626a 6563742e 4f550000 00000001 0000000a 56454b54 58394832 4e370000>;
kTCCCodeIdentityExecutableURL = "file:///Applications/GitHub%20Desktop.app/Contents/MacOS/GitHub%20Desktop";
kTCCCodeIdentityIdentifier = "com.github.GitHubClient";
kTCCCodeIdentityIdentifierType = 0;
kTCCCodeIdentityPromptPolicy = 4;
kTCCCodeIdentitySDKVersion = 658432;
kTCCCodeIdentityTeamID = VEKTX9H2N7;
}
default 17:12:16.835482 -0500 tccd target_executable_path_URL: file:///Applications/GitHub%20Desktop.app/Contents/MacOS/GitHub%20Desktop
default 17:12:16.837101 -0500 tccd AccessRequestIndirect: Policy disallows prompt for com.github.GitHubClient; access to kTCCServiceAppleEvents denied
Issue Analytics
- State:
- Created 4 years ago
- Reactions:4
- Comments:10 (4 by maintainers)
Top GitHub Comments
@niik @grumpybozo Thanks very much for the fix! I have advised the customer accordingly, and I appreciate the resolution.
Thanks for the detailed report @siegel. I was able to reproduce this issue as well.
/cc @NiklasBr who handled the original PR for the BBEdit integration in #2941.