[英]macOS trusts Python whl files, but not tar files
I provide my python c extension as both as a tar file, as well as a whl file.我将我的 python c 扩展名作为 tar 文件和 whl 文件提供。
On macOS, I am surprised that there are no problems installing the wheel for my extension.在 macOS 上,我很惊讶为我的扩展安装 wheel 没有问题。 When setting PYTHONPATH to my python extension in the tarball, I am immediately met with the dialog about unverified developers.
当在 tarball 中将 PYTHONPATH 设置为我的 python 扩展名时,我会立即遇到关于未经验证的开发人员的对话框。
Could someone please explain why macOS trusts my unsigned python extension, but has no problem if I package it in a wheel file.有人可以解释为什么 macOS 信任我未签名的 python 扩展名,但如果我在 wheel 文件中使用 package 就没有问题。
Update: This is the error I see after I close the dialog box:更新:这是我关闭对话框后看到的错误:
>>> import devsim
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/jsanchez/Downloads/devsim_macos_v2.3.7rc1/lib/devsim/__init__.py", line 8, in <module>
from .devsim_py3 import *
ImportError: dlopen(/Users/jsanchez/Downloads/devsim_macos_v2.3.7rc1/lib/devsim/devsim_py3.so, 0x0002): tried: '/Users/jsanchez/Downloads/devsim_macos_v2.3.7rc1/lib/devsim/devsim_py3.so' (code signature in <ED44BB00-36CF-39A8-8999-8309CBA016E4> '/Users/jsanchez/Downloads/devsim_macos_v2.3.7rc1/lib/devsim/devsim_py3.so' not valid for use in process: library load disallowed by system policy)
Could someone please explain why macOS trusts my unsigned python extension, but has no problem if I package it in a wheel file.有人可以解释为什么 macOS 信任我未签名的 python 扩展名,但如果我在 wheel 文件中使用 package 就没有问题。
Update 2:更新 2:
From what I can see.据我所知。 If I download the tgz to my Downloads folder using Chrome, I am getting the error.
如果我使用 Chrome 将 tgz 下载到我的下载文件夹,我会收到错误消息。 If I download the tgz using curl, it works.
如果我使用 curl 下载 tgz,它就可以工作。 I am thinking that Chrome is adding this bad attribute.
我认为 Chrome 正在添加这个错误的属性。
Thanks to @GordonDavisson for his tip concerning the attributes.感谢@GordonDavisson 提供有关属性的提示。 It turns out the issue was related to google chrome.
原来这个问题与谷歌浏览器有关。 If I download the file from Github using Chrome I get:
如果我使用 Chrome 从 Github 下载文件,我会得到:
com.apple.macl 72
com.apple.metadata:kMDItemWhereFroms 655
com.apple.quarantine 57
and using curl I get no attributes.并使用 curl 我没有得到任何属性。
I have lax security permissions in Chrome (no safe browsing), but this still occurs.我在 Chrome 中有松散的安全权限(没有安全浏览),但这种情况仍然发生。 I will be sure to look out for this the next time I encounter it.
下次遇到它时,我一定会注意这一点。
Update更新
I found this very useful post concerning the current macOS landscape: https://eclecticlight.co/2021/02/18/code-signing-requirements-for-scripts-and-apps-in-big-sur/我发现这篇关于当前 macOS 景观的非常有用的帖子: https://eclecticlight.co/2021/02/18/code-signing-requirements-for-scripts-and-apps-in-big-sur/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.