Cyberduck Mountain Duck CLI

Opened 9 months ago

Closed 9 months ago

Last modified 9 months ago

#10237 closed defect (fixed)

Operation not permitted (connect failed)

Reported by: jamalahmed82 Owned by: dkocher
Priority: highest Milestone: 6.4.3
Component: appstore Version: 6.4.1
Severity: blocker Keywords: failed
Cc: jpmelkonian@… Architecture:
Platform:

Description

this is the massage i got when i try to connect however the I'm sure the connection is good with no problem.

"Operation not permitted (connect failed). The connection attempt was rejected. The server may be down, or your network may not be properly configured".

Attachments (1)

Screen Shot 2018-02-24 at 2.39.44 PM.png (172.6 KB) - added by jamalahmed82 9 months ago.

Download all attachments as: .zip

Change History (25)

Changed 9 months ago by jamalahmed82

comment:1 Changed 9 months ago by cmwcllc

All connections are failing after update to Version 6.4.1 (27633) on macOS High Sierra Version 10.13.3. I was using Cyberduck with no issues immediately prior to installing both the CyberDuck 6.4.1 update immediately followed by the macOS His Sierra Supplemental Update. After the required restart, Cyberduck will no longer connect to any of my servers using FTP. I have not tested SFTP.

Message received: "CONNECTION FAILED - Operation not permitted (connect failed). The connection attempt was rejected. The server may be down, or your network may not be properly configured. [Network Diagnostics] [Cancel] [Try Again]"

comment:2 Changed 9 months ago by dkocher

  • Summary changed from Connection failed to Operation not permitted (connect failed)

comment:3 Changed 9 months ago by dkocher

We can reproduce this issue – thanks for notifying us about this severe issue. It looks like the codesigning security entitlements are not properly applied by the Mac App Store download. We are in contact with Apple Developer Support to get a resolution as soon as possible.

comment:4 Changed 9 months ago by dkocher

  • Component changed from core to appstore

comment:5 Changed 9 months ago by dkocher

Fucked up entitlements for downloaded bundle from Mac App Store.

codesign -d --entitlements - /Applications/Cyberduck.app/
Executable=/Applications/Cyberduck.app/Contents/MacOS/Cyberduck
??qq?<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>com.apple.security.network.server</key>
		<true/>

		<key>com.apple.security.files.bookmarks.app-scope</key>
		<true/>

		<key>com.apple.security.app-sandbox</key>
		<true/>

		<key>com.apple.security.files.bookmarks.document-scope</key>
		<true/>

		<key>com.apple.security.application-groups</key>
		<array>
			<string>G69SCX94XU.duck</string>
		</array>

		<key>com.apple.security.scripting-targets</key>
		<dict>
			<key>com.apple.systempreferences</key>
			<array>
				<string>preferencepane.reveal</string>
			</array>

		</dict>

	</dict>
</plist>

Missing several keys such as

        <key>com.apple.security.network.client</key>
        <!-- The ability to open an outgoing connection to another machine -->
        <true/>

from the original entitlements for the submitted binary

mellifera:~ dkocher$ codesign -d --entitlements - ~/Downloads/Cyberduck.app/
Executable=/Users/dkocher/Downloads/Cyberduck.app/Contents/MacOS/Cyberduck
??qqn<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.files.bookmarks.app-scope</key>
        <true/>
        <key>com.apple.security.files.bookmarks.document-scope</key>
        <true/>
        <key>com.apple.security.network.server</key>
        <!-- The ability to open a socket for listening. Used for Active (PORT) FTP data connections -->
        <true/>
        <key>com.apple.security.network.client</key>
        <!-- The ability to open an outgoing connection to another machine -->
        <true/>
        <key>com.apple.security.files.downloads.read-write</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-write</key>
        <true/>
        <key>com.apple.security.print</key>
        <!-- The ability to print -->
        <true/>
        <key>com.apple.security.application-groups</key>
        <array>
            <string>G69SCX94XU.duck</string>
        </array>
        <key>com.apple.security.scripting-targets</key>
        <dict>
            <key>com.apple.systempreferences</key>
            <array>
                <string>preferencepane.reveal</string>
            </array>
        </dict>
    </dict>
</plist>

comment:6 Changed 9 months ago by dkocher

  • Milestone set to 6.4.2
  • Owner changed from jamal ahmed to dkocher
  • Status changed from new to assigned

comment:7 Changed 9 months ago by dkocher

#10239 closed as duplicate.

comment:8 Changed 9 months ago by dkocher

#10241 closed as duplicate.

comment:9 Changed 9 months ago by dkocher

#10238 closed as duplicate.

comment:10 Changed 9 months ago by dkocher

#10242 closed as duplicate.

comment:11 Changed 9 months ago by dkocher

#10243 closed as duplicate.

comment:12 Changed 9 months ago by dkocher

We submitted rdar://37934094.

comment:13 Changed 9 months ago by dkocher

#10248 closed as duplicate.

comment:14 Changed 9 months ago by dkocher

#10246 closed as duplicate.

comment:15 Changed 9 months ago by dkocher

#10244 closed as duplicate.

comment:16 Changed 9 months ago by dkocher

  • Severity changed from major to blocker

comment:17 Changed 9 months ago by breckero

Today (2018-02-27) I tested the version 6.4.2 on appstore, but I still get the same error

comment:18 Changed 9 months ago by dkocher

#10250 closed as duplicate.

comment:19 Changed 9 months ago by LeGrosTiti

  • Cc jpmelkonian@… added

comment:20 Changed 9 months ago by dkocher

  • Milestone changed from 6.4.2 to 6.4.3

Milestone renamed

comment:21 Changed 9 months ago by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

The issue has been resolved with version 6.4.3 now available in the Mac App Store. The fix is in r43935 deleting all comments in the codesign entitlements used to sign the application bundle. This file was last changed in 2015 (r32581) and caused no problems previously. Surely, some amateur at Apple has changed how the XML file is processed causing lines to be missed. The current entitlements processed on the application bundle signed by Apple still shows some different formatting with additional line breaks

mellifera:~ dkocher$ codesign -d --entitlements - /Applications/Cyberduck.app/
Executable=/Applications/Cyberduck.app/Contents/MacOS/Cyberduck
??qq?<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>com.apple.security.network.server</key>
		<true/>

		<key>com.apple.security.files.bookmarks.app-scope</key>
		<true/>

		<key>com.apple.security.app-sandbox</key>
		<true/>

		<key>com.apple.security.files.downloads.read-write</key>
		<true/>

		<key>com.apple.security.files.bookmarks.document-scope</key>
		<true/>

		<key>com.apple.security.network.client</key>
		<true/>

		<key>com.apple.security.files.user-selected.read-write</key>
		<true/>

		<key>com.apple.security.print</key>
		<true/>

		<key>com.apple.security.application-groups</key>
		<array>
			<string>G69SCX94XU.duck</string>
		</array>

		<key>com.apple.security.scripting-targets</key>
		<dict>
			<key>com.apple.systempreferences</key>
			<array>
				<string>preferencepane.reveal</string>
			</array>

		</dict>

	</dict>
mellifera:~ dkocher$ open /Applications/Cyberduck.app/

We could only fix this with an educated guess but had no support from Apple so far from both rdar://37934094 and Developer Technical Support (Issue 685632930).

Last edited 9 months ago by dkocher (previous) (diff)

comment:22 Changed 9 months ago by dkocher

#10251 closed as duplicate.

comment:23 Changed 9 months ago by dkocher

#10252 closed as duplicate.

comment:24 Changed 9 months ago by dkocher

#10253 closed as duplicate.

Note: See TracTickets for help on using tickets.
swiss made software