Cyberduck Mountain Duck CLI

#10237 closed defect (fixed)

Operation not permitted (connect failed)

Reported by: jamalahmed82 Owned by: dkocher
Priority: highest Milestone: 6.4.3
Component: appstore Version: 6.4.1
Severity: blocker Keywords: failed
Cc: jpmelkonian@… Architecture:
Platform:

Description

this is the massage i got when i try to connect however the I'm sure the connection is good with no problem.

"Operation not permitted (connect failed). The connection attempt was rejected. The server may be down, or your network may not be properly configured".

Attachments (1)

Screen Shot 2018-02-24 at 2.39.44 PM.png (172.6 KB) - added by jamalahmed82 on Feb 24, 2018 at 11:40:43 AM.

Download all attachments as: .zip

Change History (25)

comment:1 Changed on Feb 25, 2018 at 6:45:52 AM by cmwcllc

All connections are failing after update to Version 6.4.1 (27633) on macOS High Sierra Version 10.13.3. I was using Cyberduck with no issues immediately prior to installing both the CyberDuck 6.4.1 update immediately followed by the macOS His Sierra Supplemental Update. After the required restart, Cyberduck will no longer connect to any of my servers using FTP. I have not tested SFTP.

Message received: "CONNECTION FAILED - Operation not permitted (connect failed). The connection attempt was rejected. The server may be down, or your network may not be properly configured. [Network Diagnostics] [Cancel] [Try Again]"

comment:2 Changed on Feb 25, 2018 at 10:34:01 AM by dkocher

  • Summary changed from Connection failed to Operation not permitted (connect failed)

comment:3 Changed on Feb 25, 2018 at 10:35:30 AM by dkocher

We can reproduce this issue – thanks for notifying us about this severe issue. It looks like the codesigning security entitlements are not properly applied by the Mac App Store download. We are in contact with Apple Developer Support to get a resolution as soon as possible.

comment:4 Changed on Feb 25, 2018 at 10:36:21 AM by dkocher

  • Component changed from core to appstore

comment:5 Changed on Feb 25, 2018 at 10:38:57 AM by dkocher

Fucked up entitlements for downloaded bundle from Mac App Store.

codesign -d --entitlements - /Applications/Cyberduck.app/
Executable=/Applications/Cyberduck.app/Contents/MacOS/Cyberduck
??qq?<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>com.apple.security.network.server</key>
		<true/>

		<key>com.apple.security.files.bookmarks.app-scope</key>
		<true/>

		<key>com.apple.security.app-sandbox</key>
		<true/>

		<key>com.apple.security.files.bookmarks.document-scope</key>
		<true/>

		<key>com.apple.security.application-groups</key>
		<array>
			<string>G69SCX94XU.duck</string>
		</array>

		<key>com.apple.security.scripting-targets</key>
		<dict>
			<key>com.apple.systempreferences</key>
			<array>
				<string>preferencepane.reveal</string>
			</array>

		</dict>

	</dict>
</plist>

Missing several keys such as

        <key>com.apple.security.network.client</key>
        <!-- The ability to open an outgoing connection to another machine -->
        <true/>

from the original entitlements for the submitted binary

mellifera:~ dkocher$ codesign -d --entitlements - ~/Downloads/Cyberduck.app/
Executable=/Users/dkocher/Downloads/Cyberduck.app/Contents/MacOS/Cyberduck
??qqn<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.files.bookmarks.app-scope</key>
        <true/>
        <key>com.apple.security.files.bookmarks.document-scope</key>
        <true/>
        <key>com.apple.security.network.server</key>
        <!-- The ability to open a socket for listening. Used for Active (PORT) FTP data connections -->
        <true/>
        <key>com.apple.security.network.client</key>
        <!-- The ability to open an outgoing connection to another machine -->
        <true/>
        <key>com.apple.security.files.downloads.read-write</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-write</key>
        <true/>
        <key>com.apple.security.print</key>
        <!-- The ability to print -->
        <true/>
        <key>com.apple.security.application-groups</key>
        <array>
            <string>G69SCX94XU.duck</string>
        </array>
        <key>com.apple.security.scripting-targets</key>
        <dict>
            <key>com.apple.systempreferences</key>
            <array>
                <string>preferencepane.reveal</string>
            </array>
        </dict>
    </dict>
</plist>

comment:6 Changed on Feb 25, 2018 at 10:39:04 AM by dkocher

  • Milestone set to 6.4.2
  • Owner changed from jamal ahmed to dkocher
  • Status changed from new to assigned

comment:7 Changed on Feb 26, 2018 at 9:41:07 AM by dkocher

#10239 closed as duplicate.

comment:8 Changed on Feb 26, 2018 at 9:41:25 AM by dkocher

#10241 closed as duplicate.

comment:9 Changed on Feb 26, 2018 at 9:41:44 AM by dkocher

#10238 closed as duplicate.

comment:10 Changed on Feb 26, 2018 at 6:52:40 PM by dkocher

#10242 closed as duplicate.

comment:11 Changed on Feb 26, 2018 at 6:52:49 PM by dkocher

#10243 closed as duplicate.

comment:13 Changed on Feb 27, 2018 at 9:27:50 AM by dkocher

#10248 closed as duplicate.

comment:14 Changed on Feb 27, 2018 at 9:28:02 AM by dkocher

#10246 closed as duplicate.

comment:15 Changed on Feb 27, 2018 at 9:28:15 AM by dkocher

#10244 closed as duplicate.

comment:16 Changed on Feb 27, 2018 at 9:28:31 AM by dkocher

  • Severity changed from major to blocker

comment:17 Changed on Feb 27, 2018 at 3:29:52 PM by breckero

Today (2018-02-27) I tested the version 6.4.2 on appstore, but I still get the same error

comment:18 Changed on Feb 27, 2018 at 4:10:20 PM by dkocher

#10250 closed as duplicate.

comment:19 Changed on Feb 27, 2018 at 5:45:50 PM by LeGrosTiti

  • Cc jpmelkonian@… added

comment:20 Changed on Feb 27, 2018 at 7:08:47 PM by dkocher

  • Milestone changed from 6.4.2 to 6.4.3

Milestone renamed

comment:21 Changed on Feb 27, 2018 at 8:26:42 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

The issue has been resolved with version 6.4.3 now available in the Mac App Store. The fix is in r43935 deleting all comments in the codesign entitlements used to sign the application bundle. This file was last changed in 2015 (r32581) and caused no problems previously. Surely, some amateur at Apple has changed how the XML file is processed causing lines to be missed. The current entitlements processed on the application bundle signed by Apple still shows some different formatting with additional line breaks

mellifera:~ dkocher$ codesign -d --entitlements - /Applications/Cyberduck.app/
Executable=/Applications/Cyberduck.app/Contents/MacOS/Cyberduck
??qq?<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>com.apple.security.network.server</key>
		<true/>

		<key>com.apple.security.files.bookmarks.app-scope</key>
		<true/>

		<key>com.apple.security.app-sandbox</key>
		<true/>

		<key>com.apple.security.files.downloads.read-write</key>
		<true/>

		<key>com.apple.security.files.bookmarks.document-scope</key>
		<true/>

		<key>com.apple.security.network.client</key>
		<true/>

		<key>com.apple.security.files.user-selected.read-write</key>
		<true/>

		<key>com.apple.security.print</key>
		<true/>

		<key>com.apple.security.application-groups</key>
		<array>
			<string>G69SCX94XU.duck</string>
		</array>

		<key>com.apple.security.scripting-targets</key>
		<dict>
			<key>com.apple.systempreferences</key>
			<array>
				<string>preferencepane.reveal</string>
			</array>

		</dict>

	</dict>
mellifera:~ dkocher$ open /Applications/Cyberduck.app/

We could only fix this with an educated guess but had no support from Apple so far from both rdar://37934094 and Developer Technical Support (Issue 685632930).

Last edited on Feb 28, 2018 at 8:02:28 AM by dkocher (previous) (diff)

comment:22 Changed on Feb 27, 2018 at 8:41:34 PM by dkocher

#10251 closed as duplicate.

comment:23 Changed on Feb 27, 2018 at 8:41:46 PM by dkocher

#10252 closed as duplicate.

comment:24 Changed on Feb 27, 2018 at 8:41:54 PM by dkocher

#10253 closed as duplicate.

Note: See TracTickets for help on using tickets.
swiss made software