mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

version/prop: remove IsMacAppSandboxEnabled 

Fixes tailscale/corp#18441

For a few days, IsMacAppStore() has been returning `false` on App Store builds (IPN-macOS target in Xcode).

I regressed this in tailscale/tailscale#11369 by introducing logic to detect the sandbox by checking for the APP_SANDBOX_CONTAINER_ID environment variable. I thought that was a more robust approach instead of checking the name of the executable. However, it appears that on recent macOS versions this environment variable is no longer getting set, so we should go back to the previous logic that checks for the executable path, or $HOME containing references to macsys.

Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
This commit is contained in:
Andrea Gottardo 2024-03-19 10:45:45 -07:00
parent 68d9e49a5b
commit 6c59d6bff3
1 changed files with 1 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
version/prop.go
View File

@ -71,7 +71,7 @@ func IsMacSysApp() bool {
}
// Check that this is the GUI binary, and it is not sandboxed. The GUI binary
// shipped in the App Store will always have the App Sandbox enabled.
return strings.HasSuffix(exe, "/Contents/MacOS/Tailscale") && !IsMacAppSandboxEnabled()
return !IsMacAppStore() && strings.HasSuffix(exe, "/Contents/MacOS/Tailscale")
})
}
@ -96,19 +96,6 @@ func IsMacSysExt() bool {
})
}
var isMacAppSandboxEnabled lazy.SyncValue[bool]
// IsMacAppSandboxEnabled reports whether this process is subject to the App Sandbox
// on macOS.
func IsMacAppSandboxEnabled() bool {
if runtime.GOOS != "darwin" {
return false
}
return isMacAppSandboxEnabled.Get(func() bool {
return os.Getenv("APP_SANDBOX_CONTAINER_ID") != ""
})
}
var isMacAppStore lazy.SyncValue[bool]
// IsMacAppStore whether this binary is from the App Store version of Tailscale
@ -121,11 +108,6 @@ func IsMacAppStore() bool {
// Both macsys and app store versions can run CLI executable with
// suffix /Contents/MacOS/Tailscale. Check $HOME to filter out running
// as macsys.
if !IsMacAppSandboxEnabled() {
// If no sandbox found, we're definitely not on an App Store release, as you cannot push
// anything to the App Store that has the App Sandbox disabled.
return false
}
if strings.Contains(os.Getenv("HOME"), "/Containers/io.tailscale.ipn.macsys/") {
return false
}