abathur

Goal

In Catalina, it appears that there's a networked assessment of new executables (including scripts). Nix is constantly generating new executables during a build, so I'm trying to get a bead on how stable/variable this effect is. (AFAIK, it's only meaningful to test this on single-user installs. We have yet to identify any way to successfully exempt builds under multi-user/daemon installs.)

Setup

Open 2 terminal tabs/windows and set up the first to monitor the relevant logs by running:

log stream --debug --info --predicate 'process == "syspolicyd" AND subsystem == "com.apple.securityd" AND category == "gk"'

abathur

============================= resholver Nix demo ===============================
test_future_perfection
nothing up my sleeve
+++++ type jq openssl
/nix/store/nd1pqfcmv5yjx5wqr07b8xsw0s683h19-testmod3-unreleased/bin/conjure.sh: line 6: type: jq: not found
/nix/store/nd1pqfcmv5yjx5wqr07b8xsw0s683h19-testmod3-unreleased/bin/conjure.sh: line 6: type: openssl: not found
+++++ set +x
test_openssl
+++++ /nix/store/i6rnpwfhwdd7wjazfxk07rnzr58jba43-openssl-1.1.1d-bin/bin/openssl version
OpenSSL 1.1.1d  10 Sep 2019

abathur

I've included a minimal server example and 3 request/response logs. The server code sets a trace for exception events to pull out exceptions that restplus is swallowing (unfortunately this is a little spammy, since there's a trace event every step up the stack). FWIW, running this in Python 2.7.12.

log_clean_get

Nothing significant here. Just demonstrating that everything works for an undecorated endpoint.

log_post_without_auth_header

Requesting the @jwt_required post endpoint without an auth header raises this error: NoAuthorizationError: Missing Authorization Header

I've registered log_unauth_exceptions as a restplus error handler for NoAuthorizationError, but don't correctly return a Flask response. This potential user mistake is hard to figure out without seeing the exception in restplus that gets swallowed in the error-handling and is only visible via the exception trace:

abathur

gcc -O2 -g   -I/usr/include/python3.5m -I/usr/include/x86_64-linux-gnu/python3.5m -lpython3.5m access_check.o actions.o array.o arraylist.o backend.o bitstrings.o call_out.o closure.o comm.o dumpstat.o ed.o efuns.o files.o gcollect.o hash.o heartbeat.o interpret.o lex.o main.o mapping.o md5.o mempools.o mregex.o mstrings.o object.o otable.o parser.o parse.o pkg-iksemel.o pkg-xml2.o pkg-idna.o pkg-mccp.o pkg-mysql.o pkg-gcrypt.o pkg-json.o pkg-python.o pkg-pgsql.o pkg-sqlite.o pkg-tls.o pkg-openssl.o pkg-gnutls.o port.o ptrtable.o random.o regexp.o sha1.o simulate.o simul_efun.o stdstrings.o strfuns.o structs.o sprintf.o swap.o types.o wiz_list.o xalloc.o   -o ldmud -lnsl -lm  -lcrypt  -lssl -lcrypto -lpcre -lmysqlclient -lsqlite3 -ljson-c -lpython3.5m -liksemel -lz
backend.o: In function `backend':
/home/ubuntu/ldmud/src/backend.c:891: undefined reference to `python_call_hook'
closure.o: In function `closure_to_string':
/home/ubuntu/ldmud/src/closure.c:6092: undefined reference to `closure_python_efun_to_stri

abathur

1. Copy both files into your user dir (C:/users/<username>)
2. edit the "server_file" path on line 4 of file_differs.bat to use the network file location of your excel sheet
3. Save the edits
4. Click your Start button
5. Type "cmd" and hit enter
6. In the cmd window, type "file_differs.vbs" and hit enter.