TF 1.9.0 won't launch with SIP fully enabled

issue

#1

I just followed the new installation instructions for TF 1.9.0 and everything went smoothly until I re-enabled SIP as suggested. After a reboot, TF will not start and I am presented with an error message noting that “Apple Events cannot be delivered.” This is on Sierra 10.12.4 Beta (16E191a).

I will go back and partially disable SIP (–without debug) and see how that goes.

EDIT: Nope, that did not work. Rebooting into recovery OS and executing csrutil enable --without debug did not fix the problem. Still getting the same error message about Apple Events. I guess for now my only options are to roll back to an older TF version or completely disabling SIP.


#2

OK @darwin , I think I figured out the problem and it’s my fault. For a few years now, I’ve been using a custom icon for the Visor pin button (sorry, not a fan of the slightly purplish default button) by overwriting the two necessary icons in TotalFinder.bundle with these:

It’s usually the first thing I do after installing a new TF version, and this time was no different. Now, however, it would appear that modifying TotalFinder.bundle is a no-go.

Re-installing TF 1.9.0 with SIP disabled (without altering TotalFinder.bundle) and then re-enabling SIP worked fine and everything is working properly. Just with a purple icon. :grinning:

I don’t suppose you have any interest in using my icons? They really do match the system color scheme better! I’d be happy to send them to you. :grin:


#3

Hi Philip,

You are correct. TF 1.9.0 newly checks code signatures of all code it loads dynamically. Because TotalFinder installs a system component into SIP-protected area. If someone was able to trick the user into replacing /Applications/TotalFinder.app or some of its components. It would allow attacker to run his code instead of TotalFinder’s with SIP fully enabled. This risk is hypothetical because all TotalFinder files can be modified only with admin permissions. But we decided to make this more strict. Similar thing applies to TotalSpaces 2.5.4.

Currently I report code-signature failures only into logs in Console.app. I will probably make it more prominent and report the issues as macOS notifications as well.

Your icons look good. Please send me the icons to support@binaryage.com. I will implement them as a tweak for next release and enable them as default.


#4

I have the same problem with 1.9 not launching and getting the Apple event message. However, I’ve not enabled SIP protection. OS 10.12.3


#5

Can you please

  1. open /Applications/Utilities/Console.app,
  2. filter the log list by “Finder” in top-right search field,
  3. then kill Finder.app via CMD+OPT+ESC,
  4. and kill TotalFinder.app via Activity Monitor.app.
  5. then Clear the list in Console.app
  6. and launch /Applications/TotalFinder.app.

You should see some error messages in the console.


#6

Yes, I do get messages. What should I do with them? And which log should I be looking in? I am looking at Diagnostic and Usage Data.

They keep piling on so I grabbed the first batch that seem to pertain to Total Finder. Now am uninstalling 1.9 and reverting to previous install, which works without problems.


#7

Yeah, console output is pretty busy, that is why I wanted you to filter it by “Finder”.

I’m looking at “All Messages” and in Devices I have selected my main machine.

Ok, let’s move to support@binaryage.com.