SageMath-9.0 authentication error

asked 2020-02-21 05:36:36 +0200

rana-aerea gravatar image

updated 2020-02-21 17:10:00 +0200 copied from mounted disk image file was refused by macOS Mojave on my machine. I managed to bypass authentication for my machine in some way. But, this experience might suggest a bigger trouble. So, I would like to explain my workaround and then ask questions. I also ask cooperation of the developers and the users.


A possible reason is the signature of Info.plist in

        myhome$ codesign --verify /Applications/
        /Applications/ invalid Info.plist
        (plist or signature have been modified)
        In architecture: x86_64

Bypassing Authentication

On macOS Mojave, it is hard to work around this error. Articles on internet say that GUI-interface for skipping authentication was removed from macOS Mojave. I cannot verify the precise meaning of this change because I moved from macOS Mavericks to macOS Mojave skipping several versions. I also hesitate to upgrade to macOS Catalina because I am using some old software I do not expect to work in macOS Catalina.

Anyway, I managed to find a workaround for my machine. It was to use spctl command from I describe it here.

First step is to disabling SecAssessment system.

        myhome$ sudo spctl  --master-disable

The second step is double clicking the Mac Application (Depending on the settings of Finder, the file name may read SageMath-9.0.)

  1. A dialogue window appears and asks if it is OK to open Click Open.
  2. Then, click Continue for the dialogue of Read-only Sage.
  3. If there is a .sage folder in the home folder, click Ask me Lator for the dialogue of Sage Notebook Upgrade.
  4. Web page loading-page.html and Jupyter's login page show-up. Close these two pages and quit Sage from menu of Icosahedron Icon.

The third step is to enable SecAssessment system.

        myhome$ sudo spctl  --master-enable

Analyzing the Trouble

I tested the situation in 2x2 = 4 combinations. Each time, I deleted and copied from the disk image file.

  1. Double click before unix command /Applications/ or in the reverse order.
  2. Double click while SecAssessment system is enabled and double click after SecAssessment system is disabled.

Altering contents of by of invocation of /Applications/ earlier than the authentication does not change the situation.

I also applied codesign command immediately after copying from the disk image file. The command detected error in signature of Info.plist.

All these results suggest Info.plist of was altered after it was signed and before it was shipped out. Or a more serious possibility is different versions of macOS have different behaviour of authentication, which cause refused by different versions of macOS from the developer's environment.

I guess this should be solved in the next release.

Two Questions and Call for Cooperation

_The first question is if the developer' s environment accepts If the environment accepts the software it has once accepted, test for this issue must include verfication of signature by codesign command. (An example of such a verification is quoted at the beginning.)

Here, I expect different behaviour of authentication from the one I observed. This is because I expect the developer compiles the software into the same application bundle in the same location overwriting the software, which might influence different behaviour of authentication from the user's machine.

_The second question is if is it OK to run /Applications/ from before authentication process (which is triggered by double clicking This is about the situtation in which SageMath-9.1 would pass the authentication process of macOS if authentication is earlier than the command line invocation of As what Apple does is mysterious, I feel we should check this issue.

(I have in mind: a unix user helps his fiend installing knowing his fiend is scared of command line. However, for demonstration of how Sagemath works, he invokes the This can be at lunch time after sage is assinged in math class. They seperate and after several classes, the friend tries to use double clicking it. Unfortunately, the friend does not understand command line. The report on sage is impossible to be in time.)

Up to here, I was mainly writing to the developers. I also want to ask one thing to the users.

I heard authentication of macOS is getting stronger and stronger for these four years. I am afraid this means finalization of SageMath-9.1 requires testing authentication on macOS Sierra, macOS High Sierra, macOS Mojave and macOS Catalina. I volunteer to be the tester of authentication for macOS Mojave. _I ask the developers and the users to coopereate testing authentication of

Addition: I found relevant questions.

  • ask sagemath
    • Sage 9.0 installation issues on macOS 10.15.2 Catalina
    • SageMath 9.0 app macOS: jupyter server fails to start
    • New SageMath 9.0 installation not running on Catalina. SageMath 8.7 worked fine.
  • sage support
    • "SageMath is damaged and can't be opened" on macOS 10.14
    • Jupiter Server fails to start on macOS Catalina
    • New User to SageMath Setup Issues
    • Sage 9.0 macOS Jupyter Server failed to start
    • sage does not run on Mac Catalina
    • fails to start on macOS 10.14.6

Possibly relevant:

  • sage support
    • I can't run SageMath neither 8.9 nor 9.0 on my iMac (Catalina)

None of them sugget testing codesign. I think this post is one little step forward.

edit retag flag offensive close merge delete