diff options
| author | Andrea Gottardo <andrea@gottardo.me> | 2024-03-19 10:45:45 -0700 |
|---|---|---|
| committer | Andrea Gottardo <andrea@gottardo.me> | 2024-03-19 10:45:45 -0700 |
| commit | 6c59d6bff3779a054f8a74406f19915f086425eb (patch) | |
| tree | cbbe287de31f098d8815d130e779a09a914a52c5 | |
| parent | 68d9e49a5bd996a4dcc4cc6d380df406f1878928 (diff) | |
| download | tailscale-angott/corp-18441.tar.xz tailscale-angott/corp-18441.zip | |
version/prop: remove IsMacAppSandboxEnabledangott/corp-18441
Fixes tailscale/corp#18441
For a few days, IsMacAppStore() has been returning `false` on App Store builds (IPN-macOS target in Xcode).
I regressed this in tailscale/tailscale#11369 by introducing logic to detect the sandbox by checking for the APP_SANDBOX_CONTAINER_ID environment variable. I thought that was a more robust approach instead of checking the name of the executable. However, it appears that on recent macOS versions this environment variable is no longer getting set, so we should go back to the previous logic that checks for the executable path, or $HOME containing references to macsys.
Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
| -rw-r--r-- | version/prop.go | 20 |
1 files changed, 1 insertions, 19 deletions
diff --git a/version/prop.go b/version/prop.go index 11cc69c03..9ac4bbc73 100644 --- a/version/prop.go +++ b/version/prop.go @@ -71,7 +71,7 @@ func IsMacSysApp() bool { } // Check that this is the GUI binary, and it is not sandboxed. The GUI binary // shipped in the App Store will always have the App Sandbox enabled. - return strings.HasSuffix(exe, "/Contents/MacOS/Tailscale") && !IsMacAppSandboxEnabled() + return !IsMacAppStore() && strings.HasSuffix(exe, "/Contents/MacOS/Tailscale") }) } @@ -96,19 +96,6 @@ func IsMacSysExt() bool { }) } -var isMacAppSandboxEnabled lazy.SyncValue[bool] - -// IsMacAppSandboxEnabled reports whether this process is subject to the App Sandbox -// on macOS. -func IsMacAppSandboxEnabled() bool { - if runtime.GOOS != "darwin" { - return false - } - return isMacAppSandboxEnabled.Get(func() bool { - return os.Getenv("APP_SANDBOX_CONTAINER_ID") != "" - }) -} - var isMacAppStore lazy.SyncValue[bool] // IsMacAppStore whether this binary is from the App Store version of Tailscale @@ -121,11 +108,6 @@ func IsMacAppStore() bool { // Both macsys and app store versions can run CLI executable with // suffix /Contents/MacOS/Tailscale. Check $HOME to filter out running // as macsys. - if !IsMacAppSandboxEnabled() { - // If no sandbox found, we're definitely not on an App Store release, as you cannot push - // anything to the App Store that has the App Sandbox disabled. - return false - } if strings.Contains(os.Getenv("HOME"), "/Containers/io.tailscale.ipn.macsys/") { return false } |