El Capitan compatibility #30
Comments
|
AFAIK Asepsis under El Capitan with System Integrity Protection enabled is not possible. I'm going to stop developing Asepsis and supporting it under El Capitan. |
|
Interesting, I wasn't aware of this change, so good to know... A bit of light reading for anyone else who comes across this and doesn't know about System Integrity Protection: Wikipedia and Apple El Capitan changes. Apparently you can disable System Integrity Protection, but its not a simple setting in System Preferences, so presents a pretty big barrier for Asepsis and a lot of other utilities like it that inject/override/etc. It'll be interesting to see if Apple allow specific exceptions to it, without entirely disabling System Integrity Protection... I'll certainly be submitting some feedback about this, and would encourage others to do so as well. My guess is they'd go for something like 'signed extensions' for this, rather than arbitrarily disabling specific aspects of SIP. |
|
I've filed a 'bug' through the Feedback Assistant, and suggest others do the same. |
|
I was (naïvely) hoping that Apple would finally at least provide an option in vanilla El Capitan to cease .DS_Store pollution. I guess I'll just keep waiting. |
|
You say that "Asepsis under El Capitan with System Integrity Protection enabled is not possible". This feature can be disabled in Recovery Mode, though. Which I already did to make XtraFinder work :D Would it be possible to do the same with Asepsis? Is it safe to just try to install the latest version with SIP turned off? |
|
I just tried... "This version of Asepsis is only supported under OS X 10.8, 10.9 or 10.10.' |
|
@DanielSmedegaardBuus I guess Asepsis works with SIP disabled under El Capitan. But I haven't tested it myself. I can prepare a new build with OS requirement check disabled. |
|
Please do! |
|
http://downloads.binaryage.com/Asepsis-1.5.2.dmg before installing please run this command in Terminal.app: I have just briefly tested it here on my El Capitan B6 system and Asepsis seems to work. The only problem is that some apps that link against DesktopServicesPriv.framework will be treated as newly downloaded from the internet. I had to click through all the warning dialogs again. |
|
Everything other than the update checker seems to work here, assuming there isn't going to be another update can this be disabled to prevent the errors? |
|
You have two options:
|
|
Awesome! Works :D Thank you so much :) OS X had already started cluttering my project directories, was so sad to not have Asepsis around anymore to prevent that :) 👍 |
There is some talk around this that's not related to Asepsis: http://forums.macrumors.com/threads/getting-lots-of-the-first-time-warning-at-system-startup-after-upgraded-to-dp6.1905498/ - Some people there are having success with enabling auto-login. Maybe related? |
|
Even after running the commands: Anything else I can do? |
|
@MichaelZaporozhets I'm sorry, I have no idea |
|
@MichaelZaporozhets Try to disable https://forums.developer.apple.com/thread/3981 and touch ~/.no-asepsis-os-restriction use 1.5.2.installer , works for me |
|
I saw the page got updated saying Asepsis is no longer maintained and will be made to work on El Capitan, which is sad. Has been one month since this thread was active. Is there any update on this? |
|
I have published the 1.5.2 version on the site and wrote this: It there anything I should add or explain better? |
|
Did the installer get broken? When I try to run the installer it says: |
|
@darwin Question: could Asepsis be altered in such a way that it could be installed by first disabling SIP, then installing the utility, then re-enabling SIP? Or is the way Asepsis works incompatible with that approach? Also does disabling SIP make the OS any less secure than it was under Yosemite? It is strictly a new enhancement, right? |
|
As far as I am aware, SIP needs to remain disabled for Asepsis to function Regarding security, again, as far as I'm aware, you aren't any less secure There may be other assumptions like this throughout the operating system I actually downgraded back to Yosemite as the Capitan upgrade killed all of On Wed, Oct 14, 2015 at 11:24 PM Mike Greiling [email protected]
|
|
@darwin First of all, I would like to thank you very much for the hard work that has gone into developing some of my most valuable tools, namely TotalFinder, TotalTerminal and Asepsis. Updating to 10.11 has unfortunately impacted my work flows in a considerable way, because I cannot, more or less, rely on these great utilities anymore. On the binaryage forum user aaaron_king mentioned that another developer evidently managed to circumvent SIP by having their code injection handled by a kernel extension.
Did you ever get a chance to look into this? It may or may not be the solution for TotalFinder, TotalTerminal and Asepsis. It almost sounds as if you could simply launch the injection process from the kext which has the necessary rights to do so. Unfortunately I wasn't personally able to test anything the like, as I currently don't have a paid Apple Developer membership which is required to codesign the kext these days… |
|
@m-urban Thanks, I'm glad you find my apps useful. Dockmod approach was promising, we tried it recently, but KEXT signing must be approved by a live person in Apple and they declined our request.
|
|
They should fix the damn underlying reasons people turn to things like Asepsis/Total/XtraFinder in the first place instead of just locking everything down without any consideration. I mean… would they prefer people disabling these security features altogether? |
|
@danielbayley: people usually don't disable security features, the majority simply stops using our apps. I'm glad there is at least a way for technical people to disable SIP if they really have to. Could have been worse :) |
|
@darwin Thanks for the explanation. That is too bad, really. I wonder how the Dockmod folks got to their certificate… It seems that these Hackintosh Guys are struggling with the same kind of problems. From their forum posts I get that kexts are cached. If this happens while SIP is disabled, an unsigned kext will remain working even after SIP has been turned on again. Evidently one would have to repeat the same spiel every time the system is updated, though. Bummer. |
|
Unfortunately I need some easy to follow / robust way how to let people use TotalFinder. I don't have bandwidth to support people who get stuck messing with their systems. Actually there is a way how to run TotalFinder with full SIP enabled: But I don't advertise it much, because I cannot really support people when it stops working or something goes wrong. |
|
@m-urban if that is the case, and this technique could be used for Asepsis, I could live with re-doing the procedure with each update. We pretty much had to re-install Asepsis with each update before this, albeit in a less complicated manner. |
|
@darwin I wasn't aware of the OSAX approach, thanks for the link! I take it that this might also work for TotalTerminal, as the installer's pkg contains an osax file, too? It looks like Asepsis is architected differently, though (no OSAX, right?). But I have to agree with @mikegreiling — if that is what it takes, I would gladly walk this route upon every system update. I have to agree with your statement regarding support for the average user, though — it isn't scalable. |
|
Right, Asepsis does not use OSAX. Asepsis just patches some files in restricted areas. So I believe if you install Asepsis with SIP disabled and then reboot to fully enable it again, it should work (not tested). |
|
Just wanted to confirm that @darwin's suggestion actually works:
$ asepsisctl diagnose
Your Asepsis installation seems to be OKA consequent |
|
Awesome, I've just verified this as well. Thanks @m-urban & @darwin. I've thrown together a blog post with step-by-step instructions for anyone who might not want to dig through this lengthy GitHub issues thread. http://pixelcog.com/blog/2016/disable-ds_store-in-el-capitan/ |
|
Great! Thanks for confirmation and the blog post. |
|
OSX updated to 10.11.4 today and I'm not able to get Asepsis run again: Anybody who has able to got it working again after op.sys update? |
|
@sookoll looks like you don't have permissions to modify Aren't you running it with SIP enabled (protected filesystem)? |
|
Ah crap, yes You are right. I ran crsutil disable; reboot in a row so I didn't notice a typo, so SIP didn't disabled. Thanks. It work now again. |
|
Though I know this software isn't under development, I need some help with that.
Here's the log when I ran Any help is appreciated :) |
|
To me it looks like Asepsis is not installed here Did you run the installer? |
|
I have been encountering a case of "Higher usage of CPU for Helper Services, which make use of the DesktopServicesPriv.framework". This resulted in a DropboxHelper using up one full thread of the CPU. I eventually tracked it down to asepsis and uninstalled it, which solved my problem. One thing to note, after installing asepsis I updated my OS, maybe from 10.11.4 to 10.11.6 but had SIP disabled. I did not check if asepsis was running correctly but uninstalled directly. |
|
Old thread but I just tried reinstalling Asepsis on 10.13.5 and I'm told:
So is that it? RIP my folders, .DS_Store apocalypse here we come? 😭 |
|
You might try to comment out that check, I don't think it is necessary. But I have not tested it myself. asepsis/ctl/cmd/install_wrapper.rb Lines 21 to 23 in 89b55ac |
|
Thanks @darwin |
|
Hello @darwin, I know that this is unsupported currently, but when trying to install this on Mojave I'm getting this strange error that I never received on High Sierra and was wondering if you could shed some light on it:
|
|
Hey @JK3Y, I'm still on High Sierra, but FWIW something very similar to that happened to me, and I resolved it by running the actual installer .pkg file in the 1.5.2 dmg again - not just the install_wrapper command. uninstall_wrapper wouldn't work properly either, but after trying that and rebooting (I think), the installer itself worked. I'm hoping you can get it going on Mojave because I want it working too! |
|
@frogworth That didn't work. :( I read that Mojave has beefed up SIP, which is most likely the reason that it isn't working. Asepsis is easily one of the most important apps that I use as a developer and I've yet to find any alternative anywhere online. |
|
I'm sorry. I don't use Asepsis anymore and cannot spend time trying it under Mojave. @JK3Y TotalFinder had issues sending Apple Events in previous beta releases of Mojave. But those have been resolved by Apple. See https://discuss.binaryage.com/t/totalfinder-support-in-macos-10-14-mojave/6506/86 |
|
@darwin I was able to get Asepsis to install on Mojave by: I'll be committing my changes to my fork here in a bit but so far it's working. I haven't reenabled SIP yet, but asepsis continues to work following reboots. :D Edit: I have reenabled SIP. TotalFinder told me to either reenable SIP or uninstall it; Asepsis on the other hand is working just fine! |
|
@JK3Y if you could share that fork I'd be grateful! |
|
@frogworth Here ya go! https://github.com/JK3Y/asepsis. Just follow the build instructions and it should work :) |
|
@JK3Y, thanks for your time in fixing the issue with High Sierra and El Capitan <3 Sadly, I am unable to make it clone properly. Here's the error message that I stumbled upon. Please, consider opening the |
|
@dinamic It's because of your lack of ssh key access to github.com |
As I'm sure you're aware, public & developer betas are out for OS X 10.11 El Capitan.
During installation (pubic beta), Asepsis was explicitly noted as being incompatible and disabled by OS X.
Are you planning on releasing a version compatible with El Capitan, and if so is there a (rough) timeline?
The text was updated successfully, but these errors were encountered: