brew
brew copied to clipboard
Homebrew
Python: Python.framework should be ad-hoc codesigned
brew gist-logs <formula> link OR brew config AND brew doctor output
> brew doctor
Your system is ready to brew.
> brew config
HOMEBREW_VERSION: 4.2.8
ORIGIN: https://github.com/Homebrew/brew
HEAD: eb7338abba43112e16e178d4329d5483d6d8fd6f
Last commit: 2 days ago
Core tap JSON: 14 Feb 16:00 UTC
Core cask tap JSON: 14 Feb 16:00 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_MAKE_JOBS: 4
Homebrew Ruby: 3.1.4 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.1.4/bin/ruby
CPU: quad-core 64-bit dunno
Clang: 15.0.0 build 1500
Git: 2.39.3 => /Library/Developer/CommandLineTools/usr/bin/git
Curl: 8.4.0 => /usr/bin/curl
macOS: 13.6.4-arm64
CLT: 15.1.0.0.1.1700200546
Xcode: N/A
Rosetta 2: false
Verification
- [X] My "
brew doctoroutput" saysYour system is ready to brew.and am still able to reproduce my issue. - [X] I ran
brew updateand am still able to reproduce my issue. - [X] I have resolved all warnings from
brew doctorand that did not fix my problem. - [X] I searched for recent similar issues at https://github.com/Homebrew/homebrew-core/issues?q=is%3Aissue and found no duplicates.
What were you trying to do (and why)?
I was trying to send a notification from within python with e.g. https://github.com/samschott/desktop-notifier (but doing so directly with PyObjC also has the same effect). This is a part of a python program I work on.
What happened (include all command output)?
The macOS UNUserNotificationCenter API returns: "Authorisation denied: Notifications are not allowed for this application." due to improper Framework signing
What did you expect to happen?
I think notifications and any other macOS feature requiring code signing should be accessible within Python apps.
From my testing, codesign --force --deep -s - /opt/homebrew/Cellar/[email protected]/3.11.7_1/Frameworks/Python.frameworkwas enough to fix this issue and, as far as I know, has no side effects.
For what it's worth, the problem is also reported on the python desktop-notifiermodule's readme:
https://github.com/samschott/desktop-notifier?tab=readme-ov-file#notes-on-macos
Step-by-step reproduction instructions (by running brew commands)
brew install python
pip3 install desktop-notifier
python3
**(within python3 shell)**
from desktop_notifier import DesktopNotifier
notifier = DesktopNotifier()
notifier.send_sync(title="Hello world!", message="Sent from Python")
Moving it since the signing happens in brew, and should probably apply to all or none of the frameworks that you can install with brew.
Will review a PR for this but would like to see more requests for this before maintainers work on it as it seems to be a very niche use-case.
@Bo98 @fxcoudert @woodruffw will know more about whether this is a reasonable thing to do.
(For what it’s worth i’d be fine with opening a PR to add this to the Python formulas currently on brew if no issues are raised here)
Seems OK, but does it actually need --deep? Binaries inside should already be ad-hoc code signed.
I'm not sure why the framework needs to be code-signed, if the binaries/libraries already are. And if so, why is the Python build process not signing it?
Seems OK, but does it actually need
--deep? Binaries inside should already be ad-hoc code signed.
You're right, tested without it and it also worked.
I'm not sure why the framework needs to be code-signed, if the binaries/libraries already are. And if so, why is the Python build process not signing it?
Honestly no idea why macOS enforces it like this, but the official build from python.org is also signed
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Sorry, passing on this for now. Will review/consider a PR, though (but cannot promise it will be merged).