[GRASS-dev] GRASS GIS for Apple Silicon Macs

Edouard Choinière e.chs at outlook.com
Fri Sep 22 11:33:29 PDT 2023 

Well, it’s not new, it’s been like that since 2020 with Big Sur and the introduction of M1 (before that M1 isn’t supported).  Big Sur (version 11), was followed by Monterey (version 12), then Ventura (version 13), then Sonoma (version 14), which is the beta you’re talking about and the expected General availability is on September 26, 2023, in a couple of days.

Even homebrew had problems at that time, so we’re not alone.


Edouard Choinière

Le 22 sept. 2023 à 14:23, Michael Barton via grass-dev <grass-dev at lists.osgeo.org> a écrit :

 This would be a major change by Apple and a royal PITA. I hope it is only something in the current beta and not in the final release (which I have not yet installed).

We can probably sign through OSGEO. But when I looked into signing, it seems difficult unless you use Apple XCode. That would be a big step back from the current ease of compiling Mac binaries with Conda. When I looked into it several years ago, I could not find any clear instructions about how to sign code without XCode, although it may be possible.

Michael
_____________________________

C. Michael Barton
Associate Director, School of Complex Adaptive Systems (https://scas.asu.edu<https://scas.asu.edu/>)
Professor, School of Human Evolution & Social Change (https://shesc.asu.edu)
Director, Center for Social Dynamics & Complexity (https://complexity.asu.edu)
Arizona State University
Tempe, AZ 85287-2701
USA

Executive Director, Open Modeling Foundation (https://openmodelingfoundation.github.io<https://openmodelingfoundation.github.io/>)
Director, Network for Computational Modeling in Social & Ecological Sciences (https://comses.net)

personal website: http://www.public.asu.edu/~cmbarton


On Sep 22, 2023, at 10:34 AM, grass-dev-request at lists.osgeo.org wrote:

Date: Fri, 22 Sep 2023 17:33:54 +0000
From: Edouard Choini?re <e.chs at outlook.com<mailto:e.chs at outlook.com>>
To: Nicklas Larsson <n_larsson at yahoo.com<mailto:n_larsson at yahoo.com>>
Cc: GRASS developers <grass-dev at lists.osgeo.org<mailto:grass-dev at lists.osgeo.org>>
Subject: Re: [GRASS-dev] GRASS GIS for Apple Silicon Macs
Message-ID:
<SA1PR12MB73447EC8CDE24093C1F2BD14EFFFA at SA1PR12MB7344.namprd12.prod.outlook.com<mailto:SA1PR12MB73447EC8CDE24093C1F2BD14EFFFA at SA1PR12MB7344.namprd12.prod.outlook.com>>

Content-Type: text/plain; charset="utf-8"

I think I figured out an explanation. I tried to read about CI for macOS, then on why there aren?t a lot of CI for macOS (especially Apple Silicon). I also couldn?t look into the build infrastructure used for your grass macOS builds since they don?t seem to be available on GitHub. Is it local only?

Ok, so now to a possible explanation on why Rosetta 2 is asked to be installed.
It seems that with Apple Silicon, arm64 code needs to be signed (which is new), while x86_64 doesn?t, like before. I think it was mentioned in the thread that the app might be unsigned. So I suspect that even if a universal binary contains arm64 and x86_64 binaries, if it is unable to use the arm64 binary, it will try using the intel ones.


<https://urldefense.com/v3/__https://www.sentinelone.com/blog/why-your-macos-edr-solution-shouldnt-be-running-under-rosetta-2/__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJwmGQB7Q$>
[Apple-Silicon-Rosetta-2-and-the-Challenges-for-Endpoint-Security-7.jpg]
Why Your macOS EDR Solution Shouldn't Be Running Under Rosetta 2<https://urldefense.com/v3/__https://www.sentinelone.com/blog/why-your-macos-edr-solution-shouldnt-be-running-under-rosetta-2/__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJwmGQB7Q$>
sentinelone.com<http://sentinelone.com/><https://urldefense.com/v3/__https://www.sentinelone.com/blog/why-your-macos-edr-solution-shouldnt-be-running-under-rosetta-2/__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJwmGQB7Q$>

In particular, see the part where it says:


That?s because one of the changes Apple brought in with Big Sur<https://urldefense.com/v3/__https://www.sentinelone.com/blog/macos-big-sur-has-landed-10-essential-security-tips-you-should-know/__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJLjqv1E8$ > that only applies to Apple silicon Macs is that native arm64 code cannot execute on an M1 Mac unless it has a valid code signature.

An Apple silicon Mac doesn?t permit native arm64 code execution under any conditions unless a valid signature is attached. Translated x86_64 code, however, is not subject to this restriction<https://urldefense.com/v3/__https://support.apple.com/guide/security/rosetta-2-on-a-mac-with-apple-silicon-secebb113be1/web__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJR3pAVfc$ >: translated x86_64 code is permitted to execute through Rosetta with no signature information at all.



There?s also that thread that was linked to from my reading some Reddit threads (like https://urldefense.com/v3/__https://www.reddit.com/r/programming/comments/15njgdc/apple_doesnt_want_you_developing_hobby_apps/jvmvxv6/__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJuQeo8wU$<https://urldefense.com/v3/__https://www.reddit.com/r/programming/comments/15njgdc/apple_doesnt_want_you_developing_hobby_apps/jvmvxv6/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJe85GbbA$ >, was useful if you ignore the purely Reddit-like comments)

<https://urldefense.com/v3/__https://github.com/Homebrew/brew/issues/9082__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJqX03vPY$ >
[9082.png]
Codesigning on macOS 11 on Apple Silicon ? Issue #9082 ? Homebrew/brew<https://urldefense.com/v3/__https://github.com/Homebrew/brew/issues/9082__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJqX03vPY$ >
github.com<http://github.com/><https://urldefense.com/v3/__https://github.com/Homebrew/brew/issues/9082__;!!IKRxdwAv5BmarQ!fsArQT1R77zoM9dYDuSYWa2EDSuZWXHf8RL6ndhUKVFs465WYl5KI24PM-gzQSn-C40Ow3bvU871smBGyyY33dx99byJqX03vPY$ >

These two sources also point to a potential problem with ?ad hoc? signing that would have a ?works on my machine? effect, if the executable changes somewhere. But the debugging done doesn?t indicate that this is what is happening now from the messages received.


I don?t own a macOS computer, nor a macOS computer with Apple Silicon in order to do any of the debugging needed to confirm all of this.


Edouard Choini?re


_______________________________________________
grass-dev mailing list
grass-dev at lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/grass-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/grass-dev/attachments/20230922/7a6bcc51/attachment-0001.htm>

More information about the grass-dev mailing list