Upload diagnostic.sh
Browse files- diagnostic.sh +57 -42
diagnostic.sh
CHANGED
|
@@ -105,20 +105,60 @@ if [ -d "$MEDIACORE_PATH" ]; then
|
|
| 105 |
plugin_name=$(basename "$plugin_bundle" .plugin)
|
| 106 |
plugin_modified=$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" "$plugin_bundle" 2>/dev/null || echo "unknown")
|
| 107 |
plugin_size=$(du -sh "$plugin_bundle" 2>/dev/null | cut -f1 || echo "?")
|
|
|
|
|
|
|
| 108 |
|
| 109 |
# Check if binary exists
|
| 110 |
binary_path="$plugin_bundle/Contents/MacOS/$plugin_name"
|
| 111 |
if [ -f "$binary_path" ]; then
|
| 112 |
arch=$(lipo -archs "$binary_path" 2>/dev/null || echo "?")
|
| 113 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 114 |
log " Modified: $plugin_modified | Size: $plugin_size | Arch: $arch"
|
|
|
|
|
|
|
| 115 |
else
|
| 116 |
log "$WARN $plugin_name (binary missing)"
|
| 117 |
log " Modified: $plugin_modified | Size: $plugin_size"
|
|
|
|
| 118 |
fi
|
|
|
|
| 119 |
done < <(find "$MEDIACORE_PATH" -maxdepth 2 -name "*.plugin" -type d 2>/dev/null | sort)
|
| 120 |
|
| 121 |
-
log ""
|
| 122 |
log "Total plugins found: $PLUGIN_COUNT"
|
| 123 |
else
|
| 124 |
log "$WARN MediaCore directory not found: $MEDIACORE_PATH"
|
|
@@ -402,7 +442,7 @@ print_section "File Permissions & Ownership"
|
|
| 402 |
PERM_ISSUES=0
|
| 403 |
CURRENT_USER=$(whoami)
|
| 404 |
|
| 405 |
-
log "${BLUE}
|
| 406 |
log ""
|
| 407 |
|
| 408 |
# Check each file and directory
|
|
@@ -417,58 +457,33 @@ while IFS= read -r item; do
|
|
| 417 |
REL_PATH="${item#$PLUGIN_PATH}"
|
| 418 |
[ -z "$REL_PATH" ] && REL_PATH="/"
|
| 419 |
|
|
|
|
|
|
|
|
|
|
| 420 |
# Check if it's a directory or file
|
| 421 |
if [ -d "$item" ]; then
|
| 422 |
ITEM_TYPE="d"
|
| 423 |
# Directories should be readable and executable (r-x) by all
|
| 424 |
if [[ "$PERMS" != d*r?x*r?x*r?x* ]] && [[ "$PERMS" != d*r?x*r?x* ]]; then
|
| 425 |
-
|
| 426 |
-
if [[ "$PERMS" == d*r?x* ]]; then
|
| 427 |
-
# Owner can access, check if current user is owner
|
| 428 |
-
if [ "$OWNER" != "$CURRENT_USER" ] && [ "$OWNER" != "root" ]; then
|
| 429 |
-
log "$WARN $REL_PATH"
|
| 430 |
-
log " Perms: $PERMS Owner: $OWNER:$GROUP"
|
| 431 |
-
log " ${YELLOW}May not be accessible to After Effects${NC}"
|
| 432 |
-
PERM_ISSUES=$((PERM_ISSUES + 1))
|
| 433 |
-
fi
|
| 434 |
-
else
|
| 435 |
-
log "$FAIL $REL_PATH"
|
| 436 |
-
log " Perms: $PERMS Owner: $OWNER:$GROUP"
|
| 437 |
-
log " ${RED}Directory not readable/executable${NC}"
|
| 438 |
-
PERM_ISSUES=$((PERM_ISSUES + 1))
|
| 439 |
-
fi
|
| 440 |
fi
|
| 441 |
else
|
| 442 |
-
|
| 443 |
-
# Files should be readable by all, executable if binary
|
| 444 |
-
FILENAME=$(basename "$item")
|
| 445 |
-
|
| 446 |
-
# Check if file is readable
|
| 447 |
if [[ "$PERMS" != -*r* ]]; then
|
| 448 |
-
|
| 449 |
-
log " Perms: $PERMS Owner: $OWNER:$GROUP"
|
| 450 |
-
log " ${RED}File not readable${NC}"
|
| 451 |
-
PERM_ISSUES=$((PERM_ISSUES + 1))
|
| 452 |
fi
|
| 453 |
-
|
| 454 |
# Binary should be executable
|
| 455 |
-
if [ "$item" = "$BINARY_PATH" ]; then
|
| 456 |
-
|
| 457 |
-
log "$FAIL $REL_PATH"
|
| 458 |
-
log " Perms: $PERMS Owner: $OWNER:$GROUP"
|
| 459 |
-
log " ${RED}Binary not executable${NC}"
|
| 460 |
-
PERM_ISSUES=$((PERM_ISSUES + 1))
|
| 461 |
-
fi
|
| 462 |
fi
|
| 463 |
fi
|
| 464 |
|
| 465 |
-
#
|
| 466 |
-
if [
|
| 467 |
-
|
| 468 |
-
|
| 469 |
-
|
| 470 |
-
|
| 471 |
-
fi
|
| 472 |
fi
|
| 473 |
|
| 474 |
done < <(find "$PLUGIN_PATH" -print 2>/dev/null)
|
|
|
|
| 105 |
plugin_name=$(basename "$plugin_bundle" .plugin)
|
| 106 |
plugin_modified=$(stat -f "%Sm" -t "%Y-%m-%d %H:%M" "$plugin_bundle" 2>/dev/null || echo "unknown")
|
| 107 |
plugin_size=$(du -sh "$plugin_bundle" 2>/dev/null | cut -f1 || echo "?")
|
| 108 |
+
plugin_perms=$(stat -f "%Sp" "$plugin_bundle" 2>/dev/null || echo "?")
|
| 109 |
+
plugin_owner=$(stat -f "%Su:%Sg" "$plugin_bundle" 2>/dev/null || echo "?")
|
| 110 |
|
| 111 |
# Check if binary exists
|
| 112 |
binary_path="$plugin_bundle/Contents/MacOS/$plugin_name"
|
| 113 |
if [ -f "$binary_path" ]; then
|
| 114 |
arch=$(lipo -archs "$binary_path" 2>/dev/null || echo "?")
|
| 115 |
+
binary_perms=$(stat -f "%Sp" "$binary_path" 2>/dev/null || echo "?")
|
| 116 |
+
|
| 117 |
+
# Check code signing
|
| 118 |
+
codesign_check=$(codesign -dv --verbose=2 "$plugin_bundle" 2>&1)
|
| 119 |
+
if echo "$codesign_check" | grep -q "Authority="; then
|
| 120 |
+
signer=$(echo "$codesign_check" | grep "Authority=" | head -1 | cut -d= -f2 | cut -c1-40)
|
| 121 |
+
sign_status="$PASS"
|
| 122 |
+
elif echo "$codesign_check" | grep -q "Signature=adhoc"; then
|
| 123 |
+
signer="ad-hoc"
|
| 124 |
+
sign_status="$WARN"
|
| 125 |
+
elif echo "$codesign_check" | grep -q "TeamIdentifier="; then
|
| 126 |
+
# Signed but no Authority line (Developer ID)
|
| 127 |
+
team=$(echo "$codesign_check" | grep "TeamIdentifier=" | cut -d= -f2)
|
| 128 |
+
signer="Team: $team"
|
| 129 |
+
sign_status="$PASS"
|
| 130 |
+
else
|
| 131 |
+
signer="unsigned"
|
| 132 |
+
sign_status="$FAIL"
|
| 133 |
+
fi
|
| 134 |
+
|
| 135 |
+
# Check notarization
|
| 136 |
+
if echo "$codesign_check" | grep -q "Notarization Ticket"; then
|
| 137 |
+
notarized="yes"
|
| 138 |
+
else
|
| 139 |
+
notarized="no"
|
| 140 |
+
fi
|
| 141 |
+
|
| 142 |
+
# Check quarantine
|
| 143 |
+
quarantine_check=$(xattr -p com.apple.quarantine "$plugin_bundle" 2>/dev/null)
|
| 144 |
+
if [ -n "$quarantine_check" ]; then
|
| 145 |
+
qflag="$WARN quarantined"
|
| 146 |
+
else
|
| 147 |
+
qflag=""
|
| 148 |
+
fi
|
| 149 |
+
|
| 150 |
+
log "$sign_status $plugin_name $qflag"
|
| 151 |
log " Modified: $plugin_modified | Size: $plugin_size | Arch: $arch"
|
| 152 |
+
log " Perms: $plugin_perms | Binary: $binary_perms | Owner: $plugin_owner"
|
| 153 |
+
log " Signed: $signer | Notarized: $notarized"
|
| 154 |
else
|
| 155 |
log "$WARN $plugin_name (binary missing)"
|
| 156 |
log " Modified: $plugin_modified | Size: $plugin_size"
|
| 157 |
+
log " Perms: $plugin_perms | Owner: $plugin_owner"
|
| 158 |
fi
|
| 159 |
+
log ""
|
| 160 |
done < <(find "$MEDIACORE_PATH" -maxdepth 2 -name "*.plugin" -type d 2>/dev/null | sort)
|
| 161 |
|
|
|
|
| 162 |
log "Total plugins found: $PLUGIN_COUNT"
|
| 163 |
else
|
| 164 |
log "$WARN MediaCore directory not found: $MEDIACORE_PATH"
|
|
|
|
| 442 |
PERM_ISSUES=0
|
| 443 |
CURRENT_USER=$(whoami)
|
| 444 |
|
| 445 |
+
log "${BLUE}All files in plugin bundle:${NC}"
|
| 446 |
log ""
|
| 447 |
|
| 448 |
# Check each file and directory
|
|
|
|
| 457 |
REL_PATH="${item#$PLUGIN_PATH}"
|
| 458 |
[ -z "$REL_PATH" ] && REL_PATH="/"
|
| 459 |
|
| 460 |
+
# Determine status icon
|
| 461 |
+
HAS_ISSUE=0
|
| 462 |
+
|
| 463 |
# Check if it's a directory or file
|
| 464 |
if [ -d "$item" ]; then
|
| 465 |
ITEM_TYPE="d"
|
| 466 |
# Directories should be readable and executable (r-x) by all
|
| 467 |
if [[ "$PERMS" != d*r?x*r?x*r?x* ]] && [[ "$PERMS" != d*r?x*r?x* ]]; then
|
| 468 |
+
HAS_ISSUE=1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 469 |
fi
|
| 470 |
else
|
| 471 |
+
# Files should be readable
|
|
|
|
|
|
|
|
|
|
|
|
|
| 472 |
if [[ "$PERMS" != -*r* ]]; then
|
| 473 |
+
HAS_ISSUE=1
|
|
|
|
|
|
|
|
|
|
| 474 |
fi
|
|
|
|
| 475 |
# Binary should be executable
|
| 476 |
+
if [ "$item" = "$BINARY_PATH" ] && [[ "$PERMS" != -*x* ]]; then
|
| 477 |
+
HAS_ISSUE=1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 478 |
fi
|
| 479 |
fi
|
| 480 |
|
| 481 |
+
# Always show the file with its permissions
|
| 482 |
+
if [ $HAS_ISSUE -eq 1 ]; then
|
| 483 |
+
log "$FAIL $PERMS $OWNER:$GROUP $REL_PATH"
|
| 484 |
+
PERM_ISSUES=$((PERM_ISSUES + 1))
|
| 485 |
+
else
|
| 486 |
+
log "$PASS $PERMS $OWNER:$GROUP $REL_PATH"
|
|
|
|
| 487 |
fi
|
| 488 |
|
| 489 |
done < <(find "$PLUGIN_PATH" -print 2>/dev/null)
|