Can't Connect via Socket

[pelmered]

• Sequel Ace Version: 2.0.2
• macOS Version: 10.15.5 (Catalina)
• MySQL Version: MariaDB 10.4.13

Description
Sequel Ace can't connect to local MariaDB though socket with empty password.

Steps To Reproduce

1. Install MariaDB with homebrew brew reinstall mariadb
2. Setup connection with socket, your mac user username and empty password (the default credentials when installing through brew)

3. Try to connect

Expected Behaviour
It should connect successfully.

Additional Context

• The exact same connection settings work fine in Sequel Pro

• I have also tried to specify the socket path: /tmp/mysql.sock

• My guess is that this has something to do with the empty password.

• Connecting though CLI works fine as well. Both these are working:
  mysql
mysql --user=peter --socket=/tmp/mysql.sock

[gboudreau]

I can confirm socket connections are failing...
I can connect using 127.0.0.1, user root, no password. But I can't connect using /tmp/mysql.sock, user root.

[Jason-Morcos]

We probably can't access the tmp dir maybe? Cause of sandbox. Sockets not working for me either.

…

On Jun 26, 2020, at 08:13, Guillaume Boudreau ***@***.***> wrote:  I can confirm socket connections are failing... I can connect using 127.0.0.1, user root, no password. But I can't connect using /tmp/mysql.sock, user root. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[gboudreau]

Indeed, we might have to use a file selector to select the socket, and use a bookmark... That would mean making that field mandatory.

[Jason-Morcos]

I think that's probably the right call, @gboudreau. Gonna take a look at the new SSL/SSH keys bookmarks PR (James tweaked it last night) and merge that if good - perhaps we could leverage the same stuff that does, just adding a file selector for socket?

[Jason-Morcos]

Other PR merged if we want to leverage similar capabilities! #105

[jamesstout]

Indeed, we might have to use a file selector to select the socket, and use a bookmark... That would mean making that field mandatory.

I can't get the NSOpenPanel to display the socket file... it's there on the filesystem, not shown in the panel:

[Jason-Morcos]

Indeed, we might have to use a file selector to select the socket, and use a bookmark... That would mean making that field mandatory.

I can't get the NSOpenPanel to display the socket file... it's there on the filesystem, not shown in the panel:

@jamesstout is that with show hidden files/folders enabled in the open panel?

[jamesstout]

@jamesstout is that with show hidden files/folders enabled in the open panel?

Yep.

[jamesstout]

If you set the app to be not sandboxed, you can connect, but the socket file still doesn't appear in the open panel.

[Jason-Morcos]

Does it work if we require the user to give us access to the whole tmp directory via security scoped bookmark? Like if to use a socket you must go select the tmp directory and grant us access via file browser? Idk if it would get approved, but we could make it so it really only popped up if you tried to use socket and was indicated as an opt-in kind of thing?

[jamesstout]

I don't think so, pretty sure I tested that. The sockets do appear if you use

[urlArr setArray:[fm contentsOfDirectoryAtPath:selectedFilePath error:&err]];

urlArr contains the socket. But it hasn't been selected by the user. I'll try again later. Working hours here now.

[jamesstout]

Yeah, doesn't work. You can see here I have/tmp(actually /private/tmp) in the bookmarks, but when I try to use /tmp/mysqld.sock, I get the error reported above.

[brandondove]

I'm also having a similar problem connecting via socket. It's not te exact same issue, so I'm not sure if I should be posting this here or as a new issue.

• Sequel Ace Version: 2.1.0, build 2042
• macOS Version: 10.15.5 (Catalina)
• MySQL Version: MySQL 8.0.16
• Using Local by Flywheel

Description
Sequel Ace can't connect to MySQL using socket located at /Users/{USERNAME}/Library/Application Support/Local/run/{SITEID}/mysql/mysqld.sock

Steps To Reproduce

1. Install Local by Flywheel
2. Create custom site
3. Turn on site
4. Setup connection with socket, user and password are both root -
   
5. Try to connect

Expected Behaviour
It should connect successfully.

Additional Context

The exact same connection settings work fine in Sequel Pro thought the tables don't render properly once connected. I have two theories about why this isn't working.

1. The socket and database are located in a user directory rather than a directory that is accessible system-wide.
2. The full path has a space in it between "Application" and "Support". I've tried adding a backslash before the space to escape it, but that didn't seem to help at all.

[Jason-Morcos]

@brandondove Yup it's the same issue. The issue is that Sequel Ace is sandboxed and can't access any socket. Nothing to do with your specific setup. We're trying to find a workaround, but the app has to be sandboxed to be available on the App Store.

[jb510]

We're trying to find a workaround, but the app has to be sandboxed to be available on the App Store.

TY. Incidentally, I figured that and tried granting Ace "Full Disk Access" in the Security & Privacy panel. Still wouldn't access the socket at ~/Library/Application Support/Local Beta/run/swgVOs0cS/mysql/mysqld.sock

This seems to explain all that, https://developer.apple.com/forums/thread/124895?answerId=390477022#390477022

I'll return to lurking and hoping for a solution to test

[CeoTang]

How can i fix this problem?

[njvack]

I suspect you could skip the sandboxing and just talk to the socket without any fuss (this was a very confusing experience for me!) by doing a non-MAS release (see also #58).

[jamesstout]

Indeed, we might have to use a file selector to select the socket, and use a bookmark... That would mean making that field mandatory.

I can't get the NSOpenPanel to display the socket file... it's there on the filesystem, not shown in the panel:

Quinn (The Eskimo) replied to my query: "Can NSOpenPanel ever show a socket? e.g. /tmp/mysql.sock?"

Doesn’t look like it. It makes sense that these are hidden because the sandbox extension it would issue to you app wouldn’t be helpful (because file sandbox extensions are for file operations, not for networking).

[GarrettAlbright]

This is kind of a bummer. I'd really like to finally have Sequel Pro in dark mode but I'd rather stick to just socket networking if possible.

Here's a workaround for MySQL installed with MacPorts.

1. Figure out what "MySQL" variant and version you actually have installed and running. In my case I have mariadb-10.1.

> port select --show mysql
The currently selected version for 'mysql' is 'mariadb-10.1'.

2. Edit the corresponding my.conf file at /opt/local/etc/{variant-version}/my.cnf. You will need root privileges (sudo).
3. Add the following:

[mysqld]
skip_networking=0
bind_address=127.0.0.1

4. Restart the server.

> sudo port reload {variant-version}-server

5. Set up a TCP/IP connection in Sequel Ace with Host set to "127.0.0.1". Other settings (excluding "Port") should be the same as what you had for your socket connection.

Note that if you want toi have multiple versions of MySQL running on your system concurrently, you'll need to add port={some number} with a different number for each version in step 3, and set the port number for each version in step 5.

Here's hoping Sequel Ace can get support for this worked out in the future. If it can't be done in the MAS sandbox, is a non-MAS release on the table?

[Jason-Morcos]

What's the benefit of using a socket exactly? Why not connect via TCP/IP? I know Sequel Pro was considering ditching socket pro support completely (as we may be forced to do as well).

Additionally, I have no desire to distribute both a sandboxed and non-sandboxed version of the app. That introduces a slew of issues for longterm support (supporting basically two apps instead of one). However, you can download the source code for Sequel Ace, disable the sandbox in Xcode, and build a custom build if you desire. I just think it's not sustainable long-term to support two different versions of the same app.

[Jason-Morcos]

@Sequel-Ace/maintainers I forget who, but someone contacted Apple about this. Have we heard anything from Apple?

[jamesstout]

@Sequel-Ace/maintainers I forget who, but someone contacted Apple about this. Have we heard anything from Apple?

I did but got nothing back.

[jamesstout]

Until we can figure out a better sandbox workaround for sockets, I believe it may be worth adding info on this workaround into the app (if you select socket, it pops up an alert explaining this process). Does that seem like it makes sense to you too, @jamesstout?

Done in #408 Please take a look @Jason-Morcos

[CeoTang]

It does not work on sequel ace, MySQL Workbench also fixed this problem

[Jason-Morcos]

It does not work on sequel ace, MySQL Workbench also fixed this problem

@CeoTang Have you tried the instructions in the documentation?
https://sequel-ace.com/get-started/

Unfortunately, due to sandboxing nature, Sequel Ace is not allowed to connect to the sockets which are out of the Sandbox. As a workaround, you can create a socket in ~/Library/Containers/com.sequel-ace.sequel-ace/Data and connect to it. This can be done by putting these lines to your MySQL configuration file (usually, my.cnf):

[mysqld]
socket=/Users/YourUserName/Library/Containers/com.sequel-ace.sequel-ace/Data/mysql.sock

[CeoTang]

It does not work on sequel ace, MySQL Workbench also fixed this problem

@CeoTang Have you tried the instructions in the documentation?
https://sequel-ace.com/get-started/

Unfortunately, due to sandboxing nature, Sequel Ace is not allowed to connect to the sockets which are out of the Sandbox. As a workaround, you can create a socket in ~/Library/Containers/com.sequel-ace.sequel-ace/Data and connect to it. This can be done by putting these lines to your MySQL configuration file (usually, my.cnf):

[mysqld]
socket=/Users/YourUserName/Library/Containers/com.sequel-ace.sequel-ace/Data/mysql.sock

it's because I'm using MAMP PRO. When I stop the SQL service, the mysql.sock will be gone.

[Kaspik]

Just checking - is this still an issue on 3.1.1?

[noseglid]

Yes it is.

[jamesstout]

Spent some time yesterday playing with STPrivilegedTask, and managed to write a CLI app that took a path (e..g. /tmp/mysql.sock) and requested and granted access to it (asking for password). It returns an AuthorizationRef struct. However, the app cannot be part of a sandboxed bundle. So we'd need a helper app to pass this auth back to SA to get access to the socket. I found some very oldddd code from Apple that shows how to install a helper app with a launchd plist etc.

Actually just found some updated code that uses XPC. Will check that out.

[Jason-Morcos]

Spent some time yesterday playing with STPrivilegedTask, and managed to write a CLI app that took a path (e..g. /tmp/mysql.sock) and requested and granted access to it (asking for password). It returns an AuthorizationRef struct. However, the app cannot be part of a sandboxed bundle. So we'd need a helper app to pass this auth back to SA to get access to the socket. I found some very oldddd code from Apple that shows how to install a helper app with a launchd plist etc.

Actually just found some updated code that uses XPC. Will check that out.

Awesome, @jamesstout!
You may also find these helpful -
#346
https://github.com/Sequel-Ace/XPC-Playground

[RodolfoGS]

I've a similar issue but connecting via SSH. Sequel Age Version 3.2.3 Build 3024

I tested Sequel Pro with the same config in the same machine and I can connect perfectly with Sequel Pro.

Anyone have idea that could be happening?

I keep the SSH Password empty to use my public/private keys from ~/.ssh/

[Jason-Morcos]

I've a similar issue but connecting via SSH. Sequel Age Version 3.2.3 Build 3024

I tested Sequel Pro with the same config in the same machine and I can connect perfectly with Sequel Pro.

Anyone have idea that could be happening?

I keep the SSH Password empty to use my public/private keys from ~/.ssh/

This is not related to this socket issue. Please post in a new issue if you're having issues instead of attaching onto an unrelated issue :)

Sequel Pro could magically pull keys and access from your .ssh dir, but Sequel Ace cannot as Sequel Ace is sandboxed. Please either select your SSH key in the SSH Password area, or grant Ace access to your ssh config in the app's preferences and grant ace access to the keys in the files section of Ace's preferences. The website may be helpful for help here - https://sequel-ace.com/get-started/ (see "Sequel Ace doesn’t read my ~/.ssh/config parameters.")

[CaddyDz]

@RodolfoGS click the key icon next to the password field and select your private ssh key

[mario-fehr]

@jamesstout @CaddyDz Was already answerd here #968

[benlieb]

Has this been solved?

[fitzyjoe]

I can't connect via socket. There was a popup that appeared telling me to add configuration to my.cnf. I did that and restarted and the sock file appeared in the new location. Sequel Ace still could not connect.

[fitzyjoe]

I connected via TCP to localhost.

[al404]

MacOS Monterey 12.1
MAMP 6.6

I can connect only via TCP / IP but remember in MAMP to enable on MySQL tab "Allow network access to MySQL" on mine was disable since MySQL Pro did work via socket

[ayakaida]

Mac Monterey 12.3.1
Apple Silicon M1 , 2020
Sequel Ace Version 3.5.2
MAMP PRO 6.6.2

I had the same issue but it has been solved once I checked 'Allow network access to MySQL' (Only from this computer) in MAMP > SERVERS & SERVICES > MySQL. According to the Information tooltip, Sequel Ace requires this setting

[designosis]

I'm running the latest MAMP PRO and latest Sequel Ace on MacOS Monterey 12.6.1.
None of the above does anything for me. I can connect via SSH but not via SOCKET.

ANY tips would be most welcome, sockets are SO much faster for me than SSH (even locally).

[yugaego]

Summing up the current state of things according to my experience on macOS Ventura 13.4 with Sequel Ace Version 4.0.5 Build 20046 (and Macports mysql8-server 8.0.33 installation).

The documented workaround writing a socket file to the container

# sudo vim /opt/local/etc/mysql8/my.cnf
[mysqld]
 socket=/Users/YourUserName/Library/Containers/com.sequel-ace.sequel-ace/Data/mysql.sock

resulted in the following MySQL error:

[ERROR] [MY-010273] [Server] Could not create unix socket lock file
 /Users/user/Library/Containers/com.sequel-ace.sequel-ace/Data/mysql.sock.lock.

The error is most probably caused by _mysql user/group permissions not matching the container's ones. Anyway, instead of fixing permissions, I preferred to follow a solution enabling TCP/IP access suggested earlier.

So, after adding the following options (documented here):

# sudo vim /opt/local/etc/mysql8/my.cnf
[mysqld]
skip-networking=OFF
bind-address=127.0.0.1

and restarting mysqld service, connection via TCP/IP with Sequel Ace was established successfully.

Related notes:

• Providing Full Disk Access in Privacy & Security Settings to Sequel Ace doesn't affect the behavior.
• MySQLWorkbench allows to connect via default socket.