4.2 LTS Rigify | CloudRig Security Prompt regarding 'cloudrig.py', and 'rig_ui.py'. #158
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
System Information
Operating system: macOS Sonoma 14.5
Blender Version:
CloudRig Version: 2.1.9; Rigify Version: 6.10
Short description of error
Blender prompts a security warning when opening a saved file, when generating CloudRig or Rigify armature in that file. The prompt indicates: "For security reasons, automatic execution of Pythons scripts in this file was disabled: cloudrig.py". The same warning for 'rig_ui.py'.
Although the prompt was discovered while in the process of rigging a mesh (character) using Rigify, a mesh is not required for said security warning to appear. And is regardless of rigging method.
Exact steps for others to reproduce the error
Generate CloudRig and Rigify, preferably is separate files.
Save file. Whereupon you can open the file via your OS keyboard shortcuts.
Alternatively, after saving file; quit and relaunch Blender, and open that saved file, whether through the splash screen or File menu.
Hey there. Basically all rig generation add-ons generate a script file that then gets attached to the armature, to draw some custom UI in the sidebar (N-panel). The same is true for CloudRig, which draws the CloudRig panel. Since Blender doesn't know what this code is, you get a warning before executing it. You can decline it, and then the rig UI won't appear, but the rig will otherwise work as normal. This warning has existed for as long as I've used Blender. There's a user preference to allow all scripts to always run though. The risk is that if somebody wanted to package malicious Python code with a .blend file, they could.
Hi. Thank you for the clarification in regards to the warning with CloudRig script. Good to know the armature will still function.
Now that you mention it, I do remember seeing similar warning years ago. Though I can't remember if it was with a Blender built-in add-on, or market add-on.
Since the Introduction of Blender's Extension, perhaps Blender's developed Extensions include allowing to run such scripts respectively, rather than the global permission. More often than not, Blender's own Extensions can be trusted I would think. Something to consider.
Thank you for your time.
Cheers! Yeah, extensions themselves are actually trusted to an extent, although you still have to give Blender explicit permission to go online, but that's it. The trouble with scripts that are loaded into the text editor is that Blender doesn't have any way of ever knowing if that script was created by an extension or not. So it has no choice but to ask for permission like this. But of course the benefit from the extension's perspective of loading a script into the text editor is that those scripts will then work without the user having to install an extension. This was especially important in the past, when installing add-ons was more of a hassle than now. I wouldn't be too surprised if in the future more riggers and rigging systems would omit loading a script into the text editor, and instead simply ask users to install the necessary extension for the rig UI to show up. But for now, I'll stick with the old ways.