It still had the quarantine attribute in the Applications folder.īug Code Signing Finder Gatekeeper Hazel Mac Mac App macOS 11. Update (): A customer recently found that one of my apps had been unexpectedly translocated, despite being notarized and distributed on a signed disk image. When they try to launch the app, macOS reports it as damaged even though everything except that xattr is fine. They drag and drop the app to their Applications folder, but Finder doesn’t clear the xattr for some reason. I’ve also seen a lot of customers with quarantine issues lately. These are all issues related to the static structure of the app bundle so it seems like they should be detectable. Lastly, none of the tools or processes in place ( codesign, spctl, notarization) catch these cases. Note that unlike when a user launches an app from Finder where they will be asked to run the app, a login item helper will fail to launch without any prompt. ![]() ![]() When the user copies an app, like say from a disk image to /Applications, the quarantine flag should be cleared for the app and everything inside but for some reason it was not clearing it for the embedded binaries. Logs from users showed that the quarantine flag was still set on the helper and that was preventing it from being run. It’s my understanding that if an app and its containing dmg is signed and notarized, it shouldn’t be translocated. Why was Hazel being translocated? I’m still not sure. Hazel is unaware of this and as a result, doesn’t run the installer. It makes a major change to how you use Hazel in that it will no longer be a preference pane. When translocated, the binary is no longer on the disk image, instead it is copied to a temp location on disk. Strangely enough, that person didn’t receive the “Unidentified developer” error alert. I had various users send in logs, but it was only when someone found a log message pertaining to the rpath for one of the binaries in the bundle that I was able to identify the problem. The biggest problem at launch was some users getting an “Unidentified developer” alert when opening the dmg.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |