[PD] loading non notarized externals in newer macOS (was: [hidraw] pre Deken release)
Lucas Cordiviola
lucarda27 at hotmail.com
Thu Oct 13 14:54:52 CEST 2022
How about a tcl-plugin (available from deken) that is reusable instead
of a script per lib.
Something that you open and choose folder(s) to recursively circumvent
the quarantine in all binaries found. One has to provide the sudo
password in a pop-up dialog.
This plugin can also be part of deken or can be called by deken.
--
Mensaje telepatico asistido por maquinas.
On 13/10/2022 04:39, Dan Wilcox wrote:
> One option is to directly circumvent the app/binary quarantine
process. Essentially, you can remove the quarantine flag manually:
>
> sudo xattr -r -d com.apple.quarantine path/to/MyApp.app
>
> Print the current flags to check with:
>
> xattr path/to/MyApp.app
>
> I think this should work with dylibs as well.
>
> The externals could be shipped with an additional script for macOS
which users can run once to remove the compiled externals from
quarantine. There should be no more popups after.
>
> This does, however, open up possible attack vectors, but anything
more than what we already had before. I think it is a reasonable
approach to ask users to decide to run the script themselves, although
there will be added friction.
>
> On Wed, Oct 12, 2022 at 2:04 AM Alexandre Torres Porres
<porres at gmail.com> wrote:
>
> I'm still on old macs and I am not yet sure if my stuff is
working or not in new macs. I just updated ELSE btw, I am now wondering
if people can use it just fine or if it doesn't work or is a nightmare
(like asking every time if on external should be loaded).
More information about the Pd-list
mailing list