Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
Sequoia 15.1 now hard-locks out any app that is not approved by Apple, including a bunch of my old and well used utilities. They can be made to run by hacking underneath in BSD, but the situation is unsatisfactory for a computer that I consider is MINE.

So, fortunately, I had taken my Studio - still on Sonoma 14.6 - offline for a couple of weeks while doing some rework in the cave, so stuff still works.

So, for those who have upgraded to 14.7.1, are the new security limits also in that update?
 

Fishrrman

macrumors Penryn
Feb 20, 2009
29,193
13,247
OP wrote:
"Sequoia 15.1 now hard-locks out any app that is not approved by Apple, including a bunch of my old and well used utilities."

Disable System Integrity Protection
and
Disable Gatekeeper
and then
... the apps will run.

You need to boot to recovery to disable SIP.

You can disable Gatekeeper easily.
Open terminal
Enter:
sudo spctl --master-disable
hit return
Enter your password when requested (you WILL NOT SEE IT as you type it out).
Reboot

Now try opening the un-openable apps again...
 

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
Ok. Take an app like Seamonkey. A independent browser that has a great build HTML feature. I use it all the time for documents. When I installed the update 15.1, it would no longer open. And by that , I mean NOT AT ALL. The Open Anywhere option in Settings is gone. Right clicking will not now allow for bypassing gatekeeper. I can hack it from underneath inside of BSD, but that is a pain. So I dropped back to Sonoma and am sitting at 14.5. I am wanting to know if the Sonoma 14.7.1 also has the non-developer app install no-no.
 

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
OP wrote:
"Sequoia 15.1 now hard-locks out any app that is not approved by Apple, including a bunch of my old and well used utilities."

Disable System Integrity Protection
and
Disable Gatekeeper
and then
... the apps will run.

You need to boot to recovery to disable SIP.

You can disable Gatekeeper easily.
Open terminal
Enter:
sudo spctl --master-disable
hit return
Enter your password when requested (you WILL NOT SEE IT as you type it out).
Reboot

Now try opening the un-openable apps again...
Already did that and it worked, but is a horrible hack. And even then, the apps do not run by clicking the icon. The binary has to be dropped into a terminal to start.
 

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
I'm on 14.7.1 and all my apps (many old non-approved apps) work as they always have.
Ok. Thanks. That was what I was hoping. At least I can stay current one version back for a while until I get this figured out.
 

Nermal

Moderator
Staff member
Dec 7, 2002
20,987
4,563
New Zealand
What do you think you mean by "hard-locks out"?
I think romanof is talking about this issue. I believe it affects SeaMonkey.

You can disable Gatekeeper easily.
Open terminal
Enter:
sudo spctl --master-disable
hit return
Enter your password when requested (you WILL NOT SEE IT as you type it out).
Reboot

Now try opening the un-openable apps again...
I'll have to try this.
 

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
It (sudo spctl --master-disable) does not work. It adds the "Anywhere" option under Privacy & Security, but doesn't fix the error.
Correct. The hack does not restore normal execution. After the sudo command has made the Anywhere option appear, go to the Applications folder (or wherever your app is), right click on the bundle of your app, find the binary, then copy and paste it into a terminal, then execute it with enter. A PITA, but it works if you have a critical app that you have to get running.

Thanks for nothing, Apple.
 

Nermal

Moderator
Staff member
Dec 7, 2002
20,987
4,563
New Zealand
Correct. The hack does not restore normal execution. After the sudo command has made the Anywhere option appear, go to the Applications folder (or wherever your app is), right click on the bundle of your app, find the binary, then copy and paste it into a terminal, then execute it with enter. A PITA, but it works if you have a critical app that you have to get running.

Thanks for nothing, Apple.
You don't need to do the spctl command first: apps still run from Terminal without doing that. At least, OpenSCAD does.
 

n-evo

macrumors 68000
Aug 9, 2013
1,906
1,723
Amsterdam
Ok. Take an app like Seamonkey. A independent browser that has a great build HTML feature. I use it all the time for documents. When I installed the update 15.1, it would no longer open. And by that , I mean NOT AT ALL. The Open Anywhere option in Settings is gone. Right clicking will not now allow for bypassing gatekeeper. I can hack it from underneath inside of BSD, but that is a pain. So I dropped back to Sonoma and am sitting at 14.5. I am wanting to know if the Sonoma 14.7.1 also has the non-developer app install no-no.
In System Settings > Privacy & Security an "Open Anyway" button should appear with the app name when you to try to open unsigned apps. I just tried it with the audio converter app XLD. It's unsigned and opens just fine on macOS Sequoia 15.1 once I gave it permission through said route. Just to make things clear: that doesn't work for you?

PS I haven't disabled System Integrity Protection or Gatekeeper.
 
  • Like
Reactions: kitKAC

galad

macrumors 6502a
Apr 22, 2022
602
488
Sequoia is not locked in any way more than Sonoma. You just have to click the "Open anyway" button in System Settings.

 

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
Your are not listening. Sequoia is like Sonoma, yes. Sequoia 15.1 is not. Move back to 15.0, it works. Add the point one update, goodby third party unapproved programs.
 

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
In System Settings > Privacy & Security an "Open Anyway" button should appear with the app name when you to try to open unsigned apps. I just tried it with the audio converter app XLD. It's unsigned and opens just fine on macOS Sequoia 15.1 once I gave it permission through said route. Just to make things clear: that doesn't work for you?

PS I haven't disabled System Integrity Protection or Gatekeeper.
No. Clicking on any program icon that is not approved just got the "Null" popup. One single time I got a pop-down under the Open Anyway that gave some message about the app not opening, but have not seen one since.

I can't try it now, as I have reset back to 14.
 

Sciuriware

macrumors 6502a
Jan 4, 2014
757
164
Gelderland
No. Clicking on any program icon that is not approved just got the "Null" popup. One single time I got a pop-down under the Open Anyway that gave some message about the app not opening, but have not seen one since.

I can't try it now, as I have reset back to 14.
Is there a way to find out if a 3rd party app is signed (or acceptable for 15.1)?
Can you see it?
;JOOP!
 

romanof

macrumors 6502
Original poster
Jun 13, 2020
361
387
Texas
Probably is, but I don't know. My production system is almost set in stone. I almost never download anything new and the problem never came up before.

However, I have a question for those in the know. Since the new 15.1 does not lock out programs built by the user of that system (yet!), is there a way to spoof Macos into thinking that an old and useful utility was made by myself? I tested my own stuff. All of my self-made Perl, Ruby, C and so-forth programs load and run fine on 15.1, and I certainly did not register or buy certificates for them.

In other words, what is the difference between an open source program that is downloaded ready-to-go, and the same program if I take the available source and recompile it on my computer. (That is certainly a legal option with open source.)

???

Edit: After thinking about it... MacOs will say, "This app was downloaded from the Internet...Bla Bla" It sits in a folder beside apps that I have written and those are considered to be fine and safe. How does the OS know the difference? A metafile attachment in the bundle?
 
Last edited:

Sciuriware

macrumors 6502a
Jan 4, 2014
757
164
Gelderland
Probably is, but I don't know. My production system is almost set in stone. I almost never download anything new and the problem never came up before.

However, I have a question for those in the know. Since the new 15.1 does not lock out programs built by the user of that system (yet!), is there a way to spoof Macos into thinking that an old and useful utility was made by myself? I tested my own stuff. All of my self-made Perl, Ruby, C and so-forth programs load and run fine on 15.1, and I certainly did not register or buy certificates for them.

In other words, what is the difference between an open source program that is downloaded ready-to-go, and the same program if I take the available source and recompile it on my computer. (That is certainly a legal option with open source.)

???
All my programs were written in JAVA, so, the JDK catches any scrutinising from macOS.
The downside of this construct was that any program lacked directory/network access since BigSur.
Well, some 40 year ago I wrote my own stage manager program (~~ Windows3 Program Manager)
to start all the others, but that program has to be started by Terminal.app, automatically starting on
a custom ~.zshrc and set as Login Item.
Then Terminal.app collects all the Permissions for any other JAVA program.

Next: my 'stage manager' also starts any other application or utility, APPLE or 3rd party.
So, maybe that construct could bypass the 15.1 restrictions (what's in a name).
Or not ...

I'm afraid to try it out.
;JOOP!
 

Nermal

Moderator
Staff member
Dec 7, 2002
20,987
4,563
New Zealand
Is there a way to find out if a 3rd party app is signed (or acceptable for 15.1)?
Can you see it?
;JOOP!
I ended up doing a "Select All", "Open" in my Applications folder*. Out of 137 apps in there, 135 opened successfully and two (OpenSCAD and Sears) did not. I don't use SeaMonkey or Matlab but apparently they don't work either.

*I didn't realise how many apps I had that "take over" the system until I tried that! I do not recommend doing it.
 

Sciuriware

macrumors 6502a
Jan 4, 2014
757
164
Gelderland
I ended up doing a "Select All", "Open" in my Applications folder*. Out of 137 apps in there, 135 opened successfully and two (OpenSCAD and Sears) did not. I don't use SeaMonkey or Matlab but apparently they don't work either.

*I didn't realise how many apps I had that "take over" the system until I tried that! I do not recommend doing it.
OK, that's the hard way.
Is there a 'soft' way, preferred on 14.x?
;JOOP!
 

p33t3r

macrumors newbie
Sep 21, 2021
14
6
I'm also on 15.1 on now, and I used the terminal command from a previous post - sudo spctl --master-disable
Having done that I got a prompt that told me to go into System Settings and change the Gatekeeper setting there, to "Allow apps from - anywhere" or words to that effect, and now everything's back to normal. No safe mode or disabling SIP needed.
 
  • Like
Reactions: Fishrrman

IvyKing

macrumors member
Aug 31, 2024
75
76
Cardiff, CA
I don't use SeaMonkey or Matlab but apparently they don't work either.
Good to know, I've been mulling over getting Matlab (home license is very reasonable), but will probably need to keep a machine running Sonoma for a while. The roadmap for Matlab does not show any support for Sequoia - suggesting that Mathworks may be giving up on supporting the MAC.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.