macOS 15.1 completely removes ability to launch unsigned applications

[bogdanw]

That's an older version, 20231214, and it too has an expired certificate.

The version 20231214 (6) from https://download.silicondust.com/hdhomerun/hdhomerun_mac_20231214.dmg
has a valid certificate.

I'm running version 20240708, installed via the App Store last July, and the certificate expired last August.

The AppStore version 20240708 (11) has an expired certificate, but works in Sequoia 15.1.

 

[Nermal]

Now I'm wondering if Sequoia will complain about unsigned binaries (as opposed to app bundles).

We've been able to work around the unsigned bundle issue by running the binaries directly... at least for now.

 

[Grumpus]

The version 20231214 (6) from https://download.silicondust.com/hdhomerun/hdhomerun_mac_20231214.dmg
has a valid certificate.

Thanks. I downloaded that dmg this morning and used pkgutil+cpio to extract the the app, and the signature was expired. After seeing your reply, I did the same thing again and the signature is ok. I must've misplaced my mind, temporarily I hope.

The AppStore version 20240708 (11) has an expired certificate, but works in Sequoia 15.1.

Ok in Sonoma too, it's what I run more-or-less daily.

 

[Grumpus]

We've been able to work around the unsigned bundle issue by running the binaries directly... at least for now.

Thanks for that. Some days I produce a lot of throwaway binaries (for reasons) and it would be pain in the arse to have to sign them.

 

[fmaione]

Same problem affects also .webarchive files created on Safari on iOS 18.1: if I save a web page in this format on my iCloud account, there is no way to open it on macOS, throws same security warning. Any way to self-sign it?

 

[Kingcoherent]

What the actual ****???!

 

[Kingcoherent]

This is actually outrageous.

 

[Kingcoherent]

What the actual ****???!

Came here to MacRumors to confirm after watching this:

How does this impact Various development tools? Guess I’ll find out soon enough.

 

[Paradoxally]

It doesn't, that's a clickbait video.

 

[bogdanw]

In my opinion, it’s a Sequoia bug.
Apple fixed CVE-2024-44270 and CVE-2024-44280 in Sequoia, Sonoma and Ventura, but only Sequoia gives this error.

"AppleMobileFileIntegrity
Impact: An app may be able to modify protected parts of the file system
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2024-44280"
"AppleMobileFileIntegrity
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved validation.
CVE-2024-44270"
https://support.apple.com/en-us/100100

If you want to learn something about macOS from YouTube
"Dirty Bin Cache: A New Code Injection Poisoning Binary Translation Cache"

 

[bogdanw]

Same problem affects also .webarchive files created on Safari on iOS 18.1: if I save a web page in this format on my iCloud account, there is no way to open it on macOS, throws same security warning. Any way to self-sign it?

That might be just an iCloud issue. Get the webarchive files out of iCloud onto your Desktop or other local folder and try to open them.

 

[dmrowley]

nermal wrote in #10 above:
"OpenSCAD is the one I had trouble with. Choosing "Anywhere" was not sufficient to get it working."

I'm typing this on a 2018 Mini that's still using Mojave (OS 10.14.6).
SIP is disabled.
Gatekeeper is turned completely off (open apps from anywhere selected).

I downloaded "OpenSCAD" using the link in reply 10 above.
If I try to launch it, I get this:
View attachment 2446325
(I could not try the "Sentinel" app mentioned above because it won't run on OS 10.14)

I'm not a programmer or coder.
But this indicates to me that the problem is not localized in OS 15.1.
Same problem 'way back in OS 10.14 ...

for OpenSCAD, I did find that you can open it through the terminal. You need to go into the MacOS folder in the .app and launch from there. See screenshot. Launching with the ampersand launches it as its own process so you do not need to keep the terminal open.

 

[bogdanw]

for OpenSCAD,

You can sign the app you already have or download the signed version released by the developers.
https://forums.macrumors.com/thread...permission-to-open-null.2441374/post-33535657
Signed OpenSCAD 2021.01 https://files.openscad.org/signed/OpenSCAD-2021.01.dmg
from https://github.com/openscad/openscad/issues/880

 

[workerbee]

Same problem affects also .webarchive files created on Safari on iOS 18.1: if I save a web page in this format on my iCloud account, there is no way to open it on macOS, throws same security warning. Any way to self-sign it?

Just had this hit me – a webpage saved in Safari iOS as webarchive to icloud drive can't be opened in Safari macOS 15.2, no matter if it's saved in iCloud Drive or copied to some folder on the local SSD (copying to Desktop is impossible).

Preview works and I can read the article, and it's also indexed by Spotlight, but so far no way to actually open it.
Anybody found a workaround? That's one of the sillier bugs / restrictions by Apple, iMHO.

(And since I'm here complaining: does anybody know of a good little program to organise and view webarchive files?)

 

[bogdanw]

Just had this hit me – a webpage saved in Safari iOS as webarchive to icloud drive can't be opened in Safari macOS 15.2, no matter if it's saved in iCloud Drive or copied to some folder on the local SSD (copying to Desktop is impossible).

Manually remove the quarantine attribute

xattr -d com.apple.quarantine /path/to/file.webarchive

 

[workerbee]

Manually remove the quarantine attribute

xattr -d com.apple.quarantine /path/to/file.webarchive

Ah, so the workflow on MacOS is

• see interesting content in Safari
• hit export button, select «save as webarchive», save to iCloud Drive
• try to open/read file
• see idiotic Apple warning
• go to Shell, find name of file, do some silly xattr mumbojumbo
• open / read file

While on the much more closed and secure iOS it is

• see interesting content in Safari
• hit export button, select «save as webarchive», save to iCloud Drive
• open/ and read file with no warnings whatsoever

Thanks for the suggestion, but these hoops are not for me. I'm of an age that still remembers «it just works».

 

[bogdanw]

Thanks for the suggestion, but these hoops are not for me. I'm of an age that still remembers «it just works».

That age ended when iCloud started. Instead of webarchive, you could try PDF.

 

[workerbee]

Is there a valid reason webarchives are treated like apps in MacOS but apparently not in iOS, or is it just that everyone at Apple has to work on including AI dreck in as many apps and OS corners as possible to satisfy Apple's real customer base (ie Wall Street)?

 

[galad]

Probably because they can contain and run javascript or wasm. Anyway, it would be good to send a feedback about it in the Feedback Assistant app.

 

[Change Agent]

Thanks! I had a problem after updating to OS15.2 from OS14.x with an application called VVV. Your script fixed it.

 

[osplo]

OpenSCAD and SeaMonkey have no signatures.
If you are referring to HDHomeRun from https://www.silicondust.com/support/downloads/ it works in Sequoia 15.1.

Here is what happens with SeaMonkey and an updated version of the AppleScript above in action
View attachment 2446542

set theApp to choose file with prompt "Please select an application:" of type {"app"}
set appPath to POSIX path of theApp
try
    set QuAtt to "Quarantine attribute:" & return & (do shell script "xattr -pl com.apple.quarantine " & quoted form of appPath)
on error
    set QuAtt to "Quarantine attribute not present"
end try
try
    set SignStat to "Signing ststus:" & return & (do shell script "codesign -dv " & quoted form of appPath & " 2>&1")
on error
    set SignStat to "Signing ststus:" & return & "the application is not signed at all"
end try
display dialog QuAtt & return & SignStat & return & "Would you like to" buttons {"Don't Continue", "Continue"} default button "Continue" cancel button "Don't Continue"
set theQuestion to display dialog "Would you like to" buttons {"Remove quarantine attribute", "Self-sign the app", "Remove quarantine & Self-sign"} default button "Self-sign the app"
set theAnswer to button returned of theQuestion
if theAnswer is equal to "Remove quarantine attribute" then
    do shell script "xattr -rd com.apple.quarantine " & quoted form of appPath
end if
if theAnswer is equal to "Self-sign the app" then
    do shell script "codesign --remove-signature " & quoted form of appPath & "; codesign --force --deep --sign - " & quoted form of appPath
end if
if theAnswer is equal to "Remove quarantine & Self-sign" then
    do shell script "xattr -rd com.apple.quarantine " & quoted form of appPath
    do shell script "codesign --remove-signature " & quoted form of appPath & "; codesign --force --deep --sign - " & quoted form of appPath
end if
set theQuestion2 to display dialog "Operation completed." & return & "Would you like to open the app?" buttons {"Yes", "No"} default button "Yes" cancel button "No"
set theAnswer2 to button returned of theQuestion2
if theAnswer2 is equal to "Yes" then
    do shell script "open -a " & quoted form of appPath
end if

Thanks so much!