Gatekeeper - Permanently Resetting Quarantine

Discussion in 'macOS Sierra (10.12)' started by jdag, Oct 19, 2016.

  1. jdag macrumors 6502a

    Joined:
    Jun 15, 2012
    #1
    I have an odd situation that I've been able to work-around, but was hoping for a permanent solution. I am experimenting with an app. The other day I installed a beta version. However, when I uninstalled the beta and reinstalled the production version I was met with an error when trying to open it:

    “APPNAME” is damaged and can’t be opened. You should move it to the Trash.

    I did remove and re-download the app, rebooted, etc., but was still getting that same error. Eventually I found a command that did the trick and allowed me to open it:

    xattr -d -r com.apple.quarantine /Applications/APPNAME.app

    Just for kicks, and since I knew the fix, I uninstalled and re-installed again. And I was a bit surprised to get the damaged alert even though I had fixed it in the past. I re-ran the xattr command above and again it fixed the problem. But apparently this is a temp fix.

    Anyone know of a way to reset the quarantine permanently?

    Thanks in advance, John
     
  2. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #2
    The quarantine flag is unique for every object you download, even if the contents are identical to something you downloaded previously. What you are ‘fixing’ is removing the quarantine flag so that Gatekeeper won’t check the application.
     
  3. jdag thread starter macrumors 6502a

    Joined:
    Jun 15, 2012
    #3
    Thanks for the explanation...that makes sense.

    So, is there a way to remove the application from the list completely? I'd imagine that info is stored somewhere on my Mac!
     
  4. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #4
    Why would you want to remove it? There is no need for that. An entry only applies to a specific quarantine flag and since every flag is unique, it could not be used again for another object (unless you were copying the flag from one object to another).
     
  5. jdag thread starter macrumors 6502a

    Joined:
    Jun 15, 2012
    #5
    Actually...it does not appear to be unique for EVERY object. I re-downloaded the app again, so it was not the exact same object. It was the same app and same version, so maybe that's the issue?
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
  7. jdag thread starter macrumors 6502a

    Joined:
    Jun 15, 2012
    #7
    Sure...here are the steps I took to get to this point...

    1) Installed beta, allowed it via macOS Gatekeeper

    2) Uninstalled beta

    3) Installed production version, it installed properly, but when attempting to run it gave error that it was damaged with "“APPNAME” is damaged and can’t be opened. You should move it to the Trash."

    4) Used xattr -d -r com.apple.quarantine /Applications/APPNAME.app to fix

    5) Everything ran fine

    6) So as mentioned earlier, just because I was curious, I uninstalled the production version, downloaded the production version again from the vendor's site, and reinstalled it. I again was notified that it was damaged. I again used the xattr to fix it. I am just wondering if there was a way to permanently correct this problem because even though it is a different app file, it seems that there is some tie to the app itself being guarded by Gatekeeper.
     
  8. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #8
    As I said: every time you download something, e.g. via Safari, a unique quarantine flag will be added to the downloaded file. It does not matter whether you have downloaded that file before or if the contents are the same. The flag is always new and unique. When you open an application with such a flag, Gatekeeper will check it and ask for your approval. Once you accept it, it will add an exception for that specific flag to the database.

    I think what you are really asking is why Gatekeeper won’t allow you to open that program in the first place. The answer is: Gatekeeper concluded that the application has been tampered with. This happens when someone manipulated the contents of the application after it was signed and therefore broke the seal. If the application comes from a legitimate source, then you should contact the developer and tell them to fix it. If not, well… By removing the flag with that command you mentioned, you preclude Gatekeeper from checking it, hence it won’t warn you anymore about it and won’t stop you from opening either.
     
  9. jdag thread starter macrumors 6502a

    Joined:
    Jun 15, 2012
    #9
    I truly appreciate your help and input. And what you are stating is exactly what I would expect. However, that is not what is happening in my case. To give more info, the app is Kodi. When I initially installed, I used 1 of the "nightly builds" as opposed to the official build. That is seemingly what got me into this loop.

    You stated: "a unique quarantine flag will be added to the downloaded file. It does not matter whether you have downloaded that file before or if the contents are the same. The flag is always new and unique."

    What is happening: I am downloading a different file (albeit from the same source, but newly downloaded to my computer). Therefore, I would expect it to have a new and unique flag.

    You stated: "When you open an application with such a flag, Gatekeeper will check it and ask for your approval. Once you accept it, it will add an exception for that specific flag to the database."

    What is happening: After installing this newly downloaded file, I am able to install with no issue. Then when I try to run, Gatekeeper is giving me the error "“Kodi” is damaged and can’t be opened. You should move it to the Trash." The only options are Cancel and Move to Trash. It is not allowing me to accept it and add it as an exception.

    Gatekeeper did in fact prompt me and allow me to accept the nightly build version. It was only after uninstalling the nightly build and trying to install the production version that I ran into the issue.
     
  10. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #10
    Gatekeeper recognised that something is wrong with this particular application. That is why it won’t allow you to open it. You can try opening it by right-clicking and then selecting ‘Open’.

    Did you download all versions from here: https://kodi.tv/download/? I’ll have a look.
     
  11. jdag thread starter macrumors 6502a

    Joined:
    Jun 15, 2012
    #11
    Yes, I downloaded from that exact site. I downloaded the nightly build from http://mirrors.kodi.tv/nightlies/osx/.

    As mentioned, I think the installation of the nightly build is what caused this. It was after I uninstalled the nightly and re-installed the production version that the problem reared its head.

    And as also mentioned, I can get around it using the xattr command. It is just now a case of me "wanting to know".
     
  12. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #12
  13. jdag thread starter macrumors 6502a

    Joined:
    Jun 15, 2012
    #13
    Thanks rshrugged...and yes, KALLT has been great in helping!

    I did see that post, but I used the xattr method to get it working. The only way for me to test that codesign option would be to uninstall and reinstall again. Which is no biggie, and I might try, but was hoping someone knew why it was happening to begin with! I really am surprised that the Gatekeeper is persistent even after the deletion/re-download/reinstallation of the file.
     

Share This Page