Hi Eliot
On 6. Jul 2022, at 18:32, Eliot Miranda eliot.miranda@gmail.com wrote:
On Tue, Jul 5, 2022 at 10:08 PM Tobias Pape Das.Linux@gmx.de wrote: Hi Eliot
On 6. Jul 2022, at 00:24, Eliot Miranda eliot.miranda@gmail.com wrote:
[...]
I'm not using the DMG. I downloaded the all-in-one, and moved it.
judging from the path below, yes you moved it, but not _out of_ anything in ~/Downloads ...
Yes I did. My downloads folder is ~/Downloads. My Squeak folder is ~/Squeak.
That's why I said "judging from the path below". Sorry, I may have be misled by the Squeak6 in this one: ==
Squeak$ xattr -l Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak com.apple.quarantine: 0083;62c487a3;Safari;2D1FCF49-69DA-447C-BA51-16CC663654C4
==
I thought this Squeak6 was below ~/Downloads, as you indicated there was a Squeak6 in ~/Downloads
But I now see that the Quarantine UUID is different....
Safari downloaded Squeak6.0-22101-64bit-All-in-One.zip to Dowenloads, unpacked it to ~/Downloads/Squeak6, and moved the zip to the trash folder (~/.Trash) I moved Squeak6 to Squeak ($ mv ~/Downloads/Squeak6 ~/Squeak) and ran it there.
Ahh did you really do mv or did you drag-n-drop via finder? The first one won't remove the quarantine, the second one will. Apple's choice
Look, the issue isn't whether I can do the right thing or not. The issue is that new users on the Mac will download via the website, likely just as I did, and they will get something that doesn't work. So instead of telling me what the right thing to do is, update the Web site so that people going there can do the right thing.
Look the issue is that Apple wants all developers to jump on the App/Sandbox-bandwagon and make handwaving security claims as to why things we do is scary.
They only support exactly one workflow: - Download - (maybe open DMG or extract zip) - Drag-and-drop the thing to Somewhere else - run.
For any other workflow it is extremely likely to trip of Gatekeeper and its translocation.
We Cant Change that.
What we can do is: - DO not offer the AIO anymore - Force users to use the DMG - and somehow force users to move the App out of the DMG (remember the fancy background images with arrows to indicate you should drag-n-drop the newfangled program to the /Applications folder?)
Sorry, Apple seems to hate people that do not stick to the One Workflow™
Best regards -Tobias
In that case, I really wonder what's going on. Can you give me the output of
ls -le@ Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
Squeak$ ls -le@ Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak -rwxr-xr-x@ 1 eliot staff 4100688 Jul 4 16:30 Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak com.apple.quarantine 57
This quarantine will trip of Translocation
Squeak$ ls -le@ Squeak6/Squeak6.0-22101-64bit-All-in-One.app total 0 drwxr-xr-x@ 10 eliot staff 320 Jul 4 16:32 Contents com.apple.quarantine 57
xattr -l Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak
Squeak$ xattr -l Squeak6/Squeak6.0-22101-64bit-All-in-One.app/Contents/MacOS/Squeak com.apple.quarantine: 0083;62c487a3;Safari;2D1FCF49-69DA-447C-BA51-16CC663654C4
Squeak$ xattr -l Squeak6/Squeak6.0-22101-64bit-All-in-One.app com.apple.quarantine: 0083;62c487a3;Safari;2D1FCF49-69DA-447C-BA51-16CC663654C4
xattr -l $PATH_OF_THE_DOWNLOADED_THING
xattr -l ~/Downloads/Squeak6 com.apple.quarantine: 0083;62c4b913;Safari;90386985-D5B9-4492-AF0B-766931630126
Squeak$ xattr -l ~/Downloads/Squeak6/Squeak6.0-22101-64bit-All-in-One.app com.apple.quarantine: 0083;62c4b913;Safari;90386985-D5B9-4492-AF0B-766931630126
Same.
Can you please try again:
- unzip
- move the AIO somewhere _not_ below ~/Donwloads a
and check that xattr or ls -le@ on the binary do not contain the quarantine?
please?
(this is unavoidable.)
Have you got a pointer to the relevant documentation?
Apple is scarce on any usable stuff lately…
Do I have to duplicate the Squeak6 directory?
you should not, if you moved stuff, macOS should have disabled translocation -.-
Lapcatsoftware has old info: https://lapcatsoftware.com/articles/app-translocation.html
Here's someone avoiding translocation via some exploit, hence not recommendable: https://www.synack.com/blog/untranslocating-apps/
Forum says signing the dmg or bundle helps (https://developer.apple.com/forums/thread/133743): "
Another solution is to sign the .dmg file too, that should avoid app translocation if I remember correctly.
Right. "
This I can help with. We have to do this for Virtend. We sign both the app bundle and the DMG. I guess one can also sign a zip for the all-in-one (since one uploads a zip containing either the app bundle or the dmg).
Cool, maybe the signing helps. But let's first make sure the translocation does not happen when the fresh bundle is moved out of the "contaminated" location.
Best regards -Tobias
We probably have to be tighter in stuff, I just found a "howto":
- https://developer.apple.com/forums/thread/701581#701581021
- https://developer.apple.com/forums/thread/701514#701514021 (for signing or so…)
:( yay more work.
I have scripts etc. So LMK
Best regards -Tobias
thanks!
Best regards -Tobias
Best, Marcel
Am 05.07.2022 21:03:47 schrieb Eliot Miranda eliot.miranda@gmail.com:
Hi all,
apologies for raining on the parade. Here's what I get when I either launch the Squeak6 app bundle or drop an image on it. How can this be fixed? It's not a good default.
<image.png> _,,,^..^,,,_ best, Eliot