sveinbjornt/Sloth

“Sloth.app” can’t be opened because Apple cannot check it for malicious software.

nd7 opened this issue · 14 comments

nd7 commented

Trying to open the app following warning is shown.
image

I know the workaround - right click, open

It will be good to notarize and update the app so that this warning does not come up and user experience becomes better

mehas commented

I'm able to replicate in OSX v13.2.1

Same. I have Monterey 12.6.2 (21G320).

This is expected behaviour since the app is not notarized.

Unfortunately, I cannot use the known workaround due to policies enforced on my work laptop.
Notarizing if possible would make the difference for me.

@sveinbjornt Do you have a workaround or now how not fix that?

@nd7

Try opening Security and Privacy in system preferences after trying to open. You should see a button beneath the Allow apps downloaded from section of the pane.

Screen Shot 2023-02-22 at 2 43 40 PM

riclf commented

That's certainly how it was. On Ventura today, it looks different, as in my graphic, and unfortunately the "App Store and identified developers" selection is not the trick to do it. But in the Applications folder, if you right-click on sloth.app it gives the option to open it.

Screenshot 2023-02-22 at 2 36 57 PM

mehas commented

I have "App Store and identified developers" selected

if you right-click on sloth.app it gives the option to open it

Sadly, this still gives me the same warning, I am unable to open the app. Same problem with the "Open Anyway" button:

Screenshot 2023-02-23 at 10 19 54 AM

Result:

Screenshot 2023-02-23 at 10 13 20 AM copy

running OSX Ventura 13.2.1 (22D68)

@mehas Sloth is decidedly not from an unidentified developer. I reluctantly pay Apple their obnoxious $100 tax every year just to be able to sign my free software, incl. Sloth.

Screen Shot 2023-02-24 at 18 09 01

riclf commented
mehas commented

Thanks for the update @sveinbjornt I didn't mean to imply otherwise. Just hoping to help by describing how to reproduce the bug. (I've heard similar frustrations from other iOS devs.)

To fix it you just need to write this command in to the Terminal:

xattr -r -d com.apple.quarantine /Applications/Sloth.app/

And voilà!

Curious why not go ahead a notarize since the app is already signed? I think Xcode can notarize automatically but even if you have a custom build process it's not very hard to manually notarize using notarytool.

Here some simple shell example code for how to sign and notarize an app:

echo 'Code Signing App...'
codesign -fs 'Developer ID Application' -o runtime --strict [PATH TO APP]

echo 'Zipping App for Notarization...'
ditto -ckvV --keepParent [PATH TO APP] [PATH TO TEMPORARY ZIPPED APP]

echo 'Notarizing App...'
xcrun notarytool submit [PATH TO TEMPORARY ZIPPED APP] --keychain-profile [NOTARYTOOL APP-SPECIFIC PASSWORD NAME] --wait
rm -f [PATH TO TEMPORARY ZIPPED APP]

echo 'Stapling Notarization Ticket to App...'
xcrun stapler staple [PATH TO APP]

The "hardest" part is initially setting up the app-specific password for notarytool, but you can read about how to do that here:

PS. If Sloth (or any of your other apps) require entitlement exemptions for hardened runtime signing, that adds another little step to the process but still pretty simple. If that's the case I can share some example code for that as well.

@PicoMitchell Thank you for the feedback, sample code and links. I may look into this notarization business at some point in the future.

That being said, I have very limited time to work on these old macOS software projects of mine, time that is probably better spent improving them and fixing bugs rather than getting a headache working around Apple's disgusting and unconscionable gatekeeping, which is perpetually changing and getting more suffocating with every OS release. I'm already fuming over paying them 100 USD a year for the privilege of maintaining free, open source software.

Ctrl-click Open on the app isn't exactly rocket science, and most of my software is aimed at power-users who know this. The bad initial user experience is entirely on Apple and their attempt to slowly and surely push everything into the Mac App Store ... which I do not use and never will.