Is it possible to disable mac gatekeeper by extension? - macos

I want to be warned by Mac gatekeeper whenever I attempt to use an app for the first time that is not signed through the store. However, I'm having trouble using LibreOffice Vanilla by clicking on files with relevant extensions (eg .ods, .odt). It seems to consider each file a different app and I think needs me to authorize it individually. Double-clicking file yeilds '"myfile.odt” can’t be opened because it is from an unidentified developer.'
Right-clicking and using Open with ... LibreOffice Vanilla yeilds:
'"myfile.odt” is from an unidentified developer. Are you sure you want to open it?'
I don't find the 'help' at https://support.apple.com/en-ca/HT202491 helpful. How can I configure OS X so it lets me open LibreOffice files with a double-click yet still have GateKeeper check other new applications that are not signed?

You can bypass gatekeeper if you select a file type to "always open with" a certain type of program. Other programs that are not of this type will still invoke gatekeeper, so you won't have the security issues. So if you set your .odt file type to always open with libreoffice, the issue should go away.
See this:
https://apple.stackexchange.com/questions/193233/gatekeeper-wont-let-libreoffice-open-csv-files

Related

How is "Open with" on macOS populated internally?

I know I can associate my application with a certain extension by editing the Info.plist file in my app bundle:
...
<key>CFBundleTypeExtensions</key>
<array>
<string>myext</string>
</array>
While this works, my "Open with" list gets littered with duplicate entries of the different versions of the application I'm developing on that machine. There are even entries for really old versions that I've never opened on that very computer! (It's a new machine being synced with Dropbox so there are older releases in my file system.)
It seems as macOS would scan for app bundles even outside of /Application and adds all applications it finds to "Open with". A workaround is to reset the "Open with" list with this command I found somewhere here on SO I think:
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -r -domain local -domain user;killall Finder
How is the "Open with" list populated internally? Is macOS really scanning my drive looking for Info.plist files with CFBundleTypeExtensions entries? And is there any way to avoid having my "Open with" list littered with older versions other then deleting (or zipping) them?
NB: I'm not using Xcode but build my application on the command line using the clang compilers and creating Info.plist by a bash script.
How is the "Open with" list populated internally? Is macOS really
scanning my drive looking for Info.plist files with
CFBundleTypeExtensions entries?
I think so, yes. Check the documentation for Launch Services, specifically the section "Application Registration". Specifically, the OS can find your app and register is in the following ways:
A built-in background tool, run whenever the system is booted or a new
user logs in, automatically searches the Applications folders in the
system, network, local, and user domains and registers any new
applications it finds there. (This operation is analogous to
“rebuilding the desktop” in earlier versions of Mac OS.)
The Finder
automatically registers all applications as it becomes aware of them,
such as when they are dragged onto the user’s disk or when the user
navigates to a folder containing them.
When the user attempts to open
a document for which no preferred application can be found in the
Launch Services database, the Finder presents a dialog asking the user
to select an application with which to open the document. It then
registers that application before launching it.
And is there any way to avoid having my "Open with" list littered with older versions other then deleting (or zipping) them?
I'm not sure about that part. Probably not, although it seems like once you reset the Launch Services database using the command in your question, the old versions shouldn't get added back to the Open With list unless you are doing something to trigger getting re-added. Is that the case?

Why is my application marking a binary as quarantined?

My (sandboxed) OSX application is trying to launch biber (a bibliography tool for LaTeX). However it fails to launch and I get the following message saying that the application has marked biber as quarantined in Console.App.
25/03/2013 16:44:15.000 kernel[0]: exec of /private/var/folders/s1/70f5my9n6wq0_kk7bcxjslhh0000gn/T/com.abc.XYZ/par-64756e63616e737465656c65/cache-ef42c8d5d44e40bdd24828b0ae70de275e379c88/biber denied since it was quarantined by XYZ and not approved by Gatekeeper, qtn-flags was 0x00000002
This does not happen with any of the other binaries invoked by the application.
This application has an active SSB for the whole harddrive so there are no issues launching, or accessing, external files.
Why and how am I marking that file as quarantined, and how to I remove the quarantine so that it can execute? Thanks for your help.
EDIT If it helps, the contents of that directory are
biber
libperl.dylib
running ls -l#eOd shows them both to have the attribute com.apple.quarantine, however I'm not sure what copied them into that directory, or how they gained that flag. The original copies are not quarantined.
Looks like this 'biber' is not an application download from Mac App Store or identified developers (with Apple Developer ID). So you must manually allow its launch.
Usually there are three ways to do this:
Right click on application and click "Open" from the context menu. There will be a warning, just click "Open". OSX will remember your choice and next time it will open.
You can change Gatekeeper's settings: "System Preferences" -> "Security & Privacy" -> "General" tab. Unlock to make changes. Choose "Anywhere" in the "Allow applications downloaded from" section. Note: it decreases security and there will be a warning about it with the proposal to use first solution.
Remove 'quarantine attribute' from the app. In terminal run command: xattr -d com.apple.quarantine <your_app>
I prefer the last solution. All solutions are for the applications, but I think will also work for the utility.

Remove Sandboxing

I have another question dealing with app sandboxing. So I need access to the users' home directory and at the same time the app should be able to shut down the Mac. This requires to not using sandboxing.
My problem is that I don't know how to remove sandboxing and being able to submit the app to the Mac App Store. I think that the archives are sandboxed because I had turned it on once..
How to remove sandboxing from the archives properly?
Thanks for your help!
On Xcode 11, you can turn off Sandboxing by removing it from the Signing & Capabilities tab:
If I understand what you are asking correctly, you'll need to remove the entitlements.plist from your project and make sure that the Summary view of your target in Xcode has sandboxing turned off:
As Derek Wade pointed out, you can make an App like GarageBand X (which behaves obnoxiously with third party plugins like Amplitube due to Sandboxing) NOT run in a sandbox by editing the binary itself with a HEX editor like HexFiend. Look for:
<key>com.apple.security.app-sandbox</key>
Immediately following that bit you'll see the true tag, which as suggested I switched to 'fals' (no extra bytes) and now GarageBand will happily interact with third party VST plugins. Huzzah.
I found if you go into the .app package, under Contents/MacOS, there should be a binary file that matches the name of your app. Copy that file to your desktop. Edit the desktop copy of the file with TextEdit. You should find within the file, the text representation (xml) of the Entitlements for the app. Find the Sandbox entitlement flag (usually set to <true/>) and change it to <false/>. You will have to unlock the file when editing. Save the file (located on the desktop). Rename the original file in the .app package (i.e. append .old to the filename). Copy the desktop file back to the .app Package location (you may have to authorize it). This should remove the sandboxing.
You cannot remove Sandbox if the user ran you application via Sandbox.
That's the whole point - don't you think ?

Mac OS X, application's developer name?

I have created an app for mac os x using xcode 4
In the build settings I see my name (the mac os x registered user's name)
Anyhow, I want to share the app but I don't want other to know that I created this app
So, is there a way to find out who created the app ?
If there's is how can I remove my name from the app ?
Thanks
It has some smell, to distribute an application anonymously. Anyway: You can change the information of your application by editing the Info.plist file inside your .app-bundle.
Right-click your application and select "Show package contents" from the context-menu. Open the folders and search for the "Info.plist" file. Open the file with TextWrangler, BBEdit oder the PropertyFile-Editor of XCode and search for your name. You can then simply replace it with anything else.
But remember:
An application should never ever been distributed without informations on the developer. The described method will only remove all "visible" informations on you. Informations on you that are part of the compiled binary won't be changed by this.

How to make Finder 'Open With' work for my application (Xcode, OS X)?

I have created an application that is capable of playing audio files. This in itself works fine, and so does drag&drop from finder to my application.
What I would like as well, is that people can use my application from Finder using the Open With menu (or even allow them to set my application as default for a certain file type)
After a lot of searching, I found that I should configure a document type in Xcode (Editing information property lists)
I successfully added such a type named 'Music File', with UTI 'public.mp3'
When I now right-click an MP3 file, my application is listed in the 'Open With' menu.
Trying to use it, my app opens, but I get a warning message saying "The document could not be opened. App cannot open files in the 'Music File' format"
It doesn't appear to be passed through the command line as is the case in Windows.
My application does support drag&drop from Finder, and this is working fine too.
I don't really know where to look next, so it would be great if anyone could point me in the right direction.
My application isn't using NSDocument, so the 'Class' field doesn't apply for me I think (and according to the docs this field isn't required, but it doesn't say how to handle it without a Class)
Do you implement application:openFile: in your app delegate? This is the method that will be called when your application is asked to open a file from the Finder. If it's not implemented or doesn't return YES, then the framework will assume that the file wasn't opened successfully and report that fact to the user.

Resources