0

I am trying to remove the "com.apple.quarantine" attribute in files placed in

~/Library/Containers/....../Library/Application Support.

Using NSTask and xattr leads to "Operation not permitted" messages in console. As second option I tried the header xattr.h using removexattr().

I also tried to add LSFileQuarantineEnabled to Info.plist. Calling xattr manually from Terminal works.

Seems like sandbox prevents xattr from deleting attributes using Objective-C.

modusCell
  • 13,151
  • 9
  • 53
  • 80
Christian
  • 15
  • 2
  • this is by design. why exactly are you trying to do this? there is probably a better solution to your problem then `NSTask`... – Brad Allred Aug 04 '14 at 17:43
  • @BradAllred I need to execute an update binary without user interaction. The Gatekeeper flag should be removed in this case. What other solutions are possible here ? – Christian Aug 05 '14 at 07:08
  • does your application "own" this binary, or are you trying to tamper with things that dont belong to you? if its the latter there is not a way to do this with sandboxing. that is the point of sandboxing in the first place. – Brad Allred Aug 05 '14 at 14:12
  • When building the app I copy every dylib/bin/sh file into the app directory. There all files have no meta data. The "com.apple.quarantine" must be added when copying the files using code. All copied files belong to my user. I tried to copy them to another location without success. Would be moving instead of copying an alternative ? – Christian Aug 05 '14 at 15:37
  • Right, I understand the origin of `com.apple.quarantine` but it sounds like you are trying to mess with files outside your sandbox; that defeats the purpose of sandboxing. – Brad Allred Aug 05 '14 at 18:35
  • of course you can always turn sandboxing off if you dont want to distribute on the appstore... – Brad Allred Aug 05 '14 at 18:40

1 Answers1

0

Run a helper binary inside a sandboxed app...

For first tests:

  1. create a certificate using "Keychain Access"
    1. "certificate assistant" > "create certificate ..."
    2. name it ...
    3. overwrite default settings
    4. ...
  2. sign your helper binary (updater) with codesign -s <certificate A> <binary>
  3. copy binary to your project
  4. check that it's linked within "Build Phases" > "Copy Bundle Resources"
  5. go to Product > Archive
    1. Distribute ...
    2. Export as Application
    3. Use your Signing Identity

If you want to send it to the Mac App Store, use the correct certificate.

The code I'm using to start/call the helper binary is as follows:

NSString * resourcePath = [[NSBundle mainBundle] resourcePath];
NSTask *testbin = [[NSTask alloc] init];
NSString * path = [resourcePath stringByAppendingString:@"/testbin"];
[testbin setLaunchPath:path];
[testbin launch];
[testbin waitUntilExit];

No need to copy or move a file ;-)

moep moep
  • 63
  • 7