Archive for the ‘Gatekeeper’ Category
You may be aware of the Gatekeeper security feature introduced with OS X 10.7.5. It prevents potential malware from being run inadvertently on your machine by checking downloaded apps for a developer signature. Most modern applets from this site are “codesigned” with my Developer ID which is registered with Apple. You are therefore assured that my apps are not malware. (It would be pretty dumb of me to release malware in any case.)
Apple has updated the way Gatekeeper signatures are recognized on OS X 10.9.5 and Yosemite. Gatekeeper on those systems (and later) will now look for a new version 2 signature, which can only be implemented by a developer on OS X 10.9 and later. The v2 signature is fully backward compatible on earlier systems. But v1 signatures have been obsoleted and will not be recognized on OS X 10.9.5 or Yosemite.
Codesigned applets that were last updated on Mountain Lion or earlier will have a v1 signature.
I’ve spent the Summer working on updating v1-codesigned scripts and apps so they will be compatible with Yosemite when it arrives in the Fall. However, I haven’t yet updated all codesigned applets with a v2 signature.
If you download an applet signed with a v1 signature on OS X 10.9.5 or Yosemite you may see an alert that advises you that the app is from an unknown developer. If so, you can override Gatekeeper security by Right-clicking/Control-clicking the applet’s icon in the Finder and selecting “Open” from the contextual menu.
I hope to have all affected apps updated with v2 signatures over the next few weeks in time for the official release of OS X 10.10.
UPDATE: Well, apparently, it’s all a load of hooey.
UPDATE 2: ArsTechnica explains the current situation.
As I mentioned previously, some scripts from this site when downloaded to OS X 10.8 may not pass Gatekeeper Security when set to the “Mac App Store or Developer ID” setting (the default Gatekeeper setting). To over-ride Gatekeeper settings, Control-click/Right-click the script in the Finder and choose Open from the contextual menu, then allow the script to be opened.
However, for a small number of scripts, even this may not work. You may see an OSStatus error message and the script will still be unable to run.
It appears to occur with a few .app scripts, but not all.
I’ll try to catch these scripts (and if you run into one, let me know) and update them. In the meantime, the fix is to temporarily lower your Gatekeeper Security settings to allow apps from anywhere to launch. Once the script is launched, you can restore your Gatekeeper settings.
PITA, I know.
As you may know, OS X 10.8 introduces a new security feature called Gatekeeper which can conditionally disallow software downloaded from the internet from being launched on your machine. You can access the Gatekeeper settings in the Security pane of System Preferences.
Gatekeeper offers three “trusted source” security settings for launching downloaded apps:
- Only launch apps from the Mac App Store
- Only launch apps from the Mac App Store or digitally signed with an authorized Apple Developer ID
- Launch anything downloaded from anywhere
The default Gatekeeper setting is Number 2. My guess is that the sort of people who visit this site will have lowered that to Number 3, “Allow from Anywhere”.
Gatekeeper doesn’t take notice of most of the types of AppleScripts available from this site so downloading and launching scripts from here shouldn’t trigger Gatekeeper no matter what the security setting. Cocoa-AppleScripts, which constitute the majority of recent applets and droplets, have been/will be codesigned with an Apple Developer ID.
However, it is still remotely possible that a handful of older scripts from this site may be quarantined by Gatekeeper and won’t be permitted to launch after you download them to OS X 10.8. (This does not affect scripts that you have already downloaded and have launched at least once.)
What to do: Control-Click/Right-Click on the script in the Finder and choose “Open” which will present an option to override any Gatekeeper settings. Alternatively, you could lower your Gatekeeper security setting temporarily while you launch the script and then restore the setting afterwards.
Once you’ve successfully launched the script the first time, by whatever means, it will be ignored by Gatekeeper thereafter.
Update: additional new information posted here.