macOS Catalina 10.15.7 Quarantine Problems: Agent won’t install

[haraldrudell]

macOS Catalina 10.15.7 Quarantine Problems: Agent won’t install

Installed using brew cask install secretive launched Secretive gui app and clicked Run Setup

Symptoms

On launch of Secretive gui app, orange band across the top: Secret Agent isn’t running. Run setup again to fix, action: Run Setup

tail -F /var/log/system.log displays:

Oct 10 09:10:28 c67 com.apple.xpc.launchd[1] (com.maxgoedjen.Secretive.SecretAgent[1079]): Could not find and/or execute program specified by service: 155: Refusing to execute/trust quarantined program/file: com.maxgoedjen.Secretive.SecretAgent
Oct 10 09:10:28 c67 com.apple.xpc.launchd[1] (com.maxgoedjen.Secretive.SecretAgent[1079]): Service exited with abnormal code: 78
Oct 10 09:10:28 c67 com.apple.xpc.launchd[1] (com.maxgoedjen.Secretive.SecretAgent): Service only ran for 0 seconds.

Fix

as root: xattr -d -r -s com.apple.quarantine /Applications/Secretive.app

To never see the orange band again, add to the ~/.zshrc of your normal user:

if [ -d ~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent ]; then
  export SSH_AUTH_SOCK=~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh
fi

Restart or re-Login

Check

if this directory does not exist: ls -ld ~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent Ensure fix was completed then restart or re-Login

[maxgoedjen]

🤔 I wonder if the quarantine bits are a cask-specific issue. I haven't seen that specifically before, but I don't personally maintain the cask.

Can you clarify if you did the normal export step as part of the initial setup process? This is generally required for signing to work.

[haraldrudell]

I have it to on macOS 11, with Secretive downloaded as zip from github upgrade to 2.0 Drag app to /Applications then drag to dock

grep SecretAgent /var/log/system.log
com.apple.xpc.launchd[1] (com.maxgoedjen.Secretive.SecretAgent[18525]):
Could not find and/or execute program specified by service: 155:
Refusing to execute/trust quarantined program/file:
com.maxgoedjen.Secretive.SecretAgent

ls -ld /Applications/Secretive.app
drwxr-xr-x@ 3 brew  staff  96 Nov 13 00:04 /Applications/Secretive.app

# the at-sign means extended attributes are present

fix: as root:
xattr -d -r -s com.apple.quarantine /Applications/Secretive.app

# problem gone

What might have happened is that brew overwrote it on brew upgrade

[haraldrudell]

what is “ normal export step”

[maxgoedjen]

@haraldrudell interesting on the upgrade... I'll see if I can figure out what's going on there.

By "normal export step" I'm referring to this step in the onboarding.

[andrewdmontgomery]

@haraldrudell I found an older issue in the homebrew-cask repo. Most of it seems to do with an issue that was resolved some time ago in Homebrew, related to changes in the options available with the xattr command, which brew uses to manage the quarantine bit properly. That's very unlikely to be directly relevant here, of course.

But a comment towards the end might still be relevant here: https://github.com/Homebrew/homebrew-cask/issues/51538#issuecomment-430469022

I got this issue since macOS Mojave update, after reading some relating issues talking about xattr. which recalls that I did manually install xattr by myself sometime ago, because macOS didn't have this command before

After

pip uninstall xattr

brew cask install/upgrade working fine again.

Any chance you manually installed xattr some other way?

[sandstrom]

I'm doing some issue gardening 🌱🌿 🌷 and came upon this issue. Since it's quite old I just wanted to ask if this is still relevant? If it isn't, maybe we can close this issue?

By closing some old issues we reduce the list of open issues to a more manageable set.