-
-
Notifications
You must be signed in to change notification settings - Fork 657
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add notes about cask and quarantine issues with MacOS #5034
base: main
Are you sure you want to change the base?
Conversation
I forget about this every time. Should also help with search engines, as the error is pretty common.
homebrew/cask-versions/wezterm-nightly | ||
wez/wezterm/wezterm-nightly | ||
``` | ||
> 2. `--no-quarantine` is set, otherwise you will receive the warning that Wezterm cannot be opened because the developer cannot be verified. This message is from [Gatekeeper](https://support.apple.com/en-mide/102445). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What I would expect here is just a warning that you downloaded something from the internet.
wezterm is signed; if are you seeing a warning that the package you are installing is not signed or not verifiable then something has gone wrong somewhere and you should not use the package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I received this when installing nightly, is nightly not signed or is that a generic warning of when you install something via the internet?
Happy to test further on a clean machine if needed. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all builds of wezterm produced by my CI on macOS are signed using my developer identity. Please share the wording from the message that you see when you don't use the quarantine option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without:
“WezTerm” is an app downloaded from the Internet. Are you sure you want to open it?
Homebrew Cask downloaded this file today at 2:24PM. Apple checked it for malicious software and none was detected.
brew uninstall --cask wezterm-nightly
and then install with just that flag fixes it.
If I then do another uninstall and try without the flag, the same message appears.
I've tested this in a virtualised MacOS using tart and observe the same results.
Let me know if this makes sense..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
otherwise you will receive the warning that Wezterm cannot be opened because the developer cannot be verified
This wording is wrong, the developer can be verified.
I would argue that it is best to not use --no-quarantine
, which would bypass other checks including unsigned binaries.
Agreed, let me reword it.
…On Tue, 20 Feb 2024, 6:20 am Matthew Berryman, ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In docs/install/macos.md
<#5034 (comment)>:
> ```
+> 1. `--cask` needs to be set, as the cask name exists in homebrew already and will result in the following error:
+> ```
+> Error: Cask wezterm-nightly exists in multiple taps:
+ homebrew/cask-versions/wezterm-nightly
+ wez/wezterm/wezterm-nightly
+ ```
+> 2. `--no-quarantine` is set, otherwise you will receive the warning that Wezterm cannot be opened because the developer cannot be verified. This message is from [Gatekeeper](https://support.apple.com/en-mide/102445).
otherwise you will receive the warning that Wezterm cannot be opened
because the developer cannot be verified
This wording is wrong, the developer can be verified, it is because you
don't have the Security setting to allow applications downloaded from "App
Store *and* identified developers set (per screenshot), that you are
seeing the warning, and the --no-quarantine flag, which also bypasses
this particular GateKeeper check along with the others.
I would argue, especially if you are installing brew casks, that you would
want to change the setting, rather than use --no-quarantine, which would
bypass other checks including unsigned binaries.
Screenshot.2024-02-20.at.08.42.34.png (view on web)
<https://github.com/wez/wezterm/assets/2288238/2acdcf9f-3099-4ee2-8e97-7ab799007a10>
—
Reply to this email directly, view it on GitHub
<#5034 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABW6236ZOOLBYP7IPSQ2C3YUPF4NAVCNFSM6AAAAABDOR3WN6VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTQOBZGIZTOMRSGQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Personally, I think it is is fine to preserve the quarantine flag and the corresponding check and prompt as the default in the documentation. It is safer for users that may not know the consequences. Since I don't personally recommend disabling those checks, I don't feel good about suggesting to do it in the docs but then telling folks not to do it in the docs, because a lot of people only skim and won't see the warning about it being a potentially dangerous thing to do. |
I forget about this every time. Should also help with search engines, as the error is pretty common.
Thanks MacOS 🤦