Resuming apps on login vs. the quarantine flag
This is the workflow Apple envisioned when they introduced the annoying quarantine flag back in the days of Mac OS X 10.4:
- User A downloads an archive (.dmg, .tar.gz, etc.) from the Internet. The system applies the quarantine flag to the archive file.
- User A extracts an application from the archive and places it into
/Applications. The systeminfects the app bundlepasses the quarantine flag on to the app bundle. - User A launches the application. The system warns about the unsafe origin of the app.
- User A confirms that the app is safe to use. The system clears the quarantine flag. Problem solved.
Unfortunately, my workflow is slightly different: Click the "Read more" link to see what the problem is.
I perform steps 3 and 4 with a different user (let's say "user B") than steps 1 and 2. Specifically, user A in my case is an administrator, and user B is a regular user with no admin privileges at all. The result of this "non-standard" workflow is that the system fails to remove the quarantine flag in step 4, asking me over and over again "are you sure?" Yes, dammit, I am!
So this is how Apple made me hate the quarantine flag. I ended up using TinkerTool to set a hidden user preference (defaults write com.apple.LaunchServices LSQuarantine -bool NO) that would advise the system to ignore the quarantine flag if it is set, and not bother me anymore with stupid questions about unsafe apps. Ignorance is bliss.
For a number of years I have been content living with this solution. When I recently upgraded from Mac OS X 10.6 to 10.8, one of the first things I did was setting the new Gatekeeper feature (introduced in Mac OS X 10.7) to allow the system to run applications downloaded from anywhere. At first I believed that this would obviate the need for TinkerTool, but I was wrong: The system would still show me the quarantine warning, so I quickly put back TinkerTool on the system to get back into my blissful state of mind.
One of the things I have been eagerly looking forward to use on Mac OS X 10.8 is the "Resume" feature - what I traditionally would call session management: When I login to the system, Mac OS X remembers which apps I had running at the time when I logged out the last time, and launches those apps automatically for me. I use session management with Firefox all the time, in fact it is one of the killer features that convinced me of switching to Firefox back in the days of FF 2.0. What a nasty surprise when I discovered that the LSQuarantine user preference set by TinkerTool has no effect when the system uses "Resume" to launch apps on login: Quarantine warning after quarantine warning, endless pain and anguish, gone the blissful state of ignorance.
At the time of writing this, it looks as if there is no evasion tactics possible anymore if I want to keep using "Resume": I must finally look the quarantine flag into its ugly face and deal with it in a "terminal" manner. After a bit of looking around, the best solution I have found is to write an Automator script to get rid of the flag: See the second answer to this question on "AskDifferent". The answer suggests to create a "Folder Action" that will automatically remove the quarantine flag from all downloaded files. I prefer to have a bit more control, so instead I create an "Application" workflow that I can save as an app bundle, which will then serve as an old-fashioned "droplet": After I install an app into /Applications, I drag the app bundle and drop it onto the dock icon of the Automator droplet to remove the quarantine flag.
These are the step-by-step instructions, copied almost verbatim from AskDifferent:
- Launch Automator
- Create a new "Application" workflow
- Add a "Run Shell Script" command ("Shell-Skript ausführen" in German)
- Change the "Pass input" menu to "as arguments"
- Change the script to:
for f in "$@" do xattr -d com.apple.quarantine "$f" done - Save the workflow to a convenient place, then drag the resulting app bundle into the dock where it will wait for your drops
And now back to bliss and ignorance.