Using xattr to set the Mac OSX quarantine property

2020-08-21 02:49发布

问题:

There is a lot of information on StackOverflow and elsewhere about how to clear the Mac quarantine property. In my case I would like to set it. This is in order to test that my app is properly signed so that the user will hot get the "Untrusted Developer" warning after downloading it.

My app is particularly large (we distribute from a large file download site, not the store) and it is not convenient to have to upload and download to test this. I have had some battles with code signing the past week so this testing is important to me.

Once a file has the quarantine property I see how I can alter it to have the values:

0002 = downloaded but never opened (this is the one that causes the warning)
0022 = app aborted by user from the warning dialogue (you hit 'cancel' in the dialogue)
0062 = app opened (at least) once (you hit 'open' in the dialogue)

But I don't know how to give it the property in the first place.

回答1:

The code for this isn't hard, but you need FSRef's to do it, which are deprecated. That said, it still works on 10.9. You have to link with CoreServices.

int main(int argc, const char * argv[]) {
  @autoreleasepool {
    if (argc != 2) {
      printf("quarantine <path>\n");
      exit(1);
    }

    NSString *path = @(argv[1]);
    OSStatus result;
    FSRef pathRef;
    result = FSPathMakeRef((UInt8*)[path UTF8String], &pathRef, 0);
    if (result != noErr) {
      NSLog(@"Error making ref (%d): %s", result, GetMacOSStatusCommentString(result));
      exit(result);
    }

    NSDictionary *quarantineProperties = @{(__bridge id)kLSQuarantineTypeKey: (__bridge id)kLSQuarantineTypeOtherDownload};

    result = LSSetItemAttribute(&pathRef,
                                kLSRolesAll,
                                kLSItemQuarantineProperties,
                                (__bridge CFTypeRef)quarantineProperties);

    if (result != noErr) {
      NSLog(@"Error setting attribute (%d): %s", result, GetMacOSStatusCommentString(result));
    }
    exit(result);
  }
  return 0;
}

Another approach is to just copy the quarantine information from one file to another. You can serialize xattr information like this:

xattr -p com.apple.quarantine file > file.xattr

You can then apply those attributes to another file like this:

xattr -w com.apple.quarantine "`cat file.xattr`" file

(That should work, but I haven't tested it with quarantining in particular. I use a similar technique to save code signatures and reapply them.)



标签: macos xattr