Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

macOS Catalina error: “terraform” cannot be opened because the developer cannot be verified. #23033

Open
roura356a opened this issue Oct 8, 2019 · 21 comments

Comments

@roura356a
Copy link

@roura356a roura356a commented Oct 8, 2019

Terraform Version

terraform_0.12.10_darwin_amd64

Expected Behavior

It should run.

Actual Behavior

Screen Shot 2019-10-09 at 8 44 03 am

Steps to Reproduce

Run any terraform command.

@roura356a roura356a changed the title “terraform” cannot be opened because the developer cannot be verified. macOS Catalina error: “terraform” cannot be opened because the developer cannot be verified. Oct 8, 2019
@roura356a

This comment has been minimized.

Copy link
Author

@roura356a roura356a commented Oct 8, 2019

Apparently, the workaround is quite painful:

  • In the Finder on your Mac, locate the app you want to open.
  • Control-click the app icon, then choose Open from the shortcut menu.
  • Click Open.

The app is saved as an exception to your security settings, and you can open it in the future by double-clicking it or from cli, just as you can with any authorised app.

@teamterraform

This comment has been minimized.

Copy link
Collaborator

@teamterraform teamterraform commented Oct 9, 2019

Hi @roura356a! Thanks for reporting this.

Indeed the new version of MacOS is stricter about running software you've downloaded that isn't signed with an Apple developer key. Terraform distributions are signed with a HashiCorp key with signatures distributed out of band on releases.hashicorp.com, but MacOS Catalina is requiring participation in Apple's developer program specifically, and Terraform is currently not built to support that.

Thank you for sharing your workaround. We're looking into the best way to proceed here to see if we can make this work better.

@EmpireJones

This comment has been minimized.

Copy link

@EmpireJones EmpireJones commented Oct 10, 2019

sudo spctl --master-disable to allow apps downloaded from Anywhere

@rajdeepbhatia

This comment has been minimized.

Copy link

@rajdeepbhatia rajdeepbhatia commented Oct 10, 2019

sudo spctl --master-disable to allow apps downloaded from Anywhere

@EmpireJones Is there a way to do it for a specific app only?

@aprofromindia

This comment has been minimized.

Copy link

@aprofromindia aprofromindia commented Oct 10, 2019

Another simpler way is to go to System Preferences -> Security & Privacy -> General and enable any blocked app from Allow apps downloaded from pane at the bottom of the window.

@michtio

This comment has been minimized.

Copy link

@michtio michtio commented Oct 10, 2019

@aprofromindia agreed, just like it always worked in Mac OS when you had security settings. Whenever an app is blocked. You just have to allow them there.

@paliwalvimal

This comment has been minimized.

Copy link

@paliwalvimal paliwalvimal commented Oct 14, 2019

Removing existing terraform executable and installing it with brew install terraform solved the problem for me.

@jimmywan

This comment has been minimized.

Copy link

@jimmywan jimmywan commented Oct 14, 2019

Another simpler way is to go to System Preferences -> Security & Privacy -> General and enable any blocked app from Allow apps downloaded from pane at the bottom of the window.

This does not appear to be available in Catalina.

Screen Shot 2019-10-14 at 15 13 30

  • In the Finder on your Mac, locate the app you want to open.
  • Control-click the app icon, then choose Open from the shortcut menu.
  • Click Open.

The app is saved as an exception to your security settings, and you can open it in the future by double-clicking it or from cli, just as you can any authorised app.

This does work.

@jbayer

This comment has been minimized.

Copy link

@jbayer jbayer commented Oct 15, 2019

This is affecting all HashiCorp binaries on Catalina. We are looking into the macOS notarizing process to no longer require these work-arounds on Catalina. We will provide an update when we learn more about this.

Here is the process I used to run the existing binaries on Catalina that does not require control-click. First I open the "Security & Privacy" control panel from System Preferences.

  1. Attempt to run the binary after upgrading to Catalina. It will fail. Click cancel instead of moving it to the trash. You should see Killed: 9 as output in the terminal.

Screenshot 2019-10-15 09 19 36

  1. The "Security & Privacy" panel, "General" tab is updated to reflect that the binary was recently prevented from running. I clicked "Allow Anyway".

Screenshot 2019-10-15 09 19 56

  1. Attempt to run the binary again. This time a different prompt is shown and you are able to select "Open". After clicking open, the binary should run as you expect.

Screenshot 2019-10-15 09 20 07

@anksank

This comment has been minimized.

Copy link

@anksank anksank commented Oct 18, 2019

Try giving access to the Terminal in Security & Privacy under System Preferences, and then run the command in Terminal after restarting it.

Screenshot 2019-10-18 at 10 33 47 AM

@mfekadu

This comment has been minimized.

Copy link

@mfekadu mfekadu commented Oct 21, 2019

Had a similar issue with racket so that supports the idea that this issue is macOS Catalina specific.

The simple answer that @roura356a shared worked for me (just locate file > right click > open).

Good to know there are other workarounds too.

image

“racket” cannot be opened because the developer cannot be verified.

Thanks for the wonderful and generally applicable workarounds!

@weldpua2008

This comment has been minimized.

Copy link

@weldpua2008 weldpua2008 commented Oct 30, 2019

Same issue with 0.12.12

@davidainslie

This comment has been minimized.

Copy link

@davidainslie davidainslie commented Oct 31, 2019

Argh! Same with latest Java (version 13.0.1)

@bahaa

This comment has been minimized.

Copy link

@bahaa bahaa commented Nov 1, 2019

The only solution that worked for me is to delete the com.apple.quarantine extended attribute from the downloaded directory of the app. For example this command solved the issue with GraalVM:

xattr -d com.apple.quarantine /Library/Java/JavaVirtualMachines/graalvm-ce-19.2.1
@jbayer

This comment has been minimized.

Copy link

@jbayer jbayer commented Nov 1, 2019

I've learned a bit more about this. The com.apple.quarantine metadata attribute is set on files by applications like browsers that download files over the network. It is possible to remove the com.apple.quarantine metadata attribute with a user that has permission to do it. Additionally there are some other alternatives mentioned by MITRE that avoid the attribute being set on files.

Apps loaded onto the system from USB flash drive, optical disk, external hard drive, or even from a drive shared over the local network won’t set this flag.

@anhdungle93

This comment has been minimized.

Copy link

@anhdungle93 anhdungle93 commented Nov 6, 2019

The same thing happens to me, but with a link on a browser, so I cannot right click for the open option. Does anyone know how to solve it in this case?

@jbayer

This comment has been minimized.

Copy link

@jbayer jbayer commented Nov 6, 2019

@anhdungle93 are you able to run this command wherever your terraform binary is located instead of /path/to/terraform?

xattr -d com.apple.quarantine /path/to/terraform

@micheas

This comment has been minimized.

Copy link

@micheas micheas commented Nov 7, 2019

downloading with wget instead of chrome solved the problem for me.

@jefpauwels

This comment has been minimized.

Copy link

@jefpauwels jefpauwels commented Nov 13, 2019

I'm having the same problem with my cvx installation for Matlab, but when I run my code, it calls hundreds of separate programs, that all independently are denied permission. Does anybody know how to allow a folder of apps?

@jbayer

This comment has been minimized.

Copy link

@jbayer jbayer commented Nov 13, 2019

If you use the -r flag, this will run recursively:

xattr -r -d com.apple.quarantine /path/to/dir

@jefpauwels

This comment has been minimized.

Copy link

@jefpauwels jefpauwels commented Nov 13, 2019

If you use the -r flag, this will run recursively:

xattr -r -d com.apple.quarantine /path/to/dir

This works, thanks a lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.