-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
macOS Catalina error: “helm” cannot be opened because the developer cannot be verified. #6615
Comments
I can confirm this. A colleague just upgraded to Catalina and helm won't start anymore. |
I'm using macOS Catalina and helm v2 and v3 CLI work for me there. |
@rimusz I do not have that option. My only options are: |
@tdensmore just run |
Thanks @rimus . |
Allow apps from anywhere and After taking the following steps, I now seem to have an "Open anyways" option now, allowing running individual applications without disabling secure defaults. Here's what I did, not sure if all steps are relevant:
sudo spctl --master-disable
sudo spctl --master-enable
|
So from a comment in the terraform issue, it looks like we need a key signed from Apple themselves to have Helm binaries verified.
Will be keeping an eye on that upstream issue for recommended next steps. What an interesting turn of events. |
as a less dramatic workaround to disabling all protections, you should be able to grant an exception to helm specifically. after you try to open helm and get the error prompt, you can go to System Preferences -> Security & Privacy -> General and it will give you the option to set a special exception for helm: the next time you try to run helm, you'll get one last warning prompt that now gives you the option to open helm. |
I haven't upgraded to Catalina yet but I was told kubectl doesn't have this problem. If that is indeed the case, could someone check if kubectl is signed in any particular way? |
@marckhouzam macOS Catalina, the latest kubectl downloaded from the kubernetes official install guide (or homebrew) is not signed but surprisingly I have a kubectl version that is from Docker (I do not recall installing it like this but well, it is what it is - I think it came with the Docker Mac app): From Docker app:
Downloading via official link (same binary as homebrew):
|
Thanks @guitmz. Is Catalina blocking you when you try to use the unsigned kubectl like it does for helm? |
For some reason it is not. But perhaps it's because first time I used it, it was the signed binary (from Docker), maybe macOS added it to some sort of whitelist (just a wild guess, not sure how Catalina security works). Anyway as of now both the official binary and the one from Docker are working fine. |
My colleague was also was blocked for helm but not kubectl, although kubectl seems unsigned. Maybe a trail to follow... |
I worked around this by deleting helm and then downloading it with wget. It seems that it is because the file was downloaded via chrome. I'm guessing you also have this problem if helm has been downloaded via safari or firefox. |
Wow, @micheas is right! If I download RC3 with Googling a bit led me to this info: This is good news as it means installing helm using This explains why it worked for my installation of |
You can run |
If you try running helm once, then go to |
Enable install from "anywhere" not work for me. But @sozercan 's method did if you want to remotely run some binary via ssh. You save my night.!! |
@scotthew1's reply in #6615 (comment) worked for me with macOS Catalina and helm |
This issue has been marked as stale because it has been open for 90 days with no activity. This thread will be automatically closed in 30 days if no further activity occurs. |
Found the solution Do not download the archive with a GUI browser, it will get tainted by macos that will pretend downloaded binaries to be signed. Just download with wget or curl, and live happy! Downloaded archives/binaries get some additional attributes on the file system, look at a
You see the |
Output of
helm version
:v2.14.3
Information from hashicorp/terraform#23033 suggests that Apple is requiring applications to be signed with an Apple developer key from now on.
A workaround is also mentioned in the above issue and works but it is not ideal.
The text was updated successfully, but these errors were encountered: