I use Sparkle to update a bundle inside iPhoto.app.
It works on 10.7 but fails on 10.8.
After some investigation, I found that it might be caused by the quarantined attribute.
11/28/12 1:46:08.000 PM kernel: exec of /Users/me/Library/Containers/com.apple.iPhoto/Data/Library/Application Support/Hypo/finish_installation.app/Contents/MacOS/finish_installation denied since it was quarantined by iPhoto and created without user consent, qtn-flags was 0x00000006
Although there is releaseFromQuarantine: method in Sparkle's code, it did not lift the quarantine attribute successfully. errno=3.
Does that means we cannot update bundle in sandboxed 10.8 app?
+1 I get the same error, coincidentally also in iPhoto:
1/22/13 6:29:11.398 AM iPhoto: *** NSTask: Task create for path '/Users/me/Library/Containers/com.apple.iPhoto/Data/Library/Application Support/MyPlugin/finish_installation.app/Contents/MacOS/finish_installation' failed: 22, "Invalid argument". Terminating temporary process.
1/22/13 6:29:11.000 AM kernel: exec of /Users/me/Library/Containers/com.apple.iPhoto/Data/Library/Application Support/MyPlugin/finish_installation.app/Contents/MacOS/finish_installation denied since it was quarantined by iPhoto and created without user consent, qtn-flags was 0x00000006
Looks like this is a dupe of #163 & #165. Or maybe not, since no sandboxd denials are showing in the Console.
It looks like what's happening is iPhoto is setting a quarantine bit on the finish_installation executable.
$ xattr -p com.apple.quarantine "/Users/me/Library/Containers/com.apple.iPhoto/Data/Library/Application Support/MyPlugin/finish_installation.app/Contents/MacOS/finish_installation"
I modified - (void)installWithToolAndRelaunch to try remove this quarantine bit before running that executable:
// Remove gatekeeper quarantine attribute on relaunchTool
NSString *unquarantineCommand = [NSString stringWithFormat:@"xattr -dr com.apple.quarantine \"%@\"", relaunchToolPath];
NSLog(@"unquarantineCommand: %@", unquarantineCommand);
if( useXPC )
[SUXPC launchTaskWithLaunchPath: relaunchToolPath arguments:arguments];
[NSTask launchedTaskWithLaunchPath: relaunchToolPath arguments:arguments];
This seems to generate the correct log message:
1/22/13 10:29:00.368 AM iPhoto: unquarantineCommand: xattr -dr com.apple.quarantine "/Users/me/Library/Containers/com.apple.iPhoto/Data/Library/Application Support/MyPlugin/finish_installation.app/Contents/MacOS/finish_installation"
However, xattr still shows that the quarantine bit is set, and the same old error given by the OP is produced. Any thoughts on how remove the quarantine bit, or to otherwise work around the quarantine mechanism? (I did codesign everything, just in case, but to no avail.)
EDIT: I just saw the note about releaseFromQuarantine from the OP, but I don't see an error message related to this, and in any case it doesn't seem to be invoked for for finish_installation.
IT appears that releaseFromQuarantine is called for the finish_installation app, it is just failing with errno set to EPERM, indicating that permission was denied.
We are unable to use AuthorizationServices to allow the user to auth our ability to release from quarantine, as we're in a sandboxed app.
Perhaps Sparkle could detect this and simply present a link to download?
That code has been refactored. Please reopen if it still happens.