Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add notes about cask and quarantine issues with MacOS #5034

Closed
wants to merge 1 commit into from
Closed

Add notes about cask and quarantine issues with MacOS #5034

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion docs/install/macos.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,21 @@ If you'd like to use a nightly build:

```console
$ brew tap homebrew/cask-versions
$ brew install --cask wezterm-nightly
$ brew install --cask wez/wezterm/wezterm-nightly --no-quarantine
```

> 1. `--cask` needs to be set, as the cask name exists in homebrew already and will result in the following error:
> ```
> Error: Cask wezterm-nightly exists in multiple taps:
homebrew/cask-versions/wezterm-nightly
wez/wezterm/wezterm-nightly
```
> 2. `--no-quarantine` is set, otherwise you will receive the warning that Wezterm cannot be opened because the developer cannot be verified. This message is from [Gatekeeper](https://support.apple.com/en-mide/102445).
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I would expect here is just a warning that you downloaded something from the internet.
wezterm is signed; if are you seeing a warning that the package you are installing is not signed or not verifiable then something has gone wrong somewhere and you should not use the package.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I received this when installing nightly, is nightly not signed or is that a generic warning of when you install something via the internet?

Happy to test further on a clean machine if needed. 👍

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all builds of wezterm produced by my CI on macOS are signed using my developer identity. Please share the wording from the message that you see when you don't use the quarantine option.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without:

“WezTerm” is an app downloaded from the Internet. Are you sure you want to open it?

Homebrew Cask downloaded this file today at 2:24PM. Apple checked it for malicious software and none was detected.

brew uninstall --cask wezterm-nightly and then install with just that flag fixes it.

If I then do another uninstall and try without the flag, the same message appears.

I've tested this in a virtualised MacOS using tart and observe the same results.

Let me know if this makes sense..

SCR-20240219-tjnn

Copy link

@matthewberryman matthewberryman Feb 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

otherwise you will receive the warning that Wezterm cannot be opened because the developer cannot be verified

This wording is wrong, the developer can be verified.

I would argue that it is best to not use --no-quarantine, which would bypass other checks including unsigned binaries.

> 3. To remove the above, you can remove the quarantine flag by using (-r is recursive, -d is delete, .app is a directory on MacOS):
> ```sh
xattr -rd com.apple.FinderInfo /Applications/WezTerm.app
````

to upgrade to a newer nightly (normal `brew upgrade` will not upgrade it!):

```console
Expand Down