xattr on macOS - What It Is and Why You Might Need It
From time to time, I download a binary file and place it into my ~/bin
directory, which I have in $PATH
on my MacOS.
If the binary is from a trusted source, and it’s not available via a package manager like brew, that is a fast solution.
Examples where I do this would be the Bazel buildtools, like buildifier or _buildozer, or the objectbox-generator.
The Potential Problem on macOS
If you download the binary with a browser, MacOS marks it as quarantined, preventing the file from being executable.
Even if it was downloaded as a zip archive.
This is usually a very good security feature, but sometimes it’s annoying.
An example where it can be a problem is if you download the Android NDK. That’s a huge download, and after unpacking it, MacOS does not let you run the compiler and linker.
Download via Command Line.
One problem to avoid the quarantine attribute is downloading the binary via command line, and do not use the browser.
Use curl -LTO <url>
to download the binary or archive. This will not set the quarantine attribute.
But if you have already downloaded an archive, like the Android NDK, and use a slow internet connection, downloading it again is not the primary option.
Note: For some time, versions newer than the Android NDK r20b download is a dmg file, just because of this reason. However, the zip archive download still exists)
xattr on MacOS
The xattr
command can be used to display, modify, or remove the extended attributes of a file.
For example, when downloading the ObjectBox generator,
which comes as a zip-archive, and extracting the binary into ~/bin
, you need to make it executable.
If you come from Linux, you would think a chmod +x ~/bin/objectbox-generator
should be enough.
But if you execute the file, MacOS will show yo a dialog, telling you that it can not verify the developer of the software.
To 'fix' this, you can remove the quarantine attribute from the file.
First, lets check if the file is quarantined:
-> xattr -l ~/bin/objectbox-generator com.apple.macl: com.apple.quarantine: 0081;6690236f;Vivaldi;
This shows that the file was downloaded with the Vivaldi browser, and is quarantined.
Now we know the attribute name, we can remove it:
-> xattr -d com.apple.quarantine ~/bin/objectbox-generator
If we now use the binary, it will work as expected.
-> objectbox-generator -h Usage: objectbox-generator [flags] {path} * to execute "clean" action (see below) on the path, removing previously generated code and missing entities, * and execute code generation on the path afterwards. .....
Summary
If you are like me, working on Linux, Windows, and MacOS, there are many OS-specific tricks you have to remember. Especially such tasks, that are seldom needed, can interrupt a workflow. This is one example. Writing down a solution I already found helps me remember it. I hope it helps you too.