Code Trips & Tips

, , ,

Apple Extended Attributes and Quarantined Files

How to list and remove the com.apple.quarantine extended attribute from unzipped files.

Marco
1–2 minutes
, ,

MacOS adds a quarantine extended attribute to files unzipped, which causes sometimes inexplicable errors; here is how to deal with it and use your own files how you intend.

On MacOS, when you unzip files from (for example) a .zip (or .tar.gz) file, the OS will (silently) add a com.apple.quarantine “extended attribute” and will prevent apps from running it, or the file to be run as an executable.

While this may (or may not) be a useful security protection for the more naive users, it is an annoyance to those of us who know what we’re doing, especially as the error messages are usually confusing.

For example, unzipping an app.py Streamlit application, will give you this:

└─( streamlit run app.py
Traceback (most recent call last):
File "/Users/marco/.virtualenvs/dbsearch/bin/streamlit", line 5, in
from streamlit.web.cli import main
File "/Users/marco/.virtualenvs/dbsearch/lib/python3.12/site-packages/streamlit/init.py", line 61, in
from streamlit import config as _config
File "/Users/marco/.virtualenvs/dbsearch/lib/python3.12/site-packages/streamlit/config.py", line 1044, in
file_util.get_project_streamlit_file_path("secrets.toml"),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/marco/.virtualenvs/dbsearch/lib/python3.12/site-packages/streamlit/file_util.py", line 151, in get_project_streamlit_file_path
return str(Path.cwd() / CONFIG_FOLDER_NAME / Path(*filepath))
^^^^^^^^^^
File "/opt/homebrew/Cellar/python@3.12/3.12.4/Frameworks/Python.framework/Versions/3.12/lib/python3.12/pathlib.py", line 1195, in cwd
return cls().absolute()
^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/python@3.12/3.12.4/Frameworks/Python.framework/Versions/3.12/lib/python3.12/pathlib.py", line 1216, in absolute
cwd = os.getcwd()
^^^^^^^^^^^
PermissionError: [Errno 1] Operation not permitted

which will waste your time, until you slap your forehead and go “oh, right, the eff’ing quarantine!!” (followed in short order, at least in my case, by some profanity directed at whoever at Apple thought this was a good idea).

A quick check on the filesystem confirms it:

see that little seemingly innocuous @ at the end of the Permissions list? yep, that’s the giveaway that there are extended attributes attached to the file.

To list them:

xattr app.py

and to remove the quarantine one:

xattr -d com.apple.quarantine app.py

(or just use -c ./* to get rid of the whole nonsense in one fell swoop).

Leave a comment

Trending