We're building a game for macOS, but during testing have noticed that it takes a long time between double-clicking the icon, and the actual launch of the game. During that time, we can see that XprotectService and syspolicyd are both running at 100% CPU. It takes on the order of several minutes for the actual game to launch.
I understand that this is due to the newly-introduced Gatekeeper system: since we haven't notarised the game, the system kicks in to verify the app when it's launched. However, the (up to 10) minutes-long delay is significantly impacting our internal testing process. Further, it seems a bit much to build the game, then run a series of command line tools to upload the build, wait for a response, download & staple the ticket to our app, and then distribute it to our own internal developers, simply in order to test minor functional changes to the app.
Is there some way around notarisation and the launching delay introduced by Gatekeeper, if we're simply building an app to test internally? Similar to signing with a development certificate & profile?
I understand that this is due to the newly-introduced Gatekeeper system: since we haven't notarised the game, the system kicks in to verify the app when it's launched. However, the (up to 10) minutes-long delay is significantly impacting our internal testing process. Further, it seems a bit much to build the game, then run a series of command line tools to upload the build, wait for a response, download & staple the ticket to our app, and then distribute it to our own internal developers, simply in order to test minor functional changes to the app.
Is there some way around notarisation and the launching delay introduced by Gatekeeper, if we're simply building an app to test internally? Similar to signing with a development certificate & profile?
To unquarantine a file, use the xattr command-line tool to remove the com.apple.quarantine extended attribute. See the xattr man page for details on how to use that tool.How would they go about un-quarantining the app
IMPORTANT The com.apple.quarantine extended attribute is not considered API. If you’re writing code to quarantine or unquarantine a file, use the quarantine API (discussed next) rather than modifying the extended attribute directly.
Alternatively, you could write a small tool to modify the quarantine state using the quarantinePropertiesKey URL resource. Its value is a dictionary where the dictionary keys are kLSQuarantineAgentNameKey and friends.
Most Unix-y tools don’t quarantine their downloads, including curl and scp.downloading it without it being placed in quarantine?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"