9

Somehow, and at some point, I believe recently, my system decided to add the com.apple.quarantine attribute to some files. It was quite a pain and was stopping me running scripts that I'd written in my own editor (BBEdit, that I've used without problems for years till the last few days). I located the problem (the xattrs) and added BBEdit to System Preferences > Security & Privacy > Privacy > Full Disk Access. Now new files are okay.

To track down other files I ran /usr/bin/find ~ -xattrname com.apple.quarantine but there were quite a few files so I redirected it to a file on my desktop.

The file is 130M large.

I notice there are a lot of git object files in there, but there's a ridiculous number of files there. Is this normal? If not, and I'm going to reckon it's not correct, how can I stop this from happening again?

  • Should I add, for example, git to Full Disk Access?
  • Is Full Disk Access the correct permission to relieve an app of this burden?
  • Would I have to do this for all apps that download anything?
  • Why would it suddenly become an issue now?

I will fix this by running xattr -rd com.apple.quarantine DIR but I'm not entirely sure I should run it across ~ even though it's irritated me enough to want it gone from anything, even actual viruses.

This is not a duplicate of What should I do about com.apple.quarantine? because of the scope and context, I would think it normal to have this happen to the odd download, not my entire account (and I haven't checked beyond that yet).

Any help or insight will be gratefully received.

ian
  • 422
  • 1
  • 6
  • 20

1 Answers1

7

As BBEdit had been erroneously marked with com.apple.quarantine it meant that all files created that way were also marked. The solution was to run xattr -dr com.apple.quarantine /Applications/BBEdit.app and then restart the app. From that point on, new items created via BBEdit were not marked.

I also ran this monster:

/usr/bin/find ~ -xattrname com.apple.quarantine -type f \
-exec sh -c 'printf "%s" {}; \
  xattr -p com.apple.quarantine {} 2>/dev/null | \
  grep -q BBEdit && xattr -d com.apple.quarantine {} &&\
  printf " - quarantined\n" || printf "\n" ' {} \;

Which took hours. Still, it's gone now.

Edit: I've had to unmark (my own answer!) this as correct because the quarantining is back even though BBEdit now is not marked as quarantined. I lament.

Further edit: After further investigation I found that the app was indeed fixed by removing its quarantine attribute and that the problem I was having now was only with its command line tools. I emailed the creators of BBEdit and they were very helpful and by changing the setting given here the problem has been fixed.

ian
  • 422
  • 1
  • 6
  • 20