Created
September 13, 2024 17:09
-
-
Save creachadair/f44e38e813332db3cd041fe241642ff7 to your computer and use it in GitHub Desktop.
Remove quarantine taint from files on macOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Usage: remove-taint.sh <filename> | |
| # | |
| # Remove the annoying mark-of-the-web taint xattrs from a file. | |
| # For some reason macOS ignores a removexattr for these attributes, | |
| # but the taint does not survive a pipe copy and rename. | |
| # | |
| set -euo pipefail | |
| for p in "$@" ; do | |
| perm="$(stat -f '%Lp' "$p")" # low-order permission bits, e.g., 644 | |
| t="$(mktemp "$p".XXXXXXXXXXXX)" # in the same directory as the source | |
| cat "$p" > "$t" | |
| # Preserve the access bits and modification time from the original. | |
| chmod "$perm" "$t" | |
| touch -m -r "$p" "$t" | |
| # Note: It's not sufficent to just rename, because macOS appears to track | |
| # the quarantine through the filename even if it's replaced. By removing | |
| # the original file first, we keep the metadata for the untainted copy. | |
| # Seriously, Apple, WTAF. | |
| rm -f -- "$p" | |
| mv -f -- "$t" "$p" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment