brew: New brew upgrade/reinstall --cask does not honour --no-quarantine
Bug report
Please note we will close your issue without comment if you delete, do not read or do not fill out the issue checklist below and provide ALL the requested information. If you repeatedly fail to use the issue template, we will block you from ever submitting issues to Homebrew again.
- [ x ] ran
brew updateand can still reproduce the problem? - [ x ] ran
brew doctor, fixed all issues and can still reproduce the problem? - [ x ] ran
brew configandbrew doctorand included their output with your issue?
What you were trying to do (and why)
brew upgrade --cask --no-quarantine [google-chrome]
to reproduce with the now upgraded version, see what happens on: brew reinstall --cask --no-quarantine --debug --verbose google-chrome
while brew install --cask --no-quarantine --debug --verbose google-chrome works fine and does not quarantine Chrome (or any other Cask)
What happened (include command output)
Cask is not released from quarantine!
Command output
>>brew reinstall --cask --verbose --debug --no-quarantine google-chrome ... ==> Verifying Gatekeeper status of /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg /usr/bin/xattr -p com.apple.quarantine /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg ==> /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg is quarantined ==> Propagating quarantine from /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg to /usr/local/Caskroom/google-chrome/86.0.4240.198 /usr/bin/xattr -p com.apple.quarantine /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg /usr/bin/xargs -0 -- /bin/chmod -h u\+w /usr/bin/xargs -0 -- /usr/bin/xattr -w com.apple.quarantine 0181\;5fb003fd\;Homebrew\\x20Cask\;F20ACCE8-FDD7-4A6E-8064-4B00BB5857E8 ==> Creating metadata directory /usr/local/Caskroom/google-chrome/.metadata/86.0.4240.198/20201114162133.034. ==> Creating metadata subdirectory /usr/local/Caskroom/google-chrome/.metadata/86.0.4240.198/20201114162133.034/Casks. ...
see old deprecated command:
>> brew cask reinstall --verbose --debug --no-quarantine google-chrome ... ==> Checking quarantine support /usr/bin/xattr /usr/bin/swift /usr/local/Homebrew/Library/Homebrew/cask/utils/quarantine.swift ==> Quarantine is available. ==> Verifying Gatekeeper status of /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg /usr/bin/xattr -p com.apple.quarantine /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg ==> /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg is quarantined ==> Releasing /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg from quarantine /usr/bin/xattr -d com.apple.quarantine /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg ==> Downloaded to -> /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg tar tf /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg hdiutil imageinfo -format /Users/_admin/Library/Caches/Homebrew/downloads/9830ac8a5256756d2643fbdb6a47ba0eb019c3816fc4366049f2483999b2ee4f--googlechrome.dmg ==> Verifying SHA-256 checksum for Cask 'google-chrome'. ... ==> Installing Cask google-chrome Warning: macOS's Gatekeeper has been disabled for this Cask ...
What you expected to happen
Google Chrome is not quarantined and starts without the warning (on every launch)
Step-by-step reproduction instructions (by running brew commands)
brew install --cask --no-quarantine google-chrome -> shows no GateKeeper warning
…anytime later
brew upgrade --cask --no-quarantine [google-chrome] -> shows GateKeeper warning brew reinstall --cask --verbose --debug --no-quarantine google-chrome -> shows GateKeeper warning
compare this to
brew cask reinstall --verbose --debug --no-quarantine google-chrome -> does not show GateKeeper warning
Output of brew config and brew doctor commands
HOMEBREW_VERSION: 2.5.10-22-g023df12-dirty ORIGIN: https://github.com/Homebrew/brew HEAD: 023df124bdeba091b29652648602b7dda4e50730 Last commit: 65 minutes ago Core tap ORIGIN: https://github.com/Homebrew/homebrew-core Core tap HEAD: ee7fb04d416ee8611e00110c0697c7c3a971539e Core tap last commit: 7 minutes ago Core tap branch: master HOMEBREW_PREFIX: /usr/local HOMEBREW_CASK_OPTS: [] HOMEBREW_MAKE_JOBS: 8 Homebrew Ruby: 2.6.3 => /usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.6.3_2/bin/ruby CPU: octa-core 64-bit haswell Clang: 11.0 build 1100 Git: 2.29.2 => /usr/local/bin/git Curl: 7.54.0 => /usr/bin/curl Java: 11.0.9, 1.8.0_272 macOS: 10.14.6-x86_64 CLT: 10.3.0.0.1.1562985497 Xcode: 11.3.1
brew doctor Please note that these warnings are just used to help the Homebrew maintainers with debugging if you file an issue. If everything you use Homebrew for is working fine: please don't worry or file an issue; just ignore this. Thanks! Warning: A newer Command Line Tools release is available. Update them from Software Update in System Preferences or run: softwareupdate --all --install --force If that doesn't show you an update run: sudo rm -rf /Library/Developer/CommandLineTools sudo xcode-select --install Alternatively, manually download them from: https://developer.apple.com/download/more/. Warning: Putting non-prefixed coreutils in your path can cause gmp builds to fail.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 3
- Comments: 22 (9 by maintainers)
Hi,
I’m reproducibly running into this issue as well.
I have installed sapmachine11-ea-jdk from https://github.com/SAP/homebrew-SapMachine/. I need to update this every week. I used to do “brew cask upgrade --no-quarantine” which worked fine. Now, since brew cask upgrade is locked, I need to do “brew upgrade --cask --no-quarantine” which will install the updated cask without disablingthe gatekeeper. A “brew reinstall sapmachine11-ea-jdk --no-quarantine” will fix this. Or, alternatively, it seems to work when I set HOMEBREW_CASK_OPTS to “–no-quarantine”.
I’d really love if this could be fixed.
Thanks Christoph
I can confirm that. reinstall --no-quarantine works now but ugrade --no-quarantine doesn’t.
Sorry, I probably used the wrong wording here. I said that because when I do a `brew install --cask --no-quarantine sapmachine11-ea-jre", I can see the warning “macOS’s Gatekeeper has been disabled for this Cask”. Having said that, I just tested this install command again and it installed my cask fine without quarantine. I can run java -version.
I’m pretty sure it is. I’ll test this later this week when there will be an update for sapmachine11-ea-jdk/jre and report here.
Sure. 😃 Unfortunately I’m not so much into the brew source code and ruby and my time also doesn’t permit digging deeper. So, priority is all fine given that HOMEBREW_CASK_OPTS to “–no-quarantine” or “brew reinstall --no-quarantine” help. I was just worried since I had “brew cask upgrade --no-quarantine” working before and now this got locked out in favor of “brew upgrade --cask --no-quarantine” which obviously doesn’t honor --no-quarantine correctly at the moment.
Thanks for your great efforts with brew 😃
Seeing this bug on macOS 10.15.7 with latest Homebrew (2.6.2-207-gf47c1ea). For example, running
brew upgrade --no-quarantine postmanleaves the quarantine flag set onPostman.app.