The binary file is getting quarantined (com.apple.quarantine) while downloading onto another system even though it's digitally signed by a developer ID and notarised.

We are using SHC to compile on macOS to convert the .sh script to a binary file. This binary file is then digitally signed by the Apple developer account and then notarised. After that, it will work on the same system where we follow this process. But if we share this file to another system, then it gets quarantined (com.apple.quarantine) while downloading.

Is there any way to prevent it by getting quarantine on another system or something I'm missing, any clues?

We are facing this issue on a latest Sequoia version , although its working fine on the older system.

Verified for code sign and Notarisation as below:

prjadhav@dhcp-10-180-186-174 Downloads % codesign -v -vvv --strict --deep issue_avoidance_mac issue_avoidance_mac: valid on disk issue_avoidance_mac: satisfies its Designated Requirement prjadhav@dhcp-10-180-186-174 Downloads %

prjadhav@dhcp-10-180-186-174 Downloads % codesign -d -vvv issue_avoidance_mac
Executable=/Users/prjadhav/Downloads/issue_avoidance_mac Identifier=issue_avoidance_mac Format=Mach-O thin (x86_64) CodeDirectory v=20400 size=855 flags=0x0(none) hashes=21+2 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=071855ea2dc635ef0c42896888239d623a48bea5 CandidateCDHashFull sha256=071855ea2dc635ef0c42896888239d623a48bea562fa83450dedb07df06fb383 Hash choices=sha256 CMSDigest=071855ea2dc635ef0c42896888239d623a48bea562fa83450dedb07df06fb383 CMSDigestType=2 CDHash=071855ea2dc635ef0c42896888239d623a48bea5 Signature size=9010 Authority=Developer ID Application: Oracle America, Inc. (VB5E2TV963) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=28 Nov 2024 at 4:25:21 PM Info.plist=not bound TeamIdentifier=VB5E2TV963 Sealed Resources=none Internal requirements count=1 size=180

The presence of the quarantine attribute is not necessarily a problem. It tells Gatekeeper to check the program before allowing it to start. Most programs pass this Gatekeeper check without a problem. So, the real issue here is that your program is not passing Gatekeeper.

It looks like you’re building a command-line tool rather than an app. Is that right? If so, how are you launching the tool? By invoking it from the shell within a Terminal window? By double clicking it in the Finder? Or something else?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

We are converting a shell scripts to a binary file (using SHC compiler), applying digital signature & notarisation, then double clicking it in the Finder to launch it. This was working fine previously, with macOS Sequoia it's not laughing directly.

The binary file is getting quarantined (com.apple.quarantine) while downloading onto another system even though it's digitally signed by a developer ID and notarised.
 
 
Q