macOS Gatekeeper gatekeeping text files?

I have something with a new individual on my team I've never seen before. They checked out our code repository from git and now anytime they try to open a .json file that is legitimately just a text file, GateKeeper tells them it cannot verify the integrity of this file and offers to have them throw this file away. I've seen this with binaries, and that makes sense. I removed the com.apple.quarantine extended attribute from all executable files in our source tree, but I've never seen GateKeeper prompt on text files. I could remove the extended attribute from all files in our source tree, but I fear the next time he pulls from git he'll get new ones flagged. Is there someway around this? I've never personally seen GateKeeper blocking text files.

Answered by DTS Engineer in 824194022

Gatekeeper will examine text files that are executable, by some definition of that word. I notice this most often with Markdown files. Markdown allows you to embed HTML, and HTML allows JavaScript, so Gatekeeper considers them executable.

I could remove the extended attribute from all files in our source tree

You should definitely do that. Having quarantined files in your repo is just going to be a source of problems. For example, you could end up triggering this issue.

I fear the next time he pulls from git he'll get new ones flagged.

Git clients are not user-facing and thus shouldn’t quarantine their downloads. Certainly, the most commonly used Git clients on macOS, Xcode and the git command-line tool, don’t quarantine their downloads.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Gatekeeper will examine text files that are executable, by some definition of that word. I notice this most often with Markdown files. Markdown allows you to embed HTML, and HTML allows JavaScript, so Gatekeeper considers them executable.

I could remove the extended attribute from all files in our source tree

You should definitely do that. Having quarantined files in your repo is just going to be a source of problems. For example, you could end up triggering this issue.

I fear the next time he pulls from git he'll get new ones flagged.

Git clients are not user-facing and thus shouldn’t quarantine their downloads. Certainly, the most commonly used Git clients on macOS, Xcode and the git command-line tool, don’t quarantine their downloads.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thank you. We did manually remove the extended attribute but these were .json files and only contained data. Eventually I was able to poke IT enough and they found there were settings in there managed profiles from Jamf that were too eager to quarantine these files from git. Hopefully the problem will not reoccur after they adjusted the policy.

macOS Gatekeeper gatekeeping text files?
 
 
Q