[Isthatablackgsd]

I'm assuming you don't use the package manager like Homebrew or MacPorts? this is where the gatekeeper will annoy the hell out of me. Apps installed via Homebrew often will encounter Gatekeeper alerts. Half of them will give the option to open it and the other half, the gatekeeper --demands-- gently ask me to put it in the Trash without the option to open it.

[crazygringo]

That's... unusual.

I use Homebrew constantly and have never seen such a thing in my life, in any version of macOS/OSX over the past several years. Not in building from source, not in casks.

Like another commenter the only security change I have is "Allow apps downloaded from" set to "App store and identified developers" -- which I'd assume virtually every Mac user on HN has also set.

Perhaps you have some kind of unusual configuration? Or there's some very specific subcategory of Homebrew packages that encounter this problem?

[dimmke]

Same, I install almost all new software via Homebrew and I've never had this problem.

[HandstandMick]

What works for me is to ignore the trash message, in Finder, find the App, right click open, macOS displays a warning and open prompt, click Open, next time around do the same and post it seems to be fine.

[kstrauser]

I use Homebrew daily. In System Preferences, I have Security & Privacy > General > Allow apps downloaded from: App Store and identified developers, and I don't remember the last time I got a Gatekeeper alert.

[Isthatablackgsd]

I have that option enabled since the first booting of my Macbook Air M1 and gatekeeper alert is still showing. And I am sure we are not using the same apps that ran into those alerts. I have Vivaldi, Alfred, AppCleaner, EasyFind, iTerm2, KeepassXC, MacPass, Keka, MediaInfo, NoMachine, Numi, OBS, odrive, Signal, Slack, TexStudio and VLC ran into those alert.

I am genuinely curious why people are singing that "I don't have that such problems in my computer!" slogan repeatedly? Some of us have that problem and just because we have the same OS and possible the same hardware didn't mean it is impossible. I wish people change that particular mindset and be aware that those problems does exist.

[kstrauser]

You're hugely misreading my intentions. I'm an engineer: I see something unexpected, I want to figure out what's happening. You and I are both using the same software and you're seeing problems that I didn't even know affected some people. I'm not saying "this works for me so I don't know what you're complaining about". I'm saying "huh, this works for me. I wonder what's different between our systems? Is this something that's going to spontaneously start affecting me if I click the wrong toggle somewhere?"

Obviously the problem is possible. It's happening to you. I'd like to find out why so that I can troubleshoot and fix the problem if it starts happening to me or my friends or coworkers. And really, I'd like to help you fix it, too, if I could figure out what's causing it.

[Isthatablackgsd]

Apologies for misreading you, I'm just frustrated and accepted the fact that it is by design.

I been reading other comments and as someone (xrisk) pointed out that it is Homebrew Casks which it made sense since all of the gatekeeper alerts is coming from 'Cask-ed' apps. I could disable Gatekeeper but I rather not because MacOS is not my daily driver. I rather to keep Gatekeeper active to protect itself from moronic me.

[btilly]

Given how ubiquitous your problem is, I would be suspicious that security alerts are going off because you have a real security problem. I've seen similar problems when a piece of malware keeps trying to inject itself into various things, and Gatekeeper is catching it. The variety of places where you're getting alerts is a testament to the persistence of the malware, and not the fact that everything is actually broken.

[kstrauser]

That's OK. If I were in your boat, I'd probably be pretty frustrated.

Does the method of right-clicking on an app, then "Open", in Finder work to tell Gatekeeper to quit complaining?

[setr]

Probably the simplest thing then would be to alias brew install to something like spctl —master-disable; brew install $1; spctl —master-enable

[Wowfunhappy]

`spctl --master-disable` requires root permissions (sudo).

You could edit sudoers so the command doesn't require a password. But really, at that point I'd just leave Gatekeeper off.

[vlovich123]

Is it possible you do this on a corp machine that has Google's Santa running & it's just a language precision issue? Google Santa will definitely prompt on nearly everything & is extremely annoying for Homebrew. Google Santa != Gatekeeper though.

[setr]

Because if they can’t reproduce, then much more likely than not, the problem is not inherent to the platform. In this case, there’s probably a deviation in config settings.

Additionally if they can’t reproduce, they can’t offer any advice or help.

It’s highly unlikely that MacOS behaves specially for your existence.

[nomel]

The latest time I had a Homebrew package fail to install, due to security restrictions that work just fine for the other thousands of packages there, it was the package trying to do something it shouldn’t have, and was promptly fixed. You may have run into a similar scenario.

[xrisk]

He’s talking about Homebrew Cask.

[fryktelig]

I've been having issues with non-cask Homebrew packages getting blocked by some Gatekeeper/SIP related watchdog on my new M1 system. Stuff would just get insta-killed at load. Anyway, it seems to have been sorted now, and through identifying which packages were having the issue in Console and reinstalling them, I've resolved the issues.

[Someone]

Slightly educated guess: did you install the x64 emulator between when you had the problems and when they went away?

I can see brew trying to run x64 code while the emulator isn’t there blocking code from running in weird ways.

Alternatively, it might be that package updates fixed the packages that behaved incorrectly. Again, just a slightly educated guess.

[fryktelig]

I had Rosetta well before I ran into these issues, I think Homebrew still required it when I got the computer.

Before I figured out the way to identify the offending dependencies I sorted the issue through signing the executable with codesign, in a way that required me to disable part of SIP. So the code was working, it was just not being allowed to run.

[oivey]

Even more specifically, the only time I’ve ran into Gatekeeper is with apps that install into /Applications and have a GUI. I’ve never had this issue with stuff I only access via CLI.

[xrisk]

You have to Ctrl+right click the app, then click Open.

[herrkanin]

I'm using homebrew all day long, and I don't remember ever having this issue.

[xrisk]

Homebrew cask.

[ezfe]

I use Homebrew Cask and don't run into any unusual problems with Gatekeeper. The flow is always the same as if I manually downloaded it (meaning I sometimes get a prompt on first run, but that's expected).

[na85]

Homebrew apps only ask for permissions when they get updated because gatekeeper treats it like a fresh install, I guess.

[saagarjha]

This is because Homebrew Cask explicitly adds the quarantine attribute to things it downloads. Perhaps there is some easy way to disable it or patch out this functionality?

[xrisk]

Ctrl+right click to get the option to open it.

[lilyball]

Homebrew and MacPorts don't add the quarantine flag to the software they're installing. If you're getting Gatekeeper alerts for software installed this way, then something else must be going on.

[saagarjha]

Homebrew Cask does.

[breakfastduck]

You need to disable gatekeeper like shown in another of the comments. It’ll permanently create a new option in your settings to allow installations from “anywhere” too.

[Wowfunhappy]

Nitpick, I don't actually think the option in System Preferences is permanent? Is it still there if you change it back and restart System Preferences?

[breakfastduck]

Not sure, I leave it on permanently on 'anywhere'. It still gives a prompt to confirm execution but it becomes a click through rather than anything actually trying to stop you doing stuff.

[herf]

Did you install homebrew via a Rosetta Terminal?

M1/ARM code is treated more strictly than Intel, so I guess all my command line stuff is Intel.

[mlindner]

A simple right click on the app and selecting the open dialogue and it works fine.

[mschuster91]

Macports doesn't give you any headaches, it follows Unix principles.

Homebrew is a keg of worms, if you excuse the bad pun. Sadly (because it seems to be easier to get started?) many developers prefer it over Macports...

[Isthatablackgsd]

As an end-user, I prefer Homebrew over MacPorts because Homebrew is simpler to get it installed and use in the terminal. MacPorts in other hand, takes some tinkering to get it working. It has problem detecting installed XCode because it was looking for a specific outdated version (this happened last month when I decided to give MacPorts a try and I uninstalled Homebrew before trying it out since both of them cannot co-exist together.)

It is likely that it is not the devs prefers it over MacPorts, it is likely that end-users prefers it and the devs are following what the end-users desires. Homebrew have huge catalog of software and libraries than MacPorts.