Workflows that call bash scripts

[Kyle Bradbury]

Using https://github.com/tilmanginzel/alfred-bluetooth-workflow as an example:

 

This workflow initiates executable scripts, which are currently being blocked by Gatekeeper. When running this workflow, you get the message: " 'etree.so' cannot be opened because Apple cannot check it for malicious software”. If you go to Security & Privacy there is an option to "Open Anyway" next to the message " 'etree.so' was blocked from opening because it is not from an identified developer." However, pressing the button does nothing. The only way I am able to run this workflow currently is by disabling Gatekeeper. 

 

This behavior is new to Catalina, as previously the executable scripts could run without being flagged.

 

edit:
Catalina Version 10.15 Beta (19A512f)
Alfred 4.0.3 (1092)

Edited July 26, 2019 by Kyle Bradbury

[Tilman]

Hi Kyle, thanks for the info. Unfortunately, MacOS Catalina now requires all applications to be notarized by default. The binaries which are distributed with my workflow are not notarized.

 

You can find some further information in the GitHub issue here: https://github.com/tilmanginzel/alfred-bluetooth-workflow/issues/9#issuecomment-517945677

[Alexander]

@Tilman, any updates on this?

[deanishe]

On 8/3/2019 at 8:43 PM, Tilman said:

The binaries which are distributed with my workflow are not notarized.

 

Is there a reason you can't use Python's built-in XML libraries instead of LXML?

[Tilman]

@deanishe Yes. If I remember correctly I was depending on XPath expressions, which were not possible with the built-in library due to limited support. Unfortunately no other progress so far, will comment in the GitHub issue soon.

[deanishe]

2 minutes ago, Tilman said:

XPath expressions, which were not possible with the built-in library due to limited support

 

There are only a couple of them. Shouldn't be hard to translate to the built-in ElementTree, and LXML is an awfully large dependency just to run a couple of XPaths.

[Tilman]

Yeah, seems like getting rid of LXML would be a good idea. Will try to find time for this soon.

[deanishe]

Just now, Tilman said:

Yeah, seems like getting rid of LXML would be a good idea.

 

Aye. Catalina really doesn't like unsigned binaries. It refuses to run my Go workflows, AFAIK, and I've no idea what I'm supposed to do about that

[Tilman]

Published a version without lxml here: https://github.com/tilmanginzel/alfred-bluetooth-workflow/issues/9#issuecomment-539643687

 

Now, blueutil and terminal-notifier.app still have the quarantine flag. So I suppose Gatekeeper will still complain

[deanishe]

2 minutes ago, Tilman said:

Now, blueutil and terminal-notifier.app still have the quarantine flag

 

Someone just posted instructions on how to allow binary executables in workflows on one of my repos, if that's any help to you?

[Tilman]

Thanks! Linked to it in my issue.

I suppose that it would still be possible to correctly notarize my workflow and/or the distributed binaries. Will take more time though to look into it...

Edited October 8, 2019 by Tilman

[deanishe]

8 minutes ago, Tilman said:

I suppose that it would still be possible to correctly notarize (and maybe even staple) my workflow and/or the distributed binaries.

 

Not sure. I get the impression notarization is only for native software. In any case, I'm 99% certain you need a non-free Apple Developer ID.

 

I suspect there may be an easier way to allow binaries using sudo spctl ...

[mmroczka]

So is this the explanation on why this gem has stopped running? It uses a bash script under the hood.

 

https://github.com/nicooprat/alfred-ocr

 

How do we get something like this working again?  I used this daily and now it's broken. 😕 

 

 

[deanishe]

6 hours ago, mmroczka said:

So is this the explanation on why this gem has stopped running? It uses a bash script under the hood.

 

No. The thread title is misleading. Scripts should still work just fine, it's binary files that Catalina won't run without jumping through hoops.

 

What error message are you getting in Alfred's debugger?

[mmroczka]

No error, that's the strange part. The screencapture command just doesn't work. It captures the background instead of the current window. I documented it here:

https://apple.stackexchange.com/questions/374158/why-is-screencapture-taking-the-screenshot-of-the-desktop-image-and-not-the-wind