Jump to content

Can Alfred provide instructions in popover on failure to run unsigned binary


nikivi
 Share

Recommended Posts

Currently all Alfred users installing workflows that have a binary inside it will be met with an error saying you can't run it but you can move it to the trash. It's not obvious what you have to do to get rid of the error. So workflows are forced to add instructions like this one.

 

https://github.com/deanishe/awgo/wiki/Catalina 


To basically all workflow's readme's.

 

I wonder if it's possible for Alfred to recognize that there was a failure to run a script filter due to permission issue and show some kind of dialogue that says 'In order to run the workflow, please right click on the program name in Finder' and then on OK, open the Alfred folder in Finder for the user. That would be quite a nice UX improvement for all users, technical or not.

 

Of course another, more solid option is to instead make users open Privacy settings and add Alfred to Developer Tools so the error never happens again. That can be achieved in a similar dialogue flow too. 

 

Reason I bring it up is I helped a friend setup her new mac and she was met with this issue on trying to install a workflow and it was confusing what she had to do in order to simply run it.

 

Thank you. 

Link to comment
Share on other sites

That’s a potentially dangerous idea.


You’re suggesting that Alfred blindly tells its users “hey, the OS thinks that running this piece of software might not be such a good idea, but go ahead and ignore that”. By that point you might as well just turn off Gatekeeper entirely, negating the need for an Alfred popover. This suggestion is a lot of responsibility that Alfred shouldn’t be taking on; it opens a perfect gap for malicious actors.


The way Apple handled the security dialogs is subpar, but the solution isn’t to ignore them indiscriminately. If a user doesn’t understand the risks and doesn’t know how to tell the software to run anyway then they shouldn’t be turning off security features and definitely should not be encouraged to.

Edited by vitor
Link to comment
Share on other sites

I am also a bit confused, don't scripts written in Python or whatever language have same potential issues that binaries have? Or never mind, there is no issue as you can inspect the script. 😐

Edited by nikivi
Link to comment
Share on other sites

12 hours ago, nikivi said:

I am also a bit confused, don't scripts written in Python or whatever language have same potential issues that binaries have?

 

Yes. But you can't sign scripts.

 

12 hours ago, nikivi said:

Or never mind, there is no issue as you can inspect the script.

 

Not necessarily. Python scripts can be distributed as bytecode, and it doesn't much matter that you can read the code if the script has already run because macOS didn't ask you for permission first.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...