Jump to content
nikivi

Can Alfred provide instructions in popover on failure to run unsigned binary

Recommended Posts

Currently all Alfred users installing workflows that have a binary inside it will be met with an error saying you can't run it but you can move it to the trash. It's not obvious what you have to do to get rid of the error. So workflows are forced to add instructions like this one.

 

https://github.com/deanishe/awgo/wiki/Catalina 


To basically all workflow's readme's.

 

I wonder if it's possible for Alfred to recognize that there was a failure to run a script filter due to permission issue and show some kind of dialogue that says 'In order to run the workflow, please right click on the program name in Finder' and then on OK, open the Alfred folder in Finder for the user. That would be quite a nice UX improvement for all users, technical or not.

 

Of course another, more solid option is to instead make users open Privacy settings and add Alfred to Developer Tools so the error never happens again. That can be achieved in a similar dialogue flow too. 

 

Reason I bring it up is I helped a friend setup her new mac and she was met with this issue on trying to install a workflow and it was confusing what she had to do in order to simply run it.

 

Thank you. 

Share this post


Link to post
Share on other sites
Posted (edited)

That’s a potentially dangerous idea.


You’re suggesting that Alfred blindly tells its users “hey, the OS thinks that running this piece of software might not be such a good idea, but go ahead and ignore that”. By that point you might as well just turn off Gatekeeper entirely, negating the need for an Alfred popover. This suggestion is a lot of responsibility that Alfred shouldn’t be taking on; it opens a perfect gap for malicious actors.


The way Apple handled the security dialogs is subpar, but the solution isn’t to ignore them indiscriminately. If a user doesn’t understand the risks and doesn’t know how to tell the software to run anyway then they shouldn’t be turning off security features and definitely should not be encouraged to.

Edited by vitor

Share this post


Link to post
Share on other sites
Posted (edited)

I am also a bit confused, don't scripts written in Python or whatever language have same potential issues that binaries have? Or never mind, there is no issue as you can inspect the script. 😐

Edited by nikivi

Share this post


Link to post
Share on other sites
12 hours ago, nikivi said:

I am also a bit confused, don't scripts written in Python or whatever language have same potential issues that binaries have?

 

Yes. But you can't sign scripts.

 

12 hours ago, nikivi said:

Or never mind, there is no issue as you can inspect the script.

 

Not necessarily. Python scripts can be distributed as bytecode, and it doesn't much matter that you can read the code if the script has already run because macOS didn't ask you for permission first.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...