Installing via Homebrew has warnings

[shadowhand]

I ran brew install 7777, it downloaded from https://releases.port7777.com/1.1.3/macos/7777.

When I ran 7777 it gave me the dreaded macOS cannot verify the developer of “7777” error and refused to open the app.

I was able to bypass this by running open /opt/homebrew/Caskroom/7777 and manually opening 7777 with a right click, and accepting the warning message.

[mnapoli]

Thanks! It seems with the latest macOS versions the security constraints get more and more annoying 😓

Maybe we should at least document an easy way to validate the binary, I've read this could work (quick test seemed to validate it):

spctl --add /usr/local/bin/7777

Later can also be removed via:

spctl --remove /usr/local/bin/7777

WDYT?

[shadowhand]

I mean, that could work, but... there must be a better way? Other casks (Docker, etc) don't have this issue, so why does 7777? Why would the manually downloaded version have different permissions than a Homebrew download?

[mnapoli]

I have no idea TBH, macOS restrictions change with every new OS version and I admit having trouble keeping up…

What I've done to improve the situation at least a little bit is document that in the README in 50690b4

[pooley182]

It appears that the version installed via homebrew isn't a signed package.
This is what seems to cause the issue with mac complaining that the developer can't be verified.

On the latest version 7777/1.1.4 darwin-x64 node-v14.4.0 it also means I'm prompted to allow 7777 firewall access every time I try and open a tunnel. Because it's not signed Mac OS inherently doesn't trust it.

Below is the output from codesign, you can see the executable is missing the 'Authority' fields that indicate it was signed with a valid certificate.

> $ codesign -d -vvvv /opt/homebrew/bin/7777
Executable=/opt/homebrew/Caskroom/7777/1.1.4/7777
Identifier=7777-555549446a4a87565acf3b3d84453a306fa654a0
Format=Mach-O thin (x86_64)
CodeDirectory v=20400 size=777670 flags=0x2(adhoc) hashes=24296+2 location=system
Hash type=sha256 size=32
CandidateCDHash sha256=fa37a2f77dd3fa6baa5260392ecccfff322a438a
CandidateCDHashFull sha256=fa37a2f77dd3fa6baa5260392ecccfff322a438a6872567994b20792d586bddf
Hash choices=sha256
CMSDigest=fa37a2f77dd3fa6baa5260392ecccfff322a438a6872567994b20792d586bddf
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=54644736
Executable Segment flags=0x1
Page size=4096
CDHash=fa37a2f77dd3fa6baa5260392ecccfff322a438a
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=0 size=12

[mnapoli]

@pooley182 do these instructions help: 50690b4 ? I used this and don't get any issue with firewall access on the latest macOS.

[pooley182]

Unfortunately not, I have run that command but it still prompts for firewall access every time the container starts.
I have also tried xattr -d com.apple.quarantine /opt/homebrew/bin/7777 which I initially used to allow 7777 to start after the initial homebrew install.

I don't want to come across as condescending but is your firewall actually turned on? By default the firewall is off on Mac OS, so there's a chance yours is off which is why you don't get the warning.

[mnapoli]

@pooley182 oh right! No worries, it was indeed disabled. I enabled it and it indeed asks to confirm.