Little-used by third parties, macOS uses extended attributes – xattrs – for a lot of features. Among the most prominent is Gatekeeper’s system of quarantine: download an app, and the first time that you run it, Gatekeeper will perform a full check of its signature.
A couple of weeks ago, I started work on a tool to give easier access to xattrs, and specifically to allow developers to force a full Gatekeeper check on their apps without having to upload and download them each time. I’m delighted to report that I have made further progress, and can now offer a fairly basic tool with five features:
- it can inspect all the xattrs attached to any given file or folder;
- it can add a quarantine xattr which forces a full Gatekeeper check;
- it can add any xattr containing Unicode text (but does not support binary xattrs yet);
- it can remove any xattr from a file or folder, including the quarantine xattr;
- it can save listings of xattrs to text files.
For the moment, its interface is simple and functional, not sophisticated or fancy. It does trap errors, and report them in an understandable way, and seems quite robust too.
Internally, I have completely rewritten it so that it does not make any calls to command tools like
xattr, but works through system function calls. The only exception to that is in calling SQLite to add an entry to the user’s quarantine database, when adding a quarantine xattr. I will explain how it works in more detail in a subsequent article.
Now that I can add arbitrary xattrs to files, I have discovered some of their unusual properties. Because xattrs are metadata, stored in the volume metadata and not the file or folder itself, changing xattrs has no effect on normal file attributes, such as the timestamps for last modification or last opening. Xattr metadata is also not within the scope of Spotlight search – a feature which limits the use of xattrs in some respects, and makes them valuable in others.
The latest release of xattred is available in Downloads above.