How to Take Mac Files Out of Quarantine

Chances are you’ve experienced the behaviour under OS X where you go to start up an application or access a file and a pop-up appears warning you that the application/file has been downloaded from the Internet and are you sure you trust it? Well, this application or file is in “quarantine” until you explicitly give the nod that you think it’s safe because (hopefully) you downloaded it from a reputable source and you actually know what it is.

Now, assuming that the user you are logged into your Mac as has the correct privileges the quarantine attribute will be removed and you’ll never see that message again for that application or file. For a lot of people this tends to be the case because of the way they operate their machine – perhaps only one login or if there are separate logins they don’t share downloaded applications or files.

However, if you have a more controlled operational environment – perhaps having multiple logins for different “personas” such as work, personal, etc., and/or have a specific login for administration activities such as application download and install – then it’s not always so simple. Additionally, if you are a developer and you tend to download packages such as WordPress themes or plugins (or core WordPress itself) and then want to edit more than a few files in that download, you’ll soon tire of being asked the same question every time you try to access a new file.

So, following on from my handy Clean Directory Compress service, here comes the Remove From Quarantine service that can be applied to any directory and operates recursively down through all sub-directories to remove the quarantine attribute from every file.

First, let’s take a look at how a file in quarantine look when you do a directory listing in Terminal – something like this:

ambiguous$ ls -dl wp-admin
drwxr-xr-x@ 92 ambiguous  staff  3128 15 Feb 11:04 wp-admin

See the @ sign after the directory permissions, that means there are some extended attribute(s) present – so to see what they are:

ambiguous$ xattr wp-admin

and there you have it, the quarantine attribute. Now in general there may be other extended attributes present on a file or directory but we can deal with each individually leaving the others unchanged.

There is no man entry for the xattr command but we can see what we can do with it by specifying the -h option:

ambiguous$ xattr -h
usage: xattr [-l] [-r] [-v] [-x] file [file ...]
 xattr -p [-l] [-r] [-v] [-x] attr_name file [file ...]
 xattr -w [-r] [-v] [-x] attr_name attr_value file [file ...]
 xattr -d [-r] [-v] attr_name file [file ...]

The first form lists the names of all xattrs on the given file(s).
The second form (-p) prints the value of the xattr attr_name.
The third form (-w) sets the value of the xattr attr_name to the string attr_value.
The fourth form (-d) deletes the xattr attr_name.

 -h: print this help
 -r: act recursively
 -l: print long format (attr_name: attr_value and hex output has offsets and
 ascii representation)
 -v: also print filename (automatic with -r and with multiple files)
 -x: attr_value is represented as a hex string for input and output

From this help information you can see that the form of the command of interest is the fourth form which enables an attribute to be deleted. So let’s see that in action:

ambiguous$ xattr -d wp-admin
ambiguous$ ls -dl wp-admin
drwxr-xr-x  92 ambiguous  staff  3128 15 Feb 11:04 wp-admin
ambiguous$ xattr wp-admin

The command on line 1 deletes the attribute from the wp-admin directory; the directory listing on lines 2 & 3 shows that there are now no extended attributes attached to the directory; and finally on lines 4 & 5 applying the xattr command to the directory again shows that there are now no extended attributes. This means we could now work with this directory without being asked whether it should be considered safe or not.

So you can apply the xattr command to individual files and directories but the most benefit comes from applying it recursively starting at a top-level directory. Have a look at this (abbreviated) directory listing of the wp-admin directory content:

ambiguous$ ls -l wp-admin
total 1888
-rw-r--r--@  1 ambiguous  staff  47460 25 Jul  2010 admin-ajax.php
-rw-r--r--@  1 ambiguous  staff   1341 25 Apr  2010 admin-footer.php
-rw-r--r--@  1 ambiguous  staff    403 11 Aug  2008 admin-functions.php
-rw-r--r--@  1 ambiguous  staff   5357 27 May  2010 admin-header.php
-rw-r--r--@  1 ambiguous  staff    592  5 Mar  2009 admin-post.php
-rw-r--r--@  1 ambiguous  staff   6086 12 Jul  2010 admin.php
-rw-r--r--@  1 ambiguous  staff   2281 23 May  2010 async-upload.php
-rw-r--r--@  1 ambiguous  staff   8831  3 Jun  2010 comment.php
drwxr-xr-x@ 64 ambiguous  staff   2176 29 Dec 21:15 css
-rw-r--r--@  1 ambiguous  staff  12816 11 Jun  2010 custom-background.php

where you can see the extended attribute indicator against the files and directory. By executing the xattr delete recursively with the -r option we can remove the attribute from all the files and sub-directories in a recursive manner.

ambiguous$ xattr -d -r wp-admin
ambiguous$ ls -l wp-admin
total 1888
-rw-r--r--   1 ambiguous  staff  47460 25 Jul  2010 admin-ajax.php
-rw-r--r--   1 ambiguous  staff   1341 25 Apr  2010 admin-footer.php
-rw-r--r--   1 ambiguous  staff    403 11 Aug  2008 admin-functions.php
-rw-r--r--   1 ambiguous  staff   5357 27 May  2010 admin-header.php
-rw-r--r--   1 ambiguous  staff    592  5 Mar  2009 admin-post.php
-rw-r--r--   1 ambiguous  staff   6086 12 Jul  2010 admin.php
-rw-r--r--   1 ambiguous  staff   2281 23 May  2010 async-upload.php
-rw-r--r--   1 ambiguous  staff   8831  3 Jun  2010 comment.php
drwxr-xr-x  64 ambiguous  staff   2176 29 Dec 21:15 css
-rw-r--r--   1 ambiguous  staff  12816 11 Jun  2010 custom-background.php

As you can now see the extended attribute indicator has gone and the files and directories are now out of quarantine.

You might be quite happy to just apply this command in a Terminal window, but for added convenience it can be made into a service. So the final piece of the puzzle is to insert the following code block into an Automator service definition (see the Clean Directory Compress service post for the process to follow and/or read the Automator Help and Documentation) and you can easily recursively remove a directory and it’s content from quarantine in the Finder.

for f in "$@"
    path=`dirname $f`
    dir=`basename $f`
    cd $path
    if [[ -d "$dir" ]]; then
        xattr -d -r ${dir}

Hope that helps to make your development process just a little bit easier.

How to Get a Clean Zip on a Mac

Usually under OS X when you want to zip up a bunch of stuff into a zip file you’ll make use of the Compress command and often times this may be suitable. But, have you ever done this and then unzipped the resulting file on a *nix machine or a Windows machine? If you haven’t and you try it you could be in for a nasty shock bacause as well as putting all the files and folders you did want into the zip file you’ll probably find that Compress also loaded in a whole bunch of Mac specific system files that you really didn’t want. At best they’ll just be annoying, at worst they may cause strange things to happen that take ages to track down.

Consider a specific case that may be familiar to you. You are doing some development work where you have various code repository files, or a backup file, or temporary files, etc., all dispersed throughout a directory tree you want to zip up and transfer. Having to go through and clean these out (assuming you can) is a pain. This is really what spurred me into action – developing for WordPress and creating zip files for installation. I really needed some way to easily make “clean” zip files, by which I mean zip files that contained only the stuff I wanted.

Now I know that if you have been looking on the net for something like this you will likely have found a few examples of how to accomplish this to a greater or lesser extent. These are basically all good but to my mind didn’t go far enough, they lacked flexibility and that’s what I wanted to add.

So, introducing the Clean Directory Compress service, a very simple little script (and I mean simple) created as an OS X Service using the Automator application built in to OS X. The guts of the service are this simple little shell script:

for f in "$@"
    # Initialize and empty exclusion file addition
    # and variables for where we are or should be
    path=`dirname $f`
    dir=`basename $f`
    # Move to parent of directory we are going to zip
    cd $path
    # Make sure it is a directory to be zipped
    if [[ -d "$dir" ]]; then
        # Should make sure the exclusion file exists
        # otherwise may get an error
        if [[ -f "./${dir}/__exclude.txt" ]]; then
        # Now the zip - explicitly exclude some pattern
        zip -r ${dir}.zip $dir -x \*.DS_Store\* ${excl}

It’s designed to work on folders only (based on the original requirement for use in WordPress development) and takes a list of folders passed in from the Finder based on selected folders in a Finder window. For each folder, get the path and the folder name, change working directory to the containing folder, check that the given folder is actually a directory and then recursively zip the folder into a zip file with the same name as the folder.

So far so good, but what about excluding the things we don’t want? Well that’s what the -x option does for you. The -x option on the zip command is folowed by a list of file patterns and any files or folders whose name match one of those patterns will not be included in the zip. So as you can see there is an instance in the script for excluding the .DS_Store file which is the minimum requirement.

But not only that, and this is where the added flexibility is introduced, the -x@<filename> option allows the specification of a file that contains a further list of file name patterns (one per line) to be excluded. I’ve called this file __exclude.txt and I’ve placed it in the folder that we’re zipping so it’s neat and tidy and each folder can have it’s own exclusion file without any name clashes.

Note however that if you have a folder with a number of sub-folders, etc., and each has it’s own exclusion file that only the exclusion file from the top level folder is used. Of course the exclusion files in the contained folders would be used if you chose to specifically zip one of those folders.

Here’s an example of an exclusion file:


Notice the final line? This conveniently specifies that all exclusion files (including this one) should be excluded from the zip file which keeps everything nice and tidy. Of course if you were sending this to another Mac user for further work then you might want to retain the exclusion files at this point.

So if you would like to create a Service with this script simply fire up Automator, select the Utilities library, drag the Run Shell Script action into the active area, select the service to receive selected folders in Finder and pass the input as arguments, paste the above code into the Run Shell Script code area and save this new Service with your chosen name – it will automatically be placed in the correct place on your system and you just then go and enable it through Finder Services Preferences. Here are a couple of screenshots to help out.

From then on if you want a clean zip just highlight a folder, select the service (whatever you choose to call it) and you’ll get a zip file appear.

Of course the script could also be used from the command line with a bit of adaptation for a script header and argument handling.

If you are feeling adventurous you could add your own additional tweaks such as electing for greater compression for smaller file size, exclusion from compression of files that are already using a compressed format, etc.

This was created under Mac OS X 10.6 (Snow Leopard) but there’s no reason to think it wouldn’t work under earlier versions as it only uses the standard built-in command line zip.

Allow Me To Introduce Myself

I am 485Ambiguous aka Jeremy Trask.

I am currently operating as a freelance engineer undertaking various web related and other projects that interest me – yes, I need to make a living but I also need to enjoy what I am doing.

My background is firmly in telecommunications although I started off as an apprentice engineer with EMI sometime in the past. Anyone reading this who knows what a “thick sandwich course” is will be able to guess the approximate decade – and by the way, it has nothing to do with food… Certainly my time in the workshop making toolboxes and screwdrivers and learning to solder has stood me in good stead when it comes to tinkering with my bicycles as much as when repairing blown iMac power supplies.

Much of my early existence after university was spent engaged in research for Thorn-EMI (as it became) including early work on remote utility meter reading (how can it be that after all these years this still is not widespread) and latterly mobile communications.

From there I moved into early GSM network development through companies such as GPT and BNR/Northern Telecom to finally settle with Hewlett Packard working on network monitoring equipment for telecoms operators encompassing SS7, Mobile and IP based technologies. Eventually Hewlett Packard hived off a proportion of it’s operation forming a new company called Agilent which over time dispensed with it’s facilities and expertise in my locale and presented me with the opportunity to try something new.

After dabbling with various aspects of website design and development I started using products from iThemes and over time started providing unofficial support for BackupBuddy on the community support forum as it was back then. After a while the good folks over there offered to pay me for my time and expertise and I now provide support and development services for BackupBuddy on a part-time basis.

So that’s the potted history.

Over that time I have amassed a certain level of knowledge, experience and expertise which, whilst some of it is by nature quite niche, also encompasses much that is “transportable” in the sense that it can be applied in a variety of situations. Through this site and other ventures which may get a mention from time to time I hope to do just that.

Oh, and if you are a Rolling Stones fan sorry that you probably didn’t find what you expected but just maybe you found what you did find fleetingly interesting.

How This Site Will Help You

This site will help you by providing you with information, hints, tips’n’tricks and other usefull stuff that (most probably) you will not find anywhere else or if you did it would have taken you a considerable time to find.

Yeh, but what can there be that’s new that I can’t already find out there I hear you ask – anyway that’s the first question I asked before embarking on this project. Well just ask yourself how many times you’ve been stuck on something, needed to know how to do something or how something worked and try as you might you just can’t seem to find what you need? Chances are if you are doing anything a little off the beaten track then it’s quite often.

From experience I know that many times I have been in this situation and have gone on to figure it out for myself but as I haven’t had an immediate outlet to capture the solution it stays in my head and goes no further. I’m sure this effect is replicated countless times around the globe every day so this is my little stake in the ground to tip the balance just ever so slightly.

Now of course what happens here is necessarily limited by time and effort so unfortunately not everyone is going to find the answer to their problem or the piece of information that they need but hopefully enough people will find enough answers and information to make it worthwhile. If nothing else, at least I’ll know where to look to fix that thing I fixed once, way back.

If You Are New Here…

…then you might be wondering what to expect? Well that depends on how soon you are visiting here after the birth of this site. If you are reading this then you are pretty much in at the inception and like all good things it’s gonna take a little time to grow and mature. There will probably be a few shoots that will wither and die whilst there will be others that prosper and grow. In any case, it would be nice if you’d stick around and see how things develop, maybe even give a bit of feedback from time to time – good, bad or indifferent, it all helps.

So, hope you keep reading and that you’ll find at least a few things that interest you.