How to Take Mac Files Out of Quarantine

Chances are you’ve experienced the behaviour under OS X where you go to start up an application or access a file and a pop-up appears warning you that the application/file has been downloaded from the Internet and are you sure you trust it? Well, this application or file is in “quarantine” until you explicitly give the nod that you think it’s safe because (hopefully) you downloaded it from a reputable source and you actually know what it is.

Now, assuming that the user you are logged into your Mac as has the correct privileges the quarantine attribute will be removed and you’ll never see that message again for that application or file. For a lot of people this tends to be the case because of the way they operate their machine – perhaps only one login or if there are separate logins they don’t share downloaded applications or files.

However, if you have a more controlled operational environment – perhaps having multiple logins for different “personas” such as work, personal, etc., and/or have a specific login for administration activities such as application download and install – then it’s not always so simple. Additionally, if you are a developer and you tend to download packages such as WordPress themes or plugins (or core WordPress itself) and then want to edit more than a few files in that download, you’ll soon tire of being asked the same question every time you try to access a new file.

So, following on from my handy Clean Directory Compress service, here comes the Remove From Quarantine service that can be applied to any directory and operates recursively down through all sub-directories to remove the quarantine attribute from every file.

First, let’s take a look at how a file in quarantine look when you do a directory listing in Terminal – something like this:

ambiguous$ ls -dl wp-admin
drwxr-xr-x@ 92 ambiguous  staff  3128 15 Feb 11:04 wp-admin

See the @ sign after the directory permissions, that means there are some extended attribute(s) present – so to see what they are:

ambiguous$ xattr wp-admin
com.apple.quarantine

and there you have it, the quarantine attribute. Now in general there may be other extended attributes present on a file or directory but we can deal with each individually leaving the others unchanged.

There is no man entry for the xattr command but we can see what we can do with it by specifying the -h option:

ambiguous$ xattr -h
usage: xattr [-l] [-r] [-v] [-x] file [file ...]
 xattr -p [-l] [-r] [-v] [-x] attr_name file [file ...]
 xattr -w [-r] [-v] [-x] attr_name attr_value file [file ...]
 xattr -d [-r] [-v] attr_name file [file ...]

The first form lists the names of all xattrs on the given file(s).
The second form (-p) prints the value of the xattr attr_name.
The third form (-w) sets the value of the xattr attr_name to the string attr_value.
The fourth form (-d) deletes the xattr attr_name.

options:
 -h: print this help
 -r: act recursively
 -l: print long format (attr_name: attr_value and hex output has offsets and
 ascii representation)
 -v: also print filename (automatic with -r and with multiple files)
 -x: attr_value is represented as a hex string for input and output

From this help information you can see that the form of the command of interest is the fourth form which enables an attribute to be deleted. So let’s see that in action:

ambiguous$ xattr -d com.apple.quarantine wp-admin
ambiguous$ ls -dl wp-admin
drwxr-xr-x  92 ambiguous  staff  3128 15 Feb 11:04 wp-admin
ambiguous$ xattr wp-admin
ambiguous$

The command on line 1 deletes the attribute from the wp-admin directory; the directory listing on lines 2 & 3 shows that there are now no extended attributes attached to the directory; and finally on lines 4 & 5 applying the xattr command to the directory again shows that there are now no extended attributes. This means we could now work with this directory without being asked whether it should be considered safe or not.

So you can apply the xattr command to individual files and directories but the most benefit comes from applying it recursively starting at a top-level directory. Have a look at this (abbreviated) directory listing of the wp-admin directory content:

ambiguous$ ls -l wp-admin
total 1888
-rw-r--r--@  1 ambiguous  staff  47460 25 Jul  2010 admin-ajax.php
-rw-r--r--@  1 ambiguous  staff   1341 25 Apr  2010 admin-footer.php
-rw-r--r--@  1 ambiguous  staff    403 11 Aug  2008 admin-functions.php
-rw-r--r--@  1 ambiguous  staff   5357 27 May  2010 admin-header.php
-rw-r--r--@  1 ambiguous  staff    592  5 Mar  2009 admin-post.php
-rw-r--r--@  1 ambiguous  staff   6086 12 Jul  2010 admin.php
-rw-r--r--@  1 ambiguous  staff   2281 23 May  2010 async-upload.php
-rw-r--r--@  1 ambiguous  staff   8831  3 Jun  2010 comment.php
drwxr-xr-x@ 64 ambiguous  staff   2176 29 Dec 21:15 css
-rw-r--r--@  1 ambiguous  staff  12816 11 Jun  2010 custom-background.php

where you can see the extended attribute indicator against the files and directory. By executing the xattr delete recursively with the -r option we can remove the attribute from all the files and sub-directories in a recursive manner.

ambiguous$ xattr -d -r com.apple.quarantine wp-admin
ambiguous$ ls -l wp-admin
total 1888
-rw-r--r--   1 ambiguous  staff  47460 25 Jul  2010 admin-ajax.php
-rw-r--r--   1 ambiguous  staff   1341 25 Apr  2010 admin-footer.php
-rw-r--r--   1 ambiguous  staff    403 11 Aug  2008 admin-functions.php
-rw-r--r--   1 ambiguous  staff   5357 27 May  2010 admin-header.php
-rw-r--r--   1 ambiguous  staff    592  5 Mar  2009 admin-post.php
-rw-r--r--   1 ambiguous  staff   6086 12 Jul  2010 admin.php
-rw-r--r--   1 ambiguous  staff   2281 23 May  2010 async-upload.php
-rw-r--r--   1 ambiguous  staff   8831  3 Jun  2010 comment.php
drwxr-xr-x  64 ambiguous  staff   2176 29 Dec 21:15 css
-rw-r--r--   1 ambiguous  staff  12816 11 Jun  2010 custom-background.php

As you can now see the extended attribute indicator has gone and the files and directories are now out of quarantine.

You might be quite happy to just apply this command in a Terminal window, but for added convenience it can be made into a service. So the final piece of the puzzle is to insert the following code block into an Automator service definition (see the Clean Directory Compress service post for the process to follow and/or read the Automator Help and Documentation) and you can easily recursively remove a directory and it’s content from quarantine in the Finder.

for f in "$@"
do
    path=`dirname $f`
    dir=`basename $f`
    cd $path
    if [[ -d "$dir" ]]; then
        xattr -d -r com.apple.quarantine ${dir}
    fi
done

Hope that helps to make your development process just a little bit easier.