Gatekeeper preventing from opening files from Finder (launching apps is fine)
Here's what's happening (in Sierra, 10.12.5)
- try to launch a non-application file which ISN'T a bundle (e.g. pdf, png -- numbers bundles will be fine) -- by double-clicking, or using open in the Terminal
- A dialog is prevent with "FILENAME" is damaged and can't be opened. You should move it to the Trash.
What I've tried:
- safe mode
- running as a separate user
What I've discovered:
- It's definitely related to gatekeeper: Turning gatekeeper off with
sudo spctl --master-disable
makes these images launchable. - Something is wrong with spctl the underlying command line utility which manages security policies. See below.
Problem with spctl:
If you run a basic command like spctl --assess -vvv --raw /bin/ls
it replies with One or more parameters passed to a function were not valid.
(I tried this as it is a diagnostic step in an old but closely related fix.
However running this same command with gatekeeper off gives the correct result. I've also tried to restore the SystemPolicy db from the original by:
-
sudo spctl --master-disable
turning gatekeeper off -
sudo cp -p /var/db/.SystemPolicy-default /var/db/SystemPolicy
copying the system policy -
sudo chmod u+w /var/db/SystemPolicy
fix perms - restart the computer
-
sudo spctl --master-enable
turning gatekeeper back on
But this hasn't helped (but in fact I don't think the SystemPolicy db has reverted back to the defaults -- it seems to grow massively in size (or possibly just revert back to the previous db) when I turn gatekeeper back on.
Any thoughts?
Just experienced a similar issue on a 10.13 system after having migrated it from a 10.12 system -- turns out /var/db/gkopaque.bundle
wasn't valid, so I copied that from a good 10.13 system (by making a tarball as root on the good system, extracting it as root on the destination system), restarting (the system or killing syspolicyd), and that fixed the issue.
As others have said, replacing /var/db/gkopaque.bundle
worked for me. In my case I pulled it from a Time Machine backup by:
- Running:
$ defaults write com.apple.finder AppleShowAllFiles TRUE
- Relaunching the Finder (command + option + escape)
- Navigating to
/var/db/
- Entering the Time Machine and navigating to an older version of
gkopaque.bundle
and clicking restore - Exiting the Time Machine
- Rebooting
- Running (to confirm):
$ spctl --assess -vvv --raw /bin/ls
- Running:
defaults write com.apple.finder AppleShowAllFiles FALSE
- Relaunching the Finder (command + option + escape)