[OpenAFS-port-darwin] Gatekeeper and OpenAFS

D Brashear shadow@gmail.com
Thu, 25 Sep 2014 12:13:00 -0400 

--001a11c2eea61259cd0503e61345
Content-Type: text/plain; charset=UTF-8

rdar://15927187 gatekeeper quarantine is broken on filesystems where xattr
is emulated

On Thu, Sep 25, 2014 at 11:51 AM, Jeffrey Altman <
jaltman@secure-endpoints.com> wrote:

> On 9/25/2014 11:45 AM, Matt Haught wrote:
> > I am wondering if anyone else using 10.9.5 and openafs has had
> > problems with files claiming to be damaged when trying to open them
> > from their afs space in Finder.  A file will open the first time and
> > then fail the second with the file corrupted error. It happened
> > sporadically until the latest release where it occurred with ease.
> >
> > OSX creates a resource fork file starting with ._ for files. When we
> > get this error, deleting the corresponding ._filename.ext from the
> > Terminal will allow the file to be opened once again from Finder, only
> > to fail the next time.
> >
> > The only way I have figured out how to get around this is to switch
> > the gatekeeper Security preferences for "Allow apps downloaded from:"
> > to "Anywhere" ( spctl --master-disable ).
> >
> > Anyone else seeing this? Know why this is occurring?
> >
> > Thanks,
> > Matt Haught
> > North Carolina State University
>
>
> Matt,
>
> This is an Apple bug.  AFS does not support extended attributes.  OSX
> supports extended attributes in file systems that do not have native
> support via use of the dot-underscore files but OSX does not trust the
> dot-underscore files for security information.
>
> Jeffrey Altman
>
>
>


-- 
D

--001a11c2eea61259cd0503e61345
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">rdar://15927187 gatekeeper quarantine is broken on filesys=
tems where xattr is emulated<div><div class=3D"gmail_extra"><br><div class=
=3D"gmail_quote">On Thu, Sep 25, 2014 at 11:51 AM, Jeffrey Altman <span dir=
=3D"ltr">&lt;<a href=3D"mailto:jaltman@secure-endpoints.com" target=3D"_bla=
nk">jaltman@secure-endpoints.com</a>&gt;</span> wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex"><span>On 9/25/2014 11:45 AM, Matt Haught w=
rote:<br>
&gt; I am wondering if anyone else using 10.9.5 and openafs has had<br>
&gt; problems with files claiming to be damaged when trying to open them<br=
>
&gt; from their afs space in Finder.=C2=A0 A file will open the first time =
and<br>
&gt; then fail the second with the file corrupted error. It happened<br>
&gt; sporadically until the latest release where it occurred with ease.<br>
&gt;<br>
&gt; OSX creates a resource fork file starting with ._ for files. When we<b=
r>
&gt; get this error, deleting the corresponding ._filename.ext from the<br>
&gt; Terminal will allow the file to be opened once again from Finder, only=
<br>
&gt; to fail the next time.<br>
&gt;<br>
&gt; The only way I have figured out how to get around this is to switch<br=
>
&gt; the gatekeeper Security preferences for &quot;Allow apps downloaded fr=
om:&quot;<br>
&gt; to &quot;Anywhere&quot; ( spctl --master-disable ).<br>
&gt;<br>
&gt; Anyone else seeing this? Know why this is occurring?<br>
&gt;<br>
&gt; Thanks,<br>
&gt; Matt Haught<br>
&gt; North Carolina State University<br>
<br>
<br>
</span>Matt,<br>
<br>
This is an Apple bug.=C2=A0 AFS does not support extended attributes.=C2=A0=
 OSX<br>
supports extended attributes in file systems that do not have native<br>
support via use of the dot-underscore files but OSX does not trust the<br>
dot-underscore files for security information.<br>
<span><font color=3D"#888888"><br>
Jeffrey Altman<br>
<br>
<br>
</font></span></blockquote></div><br><br clear=3D"all"><br>-- <br><div dir=
=3D"ltr">D</div>
</div></div></div>

--001a11c2eea61259cd0503e61345--