Corrupt Installer for Mac (version 2.3.1 macOS 10.12+ (x86_64))

Tags: #<Tag:0x00007f820bfa12b8>

Afternoon all,
I’ve downloaded the latest version for Mac several times, and each time it’s showing as corrupt when I run it for the first time.

Screenshot: https://p181.p1.n0.cdn.getcloudapp.com/items/geu2np4Z/Image%202020-04-05%20at%206.16.58%20pm.png?v=75988b39697fe0a3a7de18576e5ca22f

I’ve subsequently installed the previous version too, and that works fine. Any ideas?
(I’m running High Sierra 10.13.6)

Also, and in case anyone with SuperPowers is reading, the EU download mirrors are not responding :frowning:

There seems to be something odd with how macOS 10.13 launches the app, but we have not yet figured out what it is. There is a ticket to track this at

Unfortunately I don’t have access to macOS 10.13 and can only test on 10.12 and 10.15 myself. I have one idea left on what is happening (could be that macOS 10.13 sets the working directory differently when launching apps). I will make a test build available, just takes me a while. It would be great if you could test it.

2 Likes

I have created a test build with a change on how the working directory is handled. Could you test whether the following app works for you?

https://s3.eu-central-1.amazonaws.com/artifacts.picard.uploadedlobster.com/MusicBrainz-Picard-2.3.2.dev1%2B46.c38b7339.20200407092920.dmg

Thanks a lot for your help.

2 Likes

Hi,

I’ve just joined this forum to say that I’ve just bumped into this problem as well.

I downloaded the test build (linked above) and sadly it also fails to launch with the OS claiming the app is corrupt.

However, launching the app directly off the mounted disc image (.dmg) - the app (both final 2.3.1 and test build) appear to function. Drag the app from the disc image to the Applications folder (to ‘install’) and launching then fails (claiming it’s corrupt).

I haven’t tried to do anything with this app yet, as I immediately came here searching for a possible solution.

The app will not launch from macOS 10.13.6 Applications folder, however on a newer MacBook Pro running 10.14.6 it launches as expected (from the Applications folder).

Hopefully that made some sort of sense!

Cheers!

Thanks a lot for testing this. Unfortunately I personally don’t know what to do about this. I have run out of ideas on what to try, and I personally can only test on macOS 10.12 and 10.15, and it works fine on both systems. If someone has the necessary skills and environment to debug this on macOS 10.13 I would be really glad to get some help here.

1 Like

I just bumped into this problem as well trying to install the new version 2.3.2 on macOS 10.12.6 when trying to open the app from my applications folder. Not sure if this is the right place for this but it seems to be the most recent posting on this issue… I tried the other installer you suggested in this thread and it still gives me the same “MusicBrainz Picard” is damaged and can’t be opened. You should move it to the Trash. I’ve read that this problem has been fixed on macOS 10.12 so I’m not sure what I’m doing wrong. Any insight would be greatly appreciated.

Thanks!

1 Like

I can confirm the same issue appears on 10.13 and 10.15 (Catalina).
Besides I am having very frequent crashes with indexes out of range when loading files to be tagged

1 Like

I had the same problem - MusicBrainz Picard is damaged and can’t be opened - but I managed to get 2.3.2 running on macOS 10.13.6 by doing the following - don’t do this if you aren’t confident in using the command line:

  1. From the dmg, copy the app to the Applications folder
  2. Launch Terminal
  3. Type the following command: xattr -cr /Applications/‘MusicBrainz Picard.app’
    (note the single quotes around the filename because the filename contains a space)
    (if done correctly there should be no error in Terminal)
  4. Double-click on Picard in the Applications folder

I don’t often use Terminal so I’m not well versed in it but apparently using the ‘xattr’ removes extended attributes from the file on the Mac. I don’t know what the consequences are but Picard seems to run fine (at least I haven’t run into any issues yet). I’ve not used Picard before so I’m finding my way around now that I can run it.

Here’s a link to the article which gave me the insight - https://osxdaily.com/2019/02/13/fix-app-damaged-cant-be-opened-trash-error-mac/

I hope it helps someone.

Cheers

1 Like

Sounds to me like the app has not been codesigned properly therefore Gatekeeper has added a quarantine flag to the extended attributes. It’s Apples security to prevent people from installing an application from an unknown developer, in other words a random application downloaded from the web.

@Freso Whoever develops the Picard application needs an Apple Developer Certificate and to then properly codesign the app before it’s uploaded for users to download. I suspect it was an honest mistake and it was forgotten in the rush to get a release out. :wink:

You can use the above xattr -cr command as @SmileyMiley kindly posted above which clears the quarantine flag and recursively clears the flag from all files within the app.

Please read through the following carefully and take your time. As long as you stick to my instructions you will be fine. Hopefully most of you will only have the de-quarantine to deal with. Those on Mojave upwards will have extra steps to take.

Note there is nothing that can cause any harm here as there is no sudo command or entering of any passwords as long you are ether logged in as administrator or have admin privileges. Even if the sudo command was required and entering a password there is still no harm as this is very basic stuff.

To de-quarantine an application launch Terminal which can be found in your Utilities folder.
In Terminal,
Type: xattr -cr
Press space:
Drag and drop the app into the terminal window after the space. This will automatically insert the file path and is simplest method. The above posted if manually typed, /Applications/‘MusicBrainz Picard.app will not work because there is a space in-between MusicBrainz and Picard, it would require a backslash \ in that space. Trust me, just drag and drop and let terminal do the work for you.
Press Return:

You may then have to codesign the application especially if running Mojave and above where notarization comes into play. For this it requires you to install the Apple Command Line Tools which you will be asked to install if not already installed. This may require you to enter your admin password which when asked you will not see as you type in the terminal so you type it blind (no worries with someone looking over your shoulder). Once you have typed the password to install the tools hit return and wait for it to complete

Or you can install them beforehand as follows:

In Terminal,
Type: xcode-select --install
Press Return:

You can now codesign the app.
Type: codesign -f -s - --deep
Press Space:
Drag and drop the app into the terminal window
Press Return:

Quit terminal and launch app. Everything should work fine now.

If running Catalina then there are even more security restrictions in place so you may have to temporarily disable System Integrity Protection (SIP) first.

https://macreports.com/how-to-disable-and-enable-system-integrity-protection-on-mac/

Don’t ask me anything about Windows. :laughing:

The app gets code signed and notarized by apple. I already experimented with different variations of the code signing, see the ticket linked above.

As written above my main issue with this is that I can test on macOS 10.12 and 10.15 only. I really have no idea why 10.13 misbehaves. So if somebody has the technical knowledge to figure out exactly what is causing the above on 10.13 and what needs to be changed with the package any help is highly appreciated.

Removing the extended attributes might be a clue. Maybe some specific attribute is set on some file that macOS 10.13 has trouble with. Maybe we should try removing all attributes before code signing. I can provide a test build with this.

2 Likes

Maybe we need to narrow down with which version this starts to break and see which changes had been introduced in that version. So far I have reportes that 2.1.3 works fine and 2.3.0 and later cause problems (mainly on macOS 10.13, probably not for everyone). There have been 4 other releases in between, could someone test if these work?

The following changes might affect the macOS app:

Picard 2.2 (2019-09-14)

  • CFBundleIdentifier changed from “org.musicbrainz.picard” to “org.musicbrainz.Picard”

Picard 2.2.1 (2019-09-20)

  • Set LSMinimumSystemVersion to “10.12”

Picard 2.2.1 (2019-09-20)

  • No packaging changes

Picard 2.2.2 (2019-10-08)

  • Set DYLD_FALLBACK_LIBRARY_PATH for properly loading discid.dylib earlier on app start
  • Include compiled astrcmp module

Picard 2.2.3 (2019-11-06)

  • No packaging changes

Picard 2.3

  • New build system using Github Actions
  • Upgrade to PyInstaller 3.6
  • Enable macOS hardened runtime
  • Notarize app
  • Register Picard for supported file types by setting CFBundleDocumentTypes
  • Set LSApplicationCategoryType

Another thing to consider: We had reports of users claiming their antivirus software interfered with the app launch. Maybe check if you have something like this running.

2 Likes

Mmm very odd. I’m running Picard Version 2.3.2 on High Sierra 10.13.6 and have never had any issues but I do run SIP without the Kext or File System Protection.

csrutil enable --without kext --without fs

More Info: https://eclecticlight.co/2017/04/28/sierras-system-integrity-protection-sip-beyond-root/

I highly recommend the above site for anything Apple and it has some great info on all of Apples security policies and problems.

To check the status of an app to see if it’s allowed to run which may also give some clues to why it wont run.
Type: spctl -a
Press Space:
Drag and drop the app into the terminal window
Press Return:

Do you know if the main executable and all the contents where signed. I don’t run antivirus accept for the XProtect part of Gatekeeper. Way to many false positives with anti virus software and they hog computer resources. Malware (including adware, ransamware) can be a problem for Mac’s but not a true Virus but you do help PC users if sharing files. Malwarebyes is the only software I would recommend or any products from objective-see. Most anti virus software’s do more harm than good. OSX is pretty good at looking after itself.

The thing with Gatekeeper is that it records everything you download, which browser used, site URL and time of download. This all gets listed as extended attributes metadata. Nice for forensics :wink:

https://eclecticlight.co/2017/08/14/show-me-your-metadata-extended-attributes-in-macos-sierra/

Apple is the problem because they keep introducing all this security nonsense which IMO is mostly not about security and more about making things difficult to drive developers towards the MAS where they profit. I wont install anything from MAS on principle plus I block all connections to Apples servers. I’m not interested in MAS or Cloud stuff. They can spy and data collect from somebody else thank you very much.

An alternative to the above xattr -cr is xattr -rd which recursively deletes the attributes instead of clear.

I would test the software myself but my system is highly customized and locked down. It would mean me installing Virtual systems and I only have a a laptop with limited resources these days. Application is damaged is definitely a Gatekeeper issue and the quarantine flag. Once it has done it’s scan, set the quarantine flag and giving the user the warning, there is no going back until either that flag is removed or Gatekeeper is disabled and fresh copy of the app is downloaded to install.

If users want to temporally disable Gatekeeper to install and allow downloads from anywhere. Then launch the app once.
Type: sudo spctl --master-disable
Press Return:
Enter your password, The cursor will not move and there will be no feedback.
Press Return:

To then re-enable after the initial launch,
Type: sudo spctl --master-enable
Press Return: