Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Seems like part of the problem is that the author wants to both bootstrap homebrew, without users knowing the command line?

In which case, they should do the same thing other platforms do: user scripts.

Much like bat files on windows, macOS allows writing AppleScript which would sidestep their issues completely, or command files for shell scripts.

Otherwise they don’t need to sign command line tools. macOS doesn’t block tools run in the terminal to the best of my knowledge.

If they want to make an app, that also doubles as a command line tool, it’s pretty simple as well. You can check for command line options when running the main executable. I’ve done this several times. Apps aren’t magic.

They can self sign that app, and their end users can bypass the unknown developer warning, or just launch the command line part.

But again, just use AppleScript or command files.



> Otherwise they don’t need to sign command line tools. macOS doesn’t block tools run in the terminal to the best of my knowledge.

This is incorrect. You do need to sign command-line tools as otherwise they are blocked from running even in a terminal, at least on Apple Silicon.


I believe you just need to remove the quarantine bit. I’ve definitely been distributing unsigned utility CLI tools to people on macOS 14. They’re built via CMake and so there’s no implicit signing.

xattr -d com.apple.quarantine Foo

The author of the post even mentions this BUT they’re operating in a very weird space where they want to make a command line tool but don’t want people to use a terminal to access it.

To me it’s a nonsensical issue. I suspect the author got flustered with a set of ideals and didn’t take the necessary step back to reevaluate their situation




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: