November 20, 2017
macOS High Sierra Gatekeeper malfunction and repair
I'm posting this so that google will find it in case anybody runs into this issue:
I installed macOS 10.13 fresh on a laptop, then migrated my 10.12 system (which had been updated from a 10.10 install previously) using the migration assistant to the new computer. Everything was great, except when I tried to mount downloaded .dmg files, I would get this:
"(disk image name)" is damaged and can't be opened. You should move it to the Trash.
My immediate response was: noooo what happened to our build process? Then I realized it was just this computer.
I found this article, tried using "sudo spctl --disable-master", which was a workaround, so apparently it was GateKeeper. I also tried replacing /var/db/SystemPolicy as described, with no luck.
After some hours of debugging I found that /var/db/gkopaque.bundle was invalid, and by replacing it with the contents of a working system's copy, and executing "sudo killall syspolicyd", the issue was resolved.
There you go. Also: apple -- Migration Assistant maybe should correctly copy that? Or the code that reads the gkopaque.bundle sqlite database in Security.framework should at least gracefully handle the error, rather than throwing an exception which causes assessments to all fail with an error?
Oh also I tweeted with more detail during the last part of this, but not really worth reading.
Not Vampires - 1 -- [4:59]
Not Vampires - 2 -- [4:27]
Not Vampires - 3 -- [8:17]
Not Vampires - 4 -- [5:40]
Not Vampires - 5 -- [8:25]
Not Vampires - 6 -- [5:38]
Not Vampires - 7 -- [5:25]
Not Vampires - 8 -- [6:03]
Not Vampires - 9 -- [5:23]
Not Vampires - 10 -- [3:59]
Not Vampires - 11 -- [4:06]
Not Vampires - 12 -- [13:26]
Not Vampires - 13 -- [5:02]
Not Vampires - 14 -- [5:49]
Not Vampires - 15 -- [10:39]
Not Vampires - 16 -- [2:30]
Not Vampires - 17 -- [5:06]