.dmg with symlinks to /Library/Audio/Plug-Ins/

It looks like appdmg (a wrapper for hdiutil) is already specifying HFS+, so I’ve been using that all along.

BUT you found something interesting — when a component from outside the dmg is dragged to the symlink it works and I get the authentication popup!

But when the component is inside the dmg, still no luck…

This gives me a lead though, as I’ve been obsessing over the symlink and looks like it’s never been the issue.

I tested this by dragging the readme.txt file that I included in the .dmg Volume, directly onto the Folder symlink named “Components”, so I don’t think that’s quite an accurate assessment, yet …

BTW, ‘man hdiutil’ is your friend - seems it might be related to the filesystem type of your test machine:

     Some filesystems support permissions including users and groups.  While important for security on a managed filesystem, users and groups ("owners") pose challenges for unmanaged, shared filesystems such as
     those typically present in disk images.  macOS's solution to this problem is to make owners optional, both while creating files and enforcing permissions.

     By default, unknown HFS+ filesystems on "external" devices (including disk images) mount with their owners ignored (mount -o noowners).  Normally when owners are ignored, the system uses a special _unknown
     user and group to dynamically substitute the current user's identity for any owners recorded in the filesystem.  These _unknown owners are even written to the volume when creating new files.  The new files
     will continue to have "floating" ownership when mounted with owners honored.  The net result is that shared volumes behave as expected regardless of how they are accessed.

     The behavior is different when disk images are attached.  With disk images, the owner of all files in a filesystem mount for which owners are ignored is the user attaching the disk image.  The attaching owner
     is also used when creating new files.

     On modern macOS systems, root (UID 0) can "see through" the "owners ignored" user mappings.  Thus
           sudo ls -l /Volumes/imageVol
     will show whatever is really stored in the filesystem (possibly _unknown) regardless of whether owners are currently being honored on that volume.  In contrast, non-root users will see themselves any time
     _unknown is in effect, whether the default for the mount when owners are ignored or because _unknown is stored on disk.  For disk images, non-root users will see owners matching the user that attached the disk

     Unlike owners, permissions are never optional.  A non-writable file will not be writable just because owners are ignored.  However, a file that is writable by its owner will be writable by everyone if _unknown
     is the effective owner of the file for that file.  Because anyone accessing an owners-ignored file is treated as the owner, everyone is effectively the owner.  Because the default behavior for disk image
     filesystems is for all files to be owned by the user attaching the disk image, other users will be treated per the 'group' (if applicable) and 'other' permission modes.

     diskutil(8)'s enableOwnership or the Finder's Get Info window can be used to configure a system to respect the on-disk owners for a filesystem in the future.

testImage.zip (3.3 KB)

Ok, I can confirm the readme.txt can’t drop onto the components symlink.

I’m on an M1 macOS 12.4 Monterey and have had this behavior confirmed by a beta tester on M1 macOS 12 as well as an old mbp 2015 on the same.

Okay - a weird finding. If I DOWNLOAD the .dmg file, somehow MacOS notices and doesn’t let me drag the included readme.txt file into the Components symlink - reproducing your circumstances.

If I merely copy the .dmg file (USB Stick) to another Mac - i.e. it was not Downloaded, rather just copied with the Finder - then I can copy the readme.txt file into the Components symlink.

Try this - make your own .dmg with the commands listed above, then try the test. Then, use the one I attached to this forum (download it) and notice the difference.

The plot thickens …

1 Like

Its the quarantine bit:

/dev/disk4s1 on /Volumes/TestImage (hfs, local, nodev, nosuid, read-only, noowners, mounted by aa_jv)
/dev/disk5s1 on /Volumes/TestImage 1 (hfs, local, nodev, nosuid, read-only, noowners, quarantine, mounted by aa_jv)

“TestImage 1” is the Downloaded .dmg, “TestImage” is the one I created.

So, quarantine bit … how to disable …

xattr -d com.apple.quarantine testImage.dmg

… works.

But, how to do this for all users?

Yeah, I chased down the quarantine stuff a bit already (been at this for a day or so). The macOS dmg here is notarized but still fails. I’ve tried explicitly signing the dmg (which shouldn’t be necessary) and different combos of code signing and notarization.

The last thing I was investigating yesterday was the more obscure extended attributes I was seeing, such as com.apple.macl stuff — something something registering user intent.

(Following up with more info as I find it …)

Okay, seems like the .dmg files have to be blessed (EDIT: Scratch that, seems like they need to be in UDZO format):


Also tried this and the RW formats…

Here’s a testImageUDZO to test as a Downloaded .dmg file:

testImageUDZO.zip (5.5 KB)

I guess it not only has to be UDZO format, but also notarized/codesigned …

@sudara See details here:


Yeah, I’ve gone through this round of googling already :slight_smile: it’s good to have someone to sanity check and double check though! UDZO isn’t happy either, even when notarized, you can try here

Hmm, haven’t tried this on the dmg, though:

If you’re signing non-bundled code, set the code signing identifier by adding -i BBB , where BBB is the bundle ID the code would have if it had a bundle ID. For example, if you have an app whose bundle ID is com.example.flying-animals that has a nested command-line tool called pig-jato , the bundle ID for that tool would logically be com.example.flying-animals.pig-jato , and that’s a perfectly fine value to use for BBB .

Okay, I just codesigne’d the .dmg with my Apple Developer Distribution ID, and the quarantine bit was gone after a download. Maybe you should double-check the codesigning ID you’re using?

I get a malware warning (codesigned with no notarization) and still no drop ability there… I’m going to look into the fake bundle id…

Yeah, I guess that was only valid on my local machine, removed …

Either way I think you’re close. :slight_smile: I eagerly await your solution to the problem, first beers on me …

Heh, close… to giving up! Trying the fake bundle id now (spoiler: it failed)

I submitted a TSI to Apple. Thanks for pairing on double checking everything!

I received some fantastic support from Apple. +1 for using an apple developer technical support incident if you ever get stuck on something apple-y system-y like this.

Short story: It’s not possible and unlikely to be fixed.

Long story:

It’s due to quarantine behavior (as we already knew). After customizing and enabling private data around the logging, the Apple rep was able to see the following:

type: error
time: 05:24:58.704737-0700
process: Finder
subsystem: com.apple.syspolicy
category: default
message: Drag to alias/symlink /Volumes/QDiskImage/Components, which targets /Library/Audio/Plug-Ins/Components, is disallowed by system policy

Due to prior attacks in the past, Apple consults their “system policy module” when a file is dropped on a quarantined symlink. In the case we care about (plugin paths), the policy module has denies the request, because the plugin paths are not on the allowlist.

These folders are currently on the allowlist, in both / and ~ forms:

  • Applications
  • Applications/Utilities
  • Desktop
  • Library/QuickLook
  • Library/Screen Savers
  • Library/PreferencePanes
  • Library/CloudStorage/iCloud Drive/Desktop

I noted that it’s strange that I can have a notarized pkg installer that dumps all sorts of stuff everywhere — but a notarized dmg can’t do a drag and drop, even on user authentication. It sounds like despite the symlink’s behavior being altered by quarantine, Gatekeeper isn’t being consulted at all (even though it should be, that’s the entire point of notarization and user authentication).

I also noted that possible to drag a file outside of the dmg to the “disallowed” target — the policy only applies to other quarantined files being dropped on the symlink.

So at the end of the day, it is what it feels like: An edge case Apple put in to prevent a specific type of attack, inconsistent with the notarization mental model, unlikely to be fixed.


Wow. Strange days indeed. A very common user experience is on its way out …

So, .pkg it is then?