Using Unsigned Max Externals on Mac OS 10.15 (Catalina)
The release of Mac OS 10.15 (aka Catalina) has brought increased security settings that may prevent the loading of unsigned 3rd party externals. On Mac OS 10.15, when a file like this is downloaded from the web, it is marked with com.apple.quarantine via extended file attributes (xattrs), which then prevents loading in Max. The longer term solution will be for third party developers to sign their externals, however there are many safe-to-use externals that are no longer in active development, but still relied on by many. In the meantime, there are several workarounds that can be used. All of these options involve bypassing Apple’s security infrastructure, so make sure you have downloaded the externals from a trusted source.
The current best option is to run Terminal’s ‘xattr’ utility using the ‘-d’ option to remove the ‘com.apple.quarantine’ xattr entirely. Open the Terminal utility and type:xattr -d com.apple.quarantine [path/to/extern.mxo]
If you have a number of externals that you wish to perform this on, you can use the ‘-r’ option to the xattr command, which acts recursively on a directory or bundle. Open the Terminal utility and type:xattr -d -r com.apple.quarantine [path/to/extern/directory]
In an upcoming version of Max, we hope to add better notification when the com.apple.quarantine xattr is present on a file that Max attempts to load, and will be exploring other options for improvements in this area.
Please note that the "right-click" to overcome Gatekeeper no longer appears to work on 10.15+.
by Ben Bracken on December 16, 2019
This is not working I've tried several times and still have program error thtis is the error list, what can I do?
Has anyone had this work on their Catalina machines? It hasn't worked on mine either. Thank you.
Open the Terminal utility and type:
sudo xattr -rd com.apple.quarantine / Your software path.app(You can pull the mxo. file into the terminal )
xattr: /Users/josemanuelberenguer/Documents/Max 8/Library/iCube_Max-410_macos: No such xattr: com.apple.quarantine
Pulling the .mxo file into the terminal itself did the trick, thank you!
How do I pull the .mxo file into the terminal? Thanks!!
Drag the object into the terminal window. It will show you the right path.
Thanks a lot MP the thingis that I can’t find the object or .mxo file in my Mac anywhere. I had already deactivated the quarantine in my Macbook and the Max 8 app is opening fine, but when I try to open it in Ableton through Preferences->File/Folder->Max app my Ableton closes/crashes instantly. I don’t know if it’s still because of Catalina
Hello... I've sucessfully used the xattr -d and xattr -d -r commands to cancel the quarantine flag of some third party externals or folders. Nevertheless, some of them (as "shell" external, revised some years ago by Jeremy Bernstein) resists this command and max refuses to load them due to security policy. This is because I tried xatter -c. It works when Max is open during the execution on the terminal. If max is closed, when opening it after the execution of the command, max doesn't accept to instantiate shell. The quarantine atribute seems hasn't been completely removed.
Any Ideas about what to do in such cases? Many thanks!
All the best
José Manuel Berenguer
After trying individual to remove the quarantine on individual files I took the nuclear option. This cleared up everything for me:
sudo xattr -rd com.apple.quarantine /Applications/Max.app/ContentsMany thanks ... Tried it. Unfortunately it does not apply to "shell" in my system ....
Bummer. I'd experiment with running the command on increasingly higher directories containing those files.
you have to run that command on the directory where your shell external is stored. shell is not a factory external, and therefore won't be in the Max app, but in some other directory in your Max search path.
Max 8.1.2 was working fine. I just updated to 8.1.3 and now I'm getting a bunch of errors (see attached). If this was a catalina issue, shouldn't I have seen this issue with 8.1.2 as well?
I tried the nuclear option as described above and that worked for me as well.
I have tried everything now but it does not work there is someone who can explain to me exactly which commands I have to execute in the terminal of Catalina
in terminal type:com.apple.quarantine
sudo xattr -rd com.apple.quarantine add space at the end !
drop directory to remove
hit enter, type admin password, enter.
or type :
sudo xattr -rd com.apple.quarantine ~/
hit enter, type admin password, enter.
that would wipe all com.apple.quarantine xattributes in the current user directory.
----------
there is nothing wrong removing ALL xattributes from the user directory
sudo xattr -cr ~/
----
Permanent freedom from apple restrictions would be to
deactivate SIP and disable gatekeeper all together
and finally stop updating system if it's not really necessary.
My experience is similar to Source Audio's. But I don't clear all xattr for the home directory, only the files/folders that I need... For instance, an AU or VST plugin that hasn't been updated residing in /Library/Audio/Plugins...
sudo xattr -cr "and drop the offending folder/file"
It clears all xattributes recursively and usually works.
I also disable SIP (System Integrity Protection). I'm still on Mojave (and for the foreseeable future).
I understand the need for security but Apple's tendency lately in this regard has been too much...
I would advise against running the command on everything in your user (~/) directory. These security measures are in place for a reason. I agree with Pedro to only perform this action against files and directories that need it.
Dietmar, can you share screenshots or log messages so we can help?
Thank you for your answer, yes I cannot work with the patch because Catalina's security settings do not allow it. I have MacOS Catalina version 10.15.3
Thank´s for support
One of these two commands should work for you depending on where you installed Max:
sudo xattr -rd com.apple.quarantine /Applications/Max.app/sudo xattr -rd com.apple.quarantine ~/Applications/Max.app/Can you run both of them in the terminal and share the output?
there should be absolutely no need to run xattr on the Max app itself. instead you should run xattr on the folder that contains the 3rd party externals that you are trying to load. if it's a package, especially one that contains support libraries, run it on the entire package folder.
If you've put the orchidea in the Packages folder, it should be something like this:sudo xattr -cr /Users/"You"/Documents/Max\ 8/Packages/orchidea
Thank you for your support but I solved the problem. I had an apple antivirus scanner that I deleted, everything works fine now. Maybe this is also a possible solution for all who have similar problems)
I'm getting the same issues and nothing here is working for me. Any other ideas?
After running the various fixes this is the error message I get
where did you get that sigmund~ object ?
64 bit ?
It seems to me that your sigmund~object does not match your Max version. I Belice this has nothing to do with Catalina Security policies.
That might be the issue, it worked for my professor who is still on 8.1.0, and I'm on 8.1.3. Is there a way to "revert" back to an earlier version of Max to see if that would work?
You can have all max versions , just download older one and
rename it like Max808.app
But I don't think there is difference between max 8.1.3 and 8.1.0 ...
Anyway make sure to download 64 bit version
https://github.com/v7b1/sigmund_64bit-version/releases
Hi. I am having the same problem with the latest version of fiddle from here (https://github.com/v7b1/fiddle_64bit_version/releases). It was working all fine on Catalina until I upgraded to Max 8.1.3. I have tried everything including going back to 8.1.2 but no luck. It seems to be a real issue for many Max users using "unsigned" externals. Any help appreciated.
Hi there,
I still cannot run a basic external (RTC library)... I've tryied everything you've mentioned without results... can anyone give me a help? :)
OK I think Cycling needs to do something about this as a lot of us are basically stuck. Cycling 74 please help.
I have tried the different solutions but none work yet
I anyone can help me ? Thanks laurent
FWIW, I'm getting this error on jit.gl.syphon after a fresh update in the Package Manager and I'm NOT running Catalina, but 10.14.6 Mojave. Max 8.1.3.
Quick followup: turned out Max didn't yet have access to the camera in the Security: Privacy settings. Once I instantiated a jit.grab and gave it permission, jit.gl.syphonserver was also able to instantiate.
With Max 8.1.3 it's helpful that the name of the external causing the error is printed in the console. I do wish it showed the full path to the external though. That would be similar to the "you have multiple files in your search path" conflict messages that include full path names.
(I had installed some externals for both Max 7 and Max 8 and initially removed the com.apple.quarantine xattr from the ones being read in the Max 7 path, which, as you might suppose, did not improve life when using Max 8.)
Thank you!!!! A space!!
Hey All,
I encountered the same problem as JOSÉ MANUEL BERENGUER with the Shell object in max8.1.3 after the Catalina update.
JOSÉ MANUEL BERENGUER: did you find a solution to the problem?
Dear Fabrizio Saiu : No. I didn't. I was considering try with Node.js. The problem is that with Node.js any code will only work in Max 8...
Thanks José!
I downgraded to high Sierra...
But, be careful!
You must absolutely avoid installing this update because the external ones will be blocked again.
This is really annoying. None of the above mentioned workarounds functions ....
I was having this issue when I was using my Documents directory which I have syncing to iCloud. When I made a new directory outside of Documents and pointed my File Preferences to the new directory, everything worked just fine.
Be careful if you directly copy projects or mxo builds over from the Documents folder though because it may still not work then.
hey guys,
im having issues installing this object https://jmpelletier.com/freenect/I have tried all the above but doesnt work ,
please help
that external is 32 bit only.
You can read that from the error:
wrong architecture
there seem to be 64 bit version of it here :
https://github.com/brianchasalow/jit.freenect.grab-64-bit/releases
Thanks, Source Audio, I am new to MAX, and could anyone help me with theinstallation of this external object into max 8 ? I am not sure should I download all 3 or just the top one ? and which folder they need to be placed?
if you download that top one and extract it, you'll get external.
You can place it anywhere in Max search path,
but maybe best place would be to replace 32 bit external
at it's location.
From the screenshot it is in your Documents/Max 8/Library.
thank you Source Audio , do i still have to use sudo xattr ?? and which version of it is useful ?
It will not harm to remove any xattr from that external.
type xattr -cr (add space at the end) into terminal and drop it, hit enter.
Thank you so much for your amazing help Source Audio , I got it installed but the kinect is not showing , I think I need to use Kinect 360 rather than Kinect V2 ( Xbox One ) , Do you think is this the problem ?
I have no idea about that xbox devices, never used one.
the original page does not load here,
I get ns security errors when trying to load
http://jmpelletier.com/
So there is no info I could read about what device this external is supposed to support.
Search the forums and maybe follow this link.
https://cycling74.com/forums/max-and-kinect-resources/
----------
UPDATE :
check this forum, scroll to the end.
https://cycling74.com/forums/jit-freenect-grab-on-64-bit
Same Problem here with a new object shared in these days (cv.jit.rj.findcontours: cannot be loaded due to system security policy) - also after this --> sudo xattr -rd com.apple.quarantine /Users/STANISLAO/Documents/Max\ 8/Packages/cv.jit/externals/cv.jit.rj.findcontours.mxo
and requested password... Running sierra on Mac
Just saw this. wow! looking like I shouldn't upgrade! eek.
Just out of curiosity i tested that fincontours external
it is bogus itself.
Even on completely protection free system it won't load.
So don't bother trying.
whoever is programming it should fix it
Thanks @Source Audio, but are you sure? It seems that someone is using it...
@Source Audio can you write here your version of osx, we are working to fix this issue on cv.jit.rj.findcontours
the last compiled version for Sierra is https://github.com/esnho/cv.jit.rj.findcontours/releases
but we need some feedback.
@micron
in terminal type "sudo xattr -d com.apple.quarantine [path-to-external]"
but instead of typing your path in by hand, drag the external directly into the terminal window(just after the space you type which follows 'com.apple.quarantine')...this will insure you have the correct path, and then enter your admin password(for 'sudo' operations("super user do") requires admin level permission).
i just tried the above exact method on the .mxo zip download found here:
https://github.com/esnho/cv.jit.rj.findcontours/releases/tag/0
it works for me(alternately, when i first tried dragging the external onto Max icon to load it without removing quarantine, Max itself asked if i'd like it to try to remove the quarantine, i told it to 'proceed' and it worked... maybe something new as of Max8.1.7? but then after deleting the external,redownloading,reloading,etc. to check if i can reproduce the same success, MacOSX now intercepts before Max can even do anything and I have to use the terminal method again from now on 😂)
[Edit: the article said this wouldn't work, but i just upgraded to 10.15.7 and it does seem to work for me]
oh, i just found another way around this:
1) right-click on the external to choose from the contextual MacOSX/Finder menu to open with Max
2) (if this second step doesn't show the following window, try hitting 'cancel' and then repeating the first step, sometimes it rejects it, other times the following dialog shows)... click "Open" in the dialog that follows to confirm:
and from there(load a patch or create one that uses the external as normal), the external can be moved anywhere and it remains available for that system anytime you want to use it again afterwards without having to go through the process again.
@ MICRON
I run High Sierra 10.13.6, but - bare bones system on Hackintosh
with Chameleon boot loader
means 80 % of launch daemons are removed, system has no
protection, security , gate keeper, sandbox or anything else that might
prevent external from running.
i believe there are 2 distinct issues being discussed. the gatekeeper issues are separate from the issue Micron had with the external not loading on earlier versions of the macOS.
i believe there are 2 distinct issues being discussed.
apologies, completely my fault (i ran into this issue with my own external, but then couldn't reproduce the quarantine(didn't realize after an update to XCode, that it hadn't installed additional 'debug'related things yet(probably some things that allow me to build/test without quarantine under same admin account?), until I ran XCode a second time, got the dialog to install additional stuff, rebuilt, and no longer have any quarantine-issue), so i decided to try the steps out on micron's external to learn how to remove quarantine for sure, and was excited to find my solutions posted above).
still related to the thread, though: i'm looking at signing my external, but $99 seems steep just to sign one external to release for free. (i might do it, though), if there are any other options or solutions(upcoming or otherwise known), anyone with any information please feel free to link me... and i assume the starting information for how-to-sign can be found here, let me know if others have better sources:
https://developer.apple.com/developer-id/
hey guys,
I am having a similar issue as the extenal doesn't run on 64bit version I guess. But it does worked last year when I used OS sierra +max8. Does anyone have an idea on how to fix it? I'm currently on Max 8.0.8 and Catalina 10.15.2.
Thank you.
If external is 32 bit only, your only chance is to use max 800 : the initial build of max 8.
It still had 32 bit support.
https://akiaj5esl75o5wbdcv2a-maxmspjitter.s3.amazonaws.com/Max800_180925.dmg
And forget Catalina.
Go back to Sierra, there you can also use max 7xx in 32 bit mode
max requires high sierra for other reasons.
64 bit requires a coreduo or G5 PPC processor and OSX 10.5
on Catalina no 32 bit, is clear or ?
You need older system that allows 32 bit applications to run.
That resolution is about retina display
And - don't ruin your system by trying to install older system over Catalina.
Either delete all and install all fresh,
or create small extra partition to install sierra
Thanks. Clear now.
I was struggling with this issue with an M4L device that was trying to load an external.
If you have this issue, running the xattr command on the actual M4L device file worked for me:
sudo xattr -cr [path to device]
Also, putting the needed M4L external in a 'lib' (or similar) sub folder with the M4L device was required.
I'm having a similar problem with a M4L device using an external. However, the external only gets flagged as a security issue when I freeze the M4L device. When the external is supplied as a separate file in a lib, both max and Ableton Live accept it without problem.
I tried WAX's solution above, but it does not seem to work for frozen M4L devices. Has anybody encountered this?
I had a problem with csound~ unable to load or not found. So I used
sudo xattr -rd com.apple.quarantine
followed by the complete path to max8 Packages and it seems to be working now. Thank you.
Diego
hello everyone
I'm working with macOS Mojave/Max 8.1.3 and after following the procedures described by you I still couldn't get the "randdist" object to work, do you have any suggestions?
Thank you
in case it's helpful to someone, this seems to work for me:
codesign --force --deep --sign - [path to file]
@BENJ3737, this worked for me. Many thanks!
Hello,
I would like to take out a premium membership, but there is a problem with the payment, the same error message keeps coming up, see attachment, even a message to the support does not work the contact form is not sent...
it is obviously not possible to send a message to IRCAM
please help
best regards
Dietmar
