MacOS is marking odin executable as malware

[TheMartes]

Context

I've just downloaded odin, as I wanted to give it a shot - but find out upon installation, that macOS is marking binary as malware. This happens to both downloaded binaries from github and running them from sourced path as well as binaries installed via Homebrew.

• Operating System & Odin Version:
  odin version dev-2024-11:e6475fec4
  macOS Sequoia 15.1

• Please paste odin report output:
  This is the output after I managed to run it

Where to find more information and get into contact when you encounter a bug:

        Website: https://odin-lang.org
        GitHub:  https://github.com/odin-lang/Odin/issues


Useful information to add to a bug report:

        Odin:    dev-2024-11:e6475fec4
        OS:      macOS Sequoia 15.0.1 (build: 24B83, kernel: 24.0.0)
        CPU:     Apple M2 Max
        RAM:     32768 MiB
        Backend: LLVM 18.1.8

Expected Behavior

odin command should be (in my opinion) usable right away after extracting the binary or installing it from the package manager.

Current Behavior

When odin command is being called in CLI after installation you will get this prompt from macOS

Steps to Reproduce

1. Download odin via brew install odin or by downloading the binary from github
2. If binary is being downloaded from e.g. github make sure to extract it to path (follow instruction on odin website)
3. Run odin executable

Exploring the issue

When I was researching the issue - I want to get it working and I managed to do so. By coping binary into /Library/PrivilegedHelperTools/. This seems to be a common issues with a lot of binaries not only for odin (e.g. docker has this problem too), but I'm not sure how to resolve it, neither does docker from what I understand. The command to fix this malware popup is:

$ which odin
/opt/homebrew/bin/odin
$ sudo cp /opt/homebrew/bin/odin /Library/PrivilegedHelperTools

After moving the binary to PrivilegedHelperTools I can run the command and work with executable tho. Here's the link for the docker thread, as it might be useful for further investigation.

I'm so sorry if this kind of issue doesn't belong here, but from what I could understand this was the place I found the best to report to. And I would also like to save trouble for other developer too.

[laytan]

We do not sign our executable so macos isn't happy with it. You can go into settings -> privacy and security and allow the executable there, it will then probably pop up one or 2 more times for the dynamic libraries we ship and then you are good to go.

The homebrew case is a weird one, I have always been able to use homebrew without any of these pop-ups ever appearing.

[TheMartes]

I"m not sure this is the case. When I got this notification I wasn't able to allow to run the executable through privacy & security. It just straight up refused to run. It seems like that once I put it in the PrivilegedHelperTools it was okay, as I wasn't able to reproduce the issue with homebrew. However if you downloaded the github release, issue still persists.

I think this is caused by some sort of update, as more developer tools started to report this popup this month.

[harold-b]

Try xattr -d com.apple.quarantine <path_to_odin_executable>

[spahnke]

If you download an executable or a zip containing an executable the usual way (i.e. using the browser), macOS will set the quarantine attribute on that file/contained files preventing you to execute them. You can check that by running ls -l@ (that is not a typo :D) and it will show you the associated attributes. The xattr command above can be used to remove that quarantine attribute. Alternatively you can use wget or curl to download the zip and the attribute will not be set.