macos – What’s the `com.apple.provenance` xattr (prolonged attribute) and the way can I delete it?
For me, as of 2023-09-95, utilizing macOS 13.5, the com.apple.provenance FILE prolonged attribute can certainly be eliminated utilizing Terminal.app with
xattr -d com.apple.provenance FILE
In the event you see this fail to take away the attribute, validate that terminal.app is granted Full Disk Entry permission in Privateness & Safety system settings.
Not so with different terminals
Nevertheless, in my testing, the above command does not work with these different terminals:
On condition that the interplay of (xattr with Apple’s Terminal.app) is totally different from the interplay of (xattr with OTHER_TERMINAL_EMULATOR), we are able to inform one thing is afoot. However what?
Hypotheses
-
There’s some distinction in code or settings of the terminal emulator. Maybe Terminal.app “does one thing proper” that the others don’t. (Word: this is not persuasive to me.)
-
Whereas there may be nothing substantively totally different concerning the terminal emulators themselves, there are metadata variations: Terminal.app is code signed. On this speculation,
xattrseems to be on the permissions of the calling course of (as decided by code signing and associated safety measures) to resolve if sure attribute modifications are allowed. (Word: this appears extremely believable.)
Lastly, a pedagogical notice. Above, I deliberately used the phrase ‘interplay’, as a result of I wish to illustrate how this transformation in phrasing makes a distinction when exploring doable causes. We should always not simply take into consideration one element; we must always think about how the elements work together.
