Skip to content

Instantly share code, notes, and snippets.

@eonist

eonist/install curl xattr.md

Created January 18, 2026 19:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save eonist/5e6ef67c996dc7eb273f89cedbc03597 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save eonist/5e6ef67c996dc7eb273f89cedbc03597 to your computer and use it in GitHub Desktop.
Download ZIP
install curl xattr.md
Raw
install curl xattr.md

That's a common approach for developer tools. Here's how it works:

The Install Pattern

bash
# Download
curl -fsSL https://github.com/edgeleap/omni-app/releases/download/v0.1.0/omni-app-macos-arm64.tar.gz | tar -xz

# Remove quarantine flag (bypasses Gatekeeper)
xattr -cr omni-app.app

# Move to Applications
mv omni-app.app /Applications/

One-liner Install Script

bash
curl -fsSL https://omni.edgeleap.io/install.sh | bash

install.sh:

bash
#!/bin/bash
set -e

# Detect architecture
ARCH=$(uname -m)
case $ARCH in
  arm64) TARGET="aarch64-apple-darwin" ;;
  x86_64) TARGET="x86_64-apple-darwin" ;;
  *) echo "Unsupported: $ARCH"; exit 1 ;;
esac

VERSION="v0.1.0"
URL="https://github.com/edgeleap/omni-app/releases/download/${VERSION}/omni-app-${TARGET}.tar.gz"

echo "Downloading omni-app for $ARCH..."
curl -fsSL "$URL" | tar -xz -C /tmp

echo "Installing..."
xattr -cr /tmp/omni-app.app
mv /tmp/omni-app.app /Applications/

echo "✓ Installed to /Applications/omni-app.app"

Why This Works

macOS Security Layer | Status -- | -- Gatekeeper (quarantine) | ✅ Bypassed with xattr -cr Notarization check | ✅ Bypassed (no quarantine = no check) Code signature | ⚠️ App still works unsigned SIP | ✅ Not affected

Recommendation for Separate Builds

Since you're using curl with architecture detection, skip the universal binary:

bash
# Build both separately (smaller downloads)
tauri build --target aarch64-apple-darwin  # ~10 MB
tauri build --target x86_64-apple-darwin   # ~10 MB

# vs Universal
tauri build --target universal-apple-darwin  # ~20 MB

Users get a smaller download since the script auto-detects their architecture.

Want me to create the install script and add it to the repo?

@eonist
Copy link
Author

eonist commented Jan 18, 2026

Yes, correct. With xattr -cr, users can double-click and run immediately — no warnings, no System Settings detour.

Why It Works

Actually, with your curl approach, you get a double bypass:[eclecticlight]

Download Method | Quarantine Flag Set? | Gatekeeper Check? -- | -- | -- Browser (Safari, Chrome) | ✅ Yes | ✅ Yes curl | ❌ No | ❌ No curl + xattr -cr | ❌ No (redundant) | ❌ No

curl never sets the quarantine flag in the first place. The xattr -cr in your install script is just a safety net in case someone downloads via browser first, then runs the script.[unit42.paloaltonetworks]

User Experience

bash
curl -fsSL https://omni.edgeleap.io/install.sh | bash

After this completes:

  • ✅ Double-click → App opens immediately

  • ✅ No "unidentified developer" warning

  • ✅ No "Open Anyway" button needed

  • ✅ No System Settings → Privacy & Security trip

macOS Sequoia Note

Apple made Gatekeeper stricter in Sequoia (removed right-click → Open bypass for unsigned apps). But xattr -d com.apple.quarantine still works and is the recommended workaround.[discussions.apple]

Your Install Script (Final)

bash
#!/bin/bash
set -e

ARCH=$(uname -m)
case $ARCH in
  arm64)  TARGET="aarch64-apple-darwin" ;;
  x86_64) TARGET="x86_64-apple-darwin" ;;
  *) echo "Unsupported: $ARCH"; exit 1 ;;
esac

VERSION="v0.1.0"
URL="https://github.com/edgeleap/omni-app/releases/download/${VERSION}/omni-app-${TARGET}.tar.gz"

echo "→ Downloading omni-app for $ARCH..."
curl -fsSL "$URL" | tar -xz -C /tmp

echo "→ Installing to /Applications..."
xattr -cr /tmp/omni-app.app  # Safety net
mv /tmp/omni-app.app /Applications/

echo "✓ Done! Open from Applications or Spotlight."

Users run one command, app works instantly.

**Yes, correct.** With `xattr -cr`, users can double-click and run immediately — no warnings, no System Settings detour.

Why It Works

Actually, with your curl approach, you get a double bypass: [eclecticlight](https://eclecticlight.co/2019/05/27/is-a-mac-os-x-gatekeeper-bypass-what-it-says/)

Download Method Quarantine Flag Set? Gatekeeper Check?
Browser (Safari, Chrome) ✅ Yes ✅ Yes
curl ❌ No ❌ No
curl + xattr -cr ❌ No (redundant) ❌ No

curl never sets the quarantine flag in the first place. The xattr -cr in your install script is just a safety net in case someone downloads via browser first, then runs the script. [unit42.paloaltonetworks](https://unit42.paloaltonetworks.com/gatekeeper-bypass-macos/)

User Experience

curl -fsSL https://omni.edgeleap.io/install.sh | bash

After this completes:

  • ✅ Double-click → App opens immediately
  • ✅ No "unidentified developer" warning
  • ✅ No "Open Anyway" button needed
  • ✅ No System Settings → Privacy & Security trip

macOS Sequoia Note

Apple made Gatekeeper stricter in Sequoia (removed right-click → Open bypass for unsigned apps). But xattr -d com.apple.quarantine still works and is the recommended workaround. [discussions.apple](https://discussions.apple.com/thread/255759797)

Your Install Script (Final)

#!/bin/bash
set -e

ARCH=$(uname -m)
case $ARCH in
  arm64)  TARGET="aarch64-apple-darwin" ;;
  x86_64) TARGET="x86_64-apple-darwin" ;;
  *) echo "Unsupported: $ARCH"; exit 1 ;;
esac

VERSION="v0.1.0"
URL="https://github.com/edgeleap/omni-app/releases/download/${VERSION}/omni-app-${TARGET}.tar.gz"

echo "→ Downloading omni-app for $ARCH..."
curl -fsSL "$URL" | tar -xz -C /tmp

echo "→ Installing to /Applications..."
xattr -cr /tmp/omni-app.app  # Safety net
mv /tmp/omni-app.app /Applications/

echo "✓ Done! Open from Applications or Spotlight."

Users run one command, app works instantly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment