macOS arm distributions are unsigned

The macOS arm (M1) Root binary distributions are not signed by an identified Apple developer. This makes it infeasible to use them, because each library must be individually authorized (which takes 3 or 4 mouse clicks each) – there are dozens of them.

Experienced developers can use ‘spctl’ to authorize all binary executable files at once, but most Root users won’t know how to do that (I wrote an entry in the Root Forum about this).

_ROOT Version: root_v6.26.06
_Platform: macOS Monterey, Apple M1 processor
Compiler: Not Provided

Hi @tjrob ,

thank you for the feedback! I think we need @Axel to comment here, let’s ping him.


for my curiosity, can you please share a link to the forum thread about spctl that you wrote?

Thanks @tjrob !

Apologies for the terrible experience. Did you use the dmg or the tar file?

Can you try to curl -L -O the tar file - does that still work around the issue?

(FYI, signing isn’t enough, we need Apple to notarize each installer. That’s quite an overhead for a small open source dev team like your ROOT team… but we’ll do it if Apple really forces us.)

Cheers, Axel

spctl is for instance here: Root_v6.14.06 on Mac is very tedious the first time - #8 by Eddy_Offermann

I forgot to mention that the x86_64 .tar.gz file does not have this problem (i.e. its libraries and executable are properly signed and notarized by Apple).

I downloaded the arm64 (M1) tar.gz file from the Root download page. The issue is with the content of the build, not how it is downloaded or installed.

There is no .dmg, but there is a .pkg:
I downloaded and ran it; after authorizing it from an unknown developer it gave this error: The operation couldn’t be completed. ( error -1.)

Axel already linked to my post about spctl.

Yes but macOS marks a file as “not trustworthy” if downloaded through the browser. If Apple didn’t discover this yet, curl -L -O might serve as a workaround.

We don’t seem to treat our x86 and arm64 binaries any differently; we are not (yet) signing our binaries on x86 either. This would mean that macOS or CMake has a different behavior on x86 and arm :frowning:

How To Fix an App That Cannot Be Opened Because the Developer Cannot Be Verified

How to open apps from unidentified developers on Mac

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.