Skip to main content

Fixing Gatekeeper SIGKILLs on Downloaded Toolchain Verifiers

· 2 min read
Erik Osterman
Founder @ Cloud Posse

On macOS, Atmos would sometimes install a verifier CLI (like cosign, used to check signatures on downloaded toolchain binaries) through verifier_install: auto, checksum-verify it successfully — and then have the OS kill it the instant Atmos tried to run it. Gatekeeper and AMFI re-validate a downloaded binary's code-signing trust on every execution, not just the first Finder launch, so a checksum match alone wasn't enough to let a freshly downloaded, ad-hoc-signed release asset actually run.

The Fix

After Atmos installs and checksum-verifies a verifier binary, it now strips the macOS quarantine extended attributes (com.apple.quarantine, com.apple.provenance) and ad-hoc re-signs the binary — the same trick Homebrew uses for downloaded formula binaries. This only ever runs on binaries Atmos itself just downloaded into its own bootstrap path; a verifier already found on PATH is user-managed and already OS-trusted, so it's left untouched. On Linux and Windows, this is a no-op — only macOS re-validates trust on every exec.

How to Use It

This is on by default (verifier_trust: auto) — most users won't need to touch it. To opt out entirely:

toolchain:
verification:
verifier_trust: disabled

See the toolchain verification docs for the full settings reference.

Get Involved

Questions or feedback? Open an issue on GitHub or join the conversation in our community Slack.