Fixing Gatekeeper SIGKILLs on Downloaded Toolchain Verifiers
On macOS, Atmos would sometimes install a verifier CLI (like cosign, used to check signatures on
downloaded toolchain binaries) through verifier_install: auto, checksum-verify it successfully — and
then have the OS kill it the instant Atmos tried to run it. Gatekeeper and AMFI re-validate a downloaded
binary's code-signing trust on every execution, not just the first Finder launch, so a checksum match
alone wasn't enough to let a freshly downloaded, ad-hoc-signed release asset actually run.
The Fix
After Atmos installs and checksum-verifies a verifier binary, it now strips the macOS quarantine
extended attributes (com.apple.quarantine, com.apple.provenance) and ad-hoc re-signs the binary —
the same trick Homebrew uses for downloaded formula binaries. This only ever runs on binaries Atmos
itself just downloaded into its own bootstrap path; a verifier already found on PATH is user-managed
and already OS-trusted, so it's left untouched. On Linux and Windows, this is a no-op — only macOS
re-validates trust on every exec.
How to Use It
This is on by default (verifier_trust: auto) — most users won't need to touch it. To opt out entirely:
toolchain:
verification:
verifier_trust: disabled
See the toolchain verification docs for the full settings reference.
Get Involved
Questions or feedback? Open an issue on GitHub or join the conversation in our community Slack.
