Sonar cannot start once updated to macOS Catalina. Error as “wrapper” cannot be opened because the developer cannot be verified

Hi, I have been using sonarqube nicely for a while now. Recently I updated by macOS to catalina 10.15.1 . Now when i try to start the sonar i get the error as :

“wrapper” cannot be opened because the developer cannot be verified.macOS cannot verify that this app is free from malware.

(Warning box)

Below is the error I get on command line.

Ashiks-MacBook-Pro:macosx-universal-64 aaseek$ ./sonar.sh start
Starting SonarQube…
./sonar.sh: line 438: 2645 Killed: 9 “/Users/aaseek/tools/sonarqube-8.0/bin/macosx-universal-64/./wrapper” “/Users/aaseek/tools/sonarqube-8.0/bin/macosx-universal-64/…/…/conf/wrapper.conf” wrapper.syslog.ident=SonarQube wrapper.pidfile="/Users/aaseek/tools/sonarqube-8.0/bin/macosx-universal-64/./SonarQube.pid" wrapper.daemonize=TRUE
Failed to start SonarQube.

I tried installing new version of sonar but still same issue. I have been searching online for similar issue but didn’t get any result. Please help me and I am ready to provide more details if needed.

Thank You!

Welcome to the community !

Indeed, macOS Catalina is stricter about running softwares you’ve downloaded that are not signed by an official Apple dev license. You will get similar issues with other downloaded software.

Several options here, from the more specific to the more general :

  • Allow only this executable file : Run SonarQube again, then go System Preferences -> Security & Privacy, and in the General tab you will see at the bottom the executable that was recently blocked. From this, you can clic open anyway.

Next time you run SonarQube you will be prompted for a definitive approval :

  • Allow any executable run from the Terminal : go System Preferences -> Security & Privacy, and in the Privacy tab, scroll in the list for Developer Tools, check the Terminal app. Then restart the Terminal App and re-run your command.
  • Allow all downloaded app : sudo spctl --master-disable to allow apps downloaded from Anywhere. Be careful with that choice.

Under the hood, macOS enforce to place a quarantine flag com.apple.quarantine on :

  • downloaded files with a quarantine-aware application like Safari, Firefox or Chrome
  • extracted files from an archive with application like Archive Utility or macOS tar or zip
  • file created with an application that has LSFileQuarantineEnabled set to true in the Info.plist

You can see this flag by running this on the downloaded file/folder:

  • on the downloaded zip : xattr -p com.apple.quarantine sonarqube-8.0.zip
  • or on the unzipped files : xattr -p com.apple.quarantine sonarqube-8.0/bin/macosx-universal-64/wrapper

That will prompt something like :
0081;5da594f6;Chrome;A9A2B7E9-B323-4735-81EB-A8F13F892031

Which give you the name of the App that set the flag, and as a first value an hexadecimal field describing the GateKeeper score on that file. If you manually allow the wrapper with the 1 method i described, you will see this value updated.

You can remove programmatically this flag with :

  • xattr -dr com.apple.quarantine /path/to/sonarqube-8.0/

-d is for delete, -r for recursively in the folder.

4 Likes

Thank you for such a descriptive answer.

Many common apps like SonarQube have such an issue on macOS Catalina. Usually you can bypass this new macOS gateway by opening the app through System Preferences > Security & Privacy > Check Allow apps downloaded from App Store and identified developers > Click Open Anyway (like mentioned by Pierre Guillot).

If it still doesn’t work, I assume that you are double clicking on the SonarQube install icon, yes? Don’t do that. Instead right mouse click on it. You should get an Open option in context menu: Select Open. Then the next dialog box you see will be similar to the one you report, but it will also have the Open button added. Choose Open and voila.