Skip to content

[Bug]: wrongly signed binary triggers ASP protection on macos and prevents safe execution #91

New issue
New issue
Open
Open
[Bug]: wrongly signed binary triggers ASP protection on macos and prevents safe execution#91
@pdesgarets

Description

@pdesgarets
pdesgarets
opened on Nov 20, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Installed through homebrew, calling the binary triggers a security warning

Élément « ovhcloud » non ouvert. Apple n'a pas pu confirmer que « ovhcloud » ne contenait pas de logiciel malveillant susceptible d'endommager votre Mac ou de porter atteinte à votre vie privée.

In the logs (Console.app) we see ASP: Security policy would not allow process: 37023, /opt/homebrew/Caskroom/ovhcloud-cli/0.8.1/ovhcloud

Expected Behavior

Expected : the binary is launched

Steps To Reproduce

$ brew install --cask ovh/tap/ovhcloud-cli
$ ovhcloud --help

Anything else?

codesign shows no valid Authority for the signature

$ codesign -dvvv $(which ovhcloud)
Executable=/opt/homebrew/Caskroom/ovhcloud-cli/0.8.1/ovhcloud
Identifier=a.out
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=278366 flags=0x20002(adhoc,linker-signed) hashes=8696+0 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=b61fe35cecee881481034f93fd11814188864445
CandidateCDHashFull sha256=b61fe35cecee881481034f93fd11814188864445252326753faec47bea30d8e3
Hash choices=sha256
CMSDigest=b61fe35cecee881481034f93fd11814188864445252326753faec47bea30d8e3
CMSDigestType=2
CDHash=b61fe35cecee881481034f93fd11814188864445
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements=none

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions