When Mac OS X was designed, it switched to the bundle structure inherited from NeXTSTEP. Instead of this multitude of resources, apps consisted of a hierarchy of directories containing files of executable code, and those with what had in Mac OS been supporting resources. Those app bundles came to adopt a standard form, shown below.
↫ Howard Oakley
A short, but nonetheless informative overview of the structure of a macOS application. I’m sure most people on OSNews are aware that a macOS application is a bundle, which is effectively a glorified directory containing a variety of files and subdirectories that together make up the application. I haven’t used macOS in a while, but I think you can right-click on an application and open it as a folder to dig around inside of it.
I’m trying to remember from my days as a Mac OS X user – 15-20 years ago – if there was ever a real need to do so, but I’m sure there were a few hacks you could do by messing around with the files inside of application bundles. These days, perhaps with all the code-signing, phoning-home to Apple, and other security trickery going on, such acts are quite frowned upon. Does making any otherwise harmless changes inside an application bundle set off a ton of alarm bells in macOs these days?
I don’t know about ARM-era macOS, but, according to this StackExchange Q&A, the files within a bundle are signed individually and Mac OS 10.11 was when Gatekeeper started requiring that developers sign all the executables in the bundle. (They cite Apple’s macOS Code Signing In Depth.)
That fits with what I’ve experienced on the hand-me-down iMac I run 10.13 on. When I was installing open-source apps on it to try to give myself more reason to care about something that couldn’t run classic Mac OS and presented an inferior alternative to how I use Linux, I found that some of them were specifically designed so that you added files to folders stored inside the bundle to extend them so that the “just drag it to the trash to uninstall” property was preserved.
However, I’m not sure if any of them involved adding files that Gatekeeper would recognize as code or if they were all things like graphical assets, Lua scripts, etc.
Current MacOS user.
You can run a single terminal command to turn off all the “security trickery” for an application. It’s really not a big deal. Running unsigned apps is trivial for a technical user, and not trivial for a non-technical user. As it should be.
I use coteditor. Putting a symbolic link in /usr/local/bin to the cot executable (which is inside the application bundle) allows me to open a text file in it from the terminal. There are still uses to dig into bundles. Also, remember that not only applications use bundles. Example:UTM VM’s.
Also, Peazip distributes their app without signing. They include the terminal command to bypass gatekeeper.
I created an alias called unjail so I can just type unjail /Applications/whatever.app
None of this has caused me much consternation or lost sleep.
One more comment.
Everyone seems to forget that Apple includes documented commands to disable SIP and Gatekeeper full-stop. Thom even did an article about it, related to UNIX certification. The modern security stance (which I firmly believe is a good thing) is incompatible with the certification. Apple has deliberately chosen, release after release, to include AND document the mechanism to disable.
For the 99.9% of people who wouldn’t find OSNews interesting, including family members with a Mac, I’m struggling to see the downside.
“I’m trying to remember from my days as a Mac OS X user – 15-20 years ago – if there was ever a real need to do so, but I’m sure there were a few hacks you could do by messing around with the files inside of application bundles. These days, perhaps with all the code-signing, phoning-home to Apple, and other security trickery going on, such acts are quite frowned upon. Does making any otherwise harmless changes inside an application bundle set off a ton of alarm bells in macOs these days?”
Well I was able to turn off Zombies from 7 Days to Die (a zombie apocalypse game) before you had the ability to do so through menus. And lots of other good reasons.
It really is an elegant way to create a dependency tree. It’s amazing it didn’t catch on more. There have been attempts to recreate this, but they’re not the same. It’s little details like this that make/made macos special, and it’s really underappreciated.