stash icon indicating copy to clipboard operation
stash copied to clipboard
verified publisher icon stashapp

[Bug Report] Recurring file access prompts on macOS

Open rEes9P opened this issue 1 year ago • 5 comments

Describe the bug I have been running into incessant ""Stash" would like to access files in your Downloads folder." and ""Stash" would like to access files on a removable volume." prompts on my Mac (running Sonoma 14.7) to the point of Stash being almost unusable.

To Reproduce Any activity that accesses files, be it a scan or simple browsing and playing of content, leads to multiple prompts.

Expected behavior The prompts to not recur after the access being granted when running Stash for the first time post install.

Screenshots Downloads

Removable volume

Stash Version v0.27.2

Desktop

  • OS: macOS Sonoma 14.7
  • Browser: Firefox
  • Version: 131.0.3 (aarch64)

Additional context I have enabled Full Disk Access for Stash.

rEes9P avatar Oct 20 '24 20:10 rEes9P

Copied answer from WP in a now deleted Issue#4796

As far as I know, there's nothing we can do within stash to stop this message from appearing. stash does not explicitly request any permissions; all disk access is done at a low level, and the stash code has no knowledge/access to the macos permission infrastructure. See also: https://forum.makemkv.com/forum/viewtopic.php?t=25455 https://iboysoft.com/howto/allow-access-to-removable-volumes-mac.html

stg-annon avatar Oct 20 '24 21:10 stg-annon

Thanks for looking into this, @stg-annon.

I am only running into this issue with Stash. Interestingly, the *arr apps work just fine after giving specific folder permission/s on the initial prompt and don't require full disk access.

Could this be something to do with how Stash is notarized? 🤔

rEes9P avatar Oct 21 '24 05:10 rEes9P

I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature:

codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.app

tvjctr avatar Nov 25 '24 19:11 tvjctr

I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature:

codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.app

Signed up for git just to comment here.

Just got Mac Mini M4 MacOS Sequoia 15.2 to setup as my new server. Was having same issue as OP on (as well as a separate equally annoying MacOS Firewall issue; Stash 0.27.2 could not be accessed from any LAN device other than localhost, while the MacOS FW was active).

The above command fixed both issues for me!

Thank you so much @tvjctr; I've been trying various workarounds for a couple days to no avail.

Considering all this info, would notarizing and signing (not sure these are correct/exact terms) stash.app fix these issues for MacOS users? I'm not well versed in these topics, but it seems Apple considers stash.app as unknown developer, and it may be imparting additional security controls (or bugged security controls) on such an app....

handwork3 avatar Jan 14 '25 03:01 handwork3

Sadly that did not work for me. This is such an annoying problem.

jubishop avatar Mar 30 '25 05:03 jubishop

I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature: codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.app

Signed up for git just to comment here.

Just got Mac Mini M4 MacOS Sequoia 15.2 to setup as my new server. Was having same issue as OP on (as well as a separate equally annoying MacOS Firewall issue; Stash 0.27.2 could not be accessed from any LAN device other than localhost, while the MacOS FW was active).

The above command fixed both issues for me!

Thank you so much @tvjctr; I've been trying various workarounds for a couple days to no avail.

Considering all this info, would notarizing and signing (not sure these are correct/exact terms) stash.app fix these issues for MacOS users? I'm not well versed in these topics, but it seems Apple considers stash.app as unknown developer, and it may be imparting additional security controls (or bugged security controls) on such an app....

I just signed up to comment on this issue as well.

When attempting the workaround you referenced on macOS Sequoia 15.5, I keep getting the following:

/Applications/Stash.app: replacing existing signature
/Applications/Stash.app: resource fork, Finder information, or similar detritus not allowed

If there's forbidden detritus present, it seems like it's a great time to bring the Stash.app package into compliance with current MacOS security rules.

PDisaster avatar Jul 07 '25 17:07 PDisaster

Considering all this info, would notarizing and signing (not sure these are correct/exact terms) stash.app fix these issues for MacOS users? I'm not well versed in these topics, but it seems Apple considers stash.app as unknown developer, and it may be imparting additional security controls (or bugged security controls) on such an app....

It's very unlikely. It's typical Apple monopolistic behaviour that has nothing to do with security. To notrize an app you need:

  • Apple Developer Membership ($99 per year)
  • macOS device with XCode
  • Cannot be fully automated
  • Must be done PER BUILD
  • You have to wait for a confirmation email from Apple to say the build was successfully notarized

Just opening developer account requires personal details which nobody here wants to associate with the adult project.

Stash binaries are built using https://github.com/stashapp/stash/blob/develop/Makefile, which you can reproduce yourself.

DogmaDragon avatar Jul 07 '25 18:07 DogmaDragon

I just signed up to comment on this issue as well.

When attempting the workaround you referenced on macOS Sequoia 15.5, I keep getting the following:

/Applications/Stash.app: replacing existing signature
/Applications/Stash.app: resource fork, Finder information, or similar detritus not allowed

If there's forbidden detritus present, it seems like it's a great time to bring the Stash.app package into compliance with current MacOS security rules.

Unsure why you are getting that result, but even on 15.6 the self-signed signature procedure still functions. Check your permissions?

For others having issues, make sure you are using the .app version of stash, and that it has been moved to your Applications folder firstly.

tvjctr avatar Aug 03 '25 16:08 tvjctr

Am I correct in understanding that this method requires a developer account?

I also had this problem on an M4 Mac mini running MacOS Sequoia 15.1.1 and Stash.app v0.27.2 I was able to fix it by replacing the signature:

codesign --force --deep -s - /Applications/Stash.app && xattr -rd com.apple.quarantine /Applications/Stash.app

If so, does anyone have a solution for those of us who are not developers? Terminal gives me "zsh: no such user or named directory: code sign" as an error.

InfiniteUsernames avatar Nov 19 '25 17:11 InfiniteUsernames

Additionally quarantine can be used to lift some restrictions (but not all file access notices) https://apple.stackexchange.com/questions/373176/disable-the-use-of-the-com-apple-quarantine-extended-attribute-on-mojave

Like DogmaDragon said, nothing we can realistically do, as it also requires a mac development machine to notarize, on top of all the previous requirements

feederbox826 avatar Dec 02 '25 01:12 feederbox826