fix: preserve gatekeeper state in optimize

2026-03-22 17:55:08 +00:00 · 2026-03-22 19:36:54 +08:00
parent 0c71ee9363
commit 1b98041e0f
2 changed files with 8 additions and 18 deletions
--- a/bin/optimize.sh
+++ b/bin/optimize.sh
@@ -312,11 +312,8 @@ collect_security_fix_actions() {
            SECURITY_FIXES+=("firewall|Enable macOS firewall")
        fi
    fi
-    if [[ "${GATEKEEPER_DISABLED:-}" == "true" ]]; then
-        if ! is_whitelisted "gatekeeper"; then
-            SECURITY_FIXES+=("gatekeeper|Enable Gatekeeper, app download protection")
-        fi
-    fi
+    # Gatekeeper state is intentionally user-managed. Optimize may report it,
+    # but it must not change the user's "Anywhere" preference.
    if touchid_supported && ! touchid_configured; then
        if ! is_whitelisted "check_touchid"; then
            SECURITY_FIXES+=("touchid|Enable Touch ID for sudo")
@@ -370,16 +367,6 @@ apply_firewall_fix() {
    return 1
 }

-apply_gatekeeper_fix() {
-    if sudo spctl --master-enable 2> /dev/null; then
-        echo -e "  ${GREEN}${ICON_SUCCESS}${NC} Gatekeeper enabled"
-        GATEKEEPER_DISABLED=false
-        return 0
-    fi
-    echo -e "  ${GRAY}${ICON_WARNING}${NC} Failed to enable Gatekeeper"
-    return 1
-}
-
 apply_touchid_fix() {
    if "$SCRIPT_DIR/bin/touchid.sh" enable; then
        return 0
@@ -400,9 +387,6 @@ perform_security_fixes() {
            firewall)
                apply_firewall_fix && ((applied++))
                ;;
-            gatekeeper)
-                apply_gatekeeper_fix && ((applied++))
-                ;;
            touchid)
                apply_touchid_fix && ((applied++))
                ;;