TotalFinderSIP versions

TotalFinder needs to install a system component into protected disk area at /System/Library/ScriptingAdditions/TotalFinderSIP.osax to circumvent the System Integrity Protection (SIP). You can read some technical details here.

Rarely we might need to upgrade this component. Unfortunately that requires turning SIP off and on again. We maintain this page as a resource with explanation of each upgrade.


Released in TotalFinder 1.9.0 on March 20, 2017

Initial version of the component installed with TotalFinder 1.9.0. This blog post introduced the solution.


Released in TotalFinder 1.10.0 on August 21, 2017

For security reasons TotalFinderSIP.osax checks code signature of the code located at /Applications/ which it is going to inject into It must make sure that the code was produced by us (BinaryAge) and properly signed with a valid developer certificate issued by Apple.

The problem is that in v1 implementation we were checking specific naming scheme of the developer certificate and Apple decided to change it. As our old certificate expired we were unable to sign new TotalFinder updates in a way which would be recognised by the v1 component as a genuine code coming from us. That is why we had to relax the check in v2.

Unfortunately to upgrade you have to do the SIP dance again. Hopefully this will work well for foreseeable future.