A few years late on this, but apparently when Gatekeeper was added in Catalina, it caused quite the splash (see Allan Odgaard's post, MacOS Catalina: Slow by Design). One of the big issues is that
I've been unknowingly fighting this problem for a long time now, thinking the first run slowness due to a cold cache. Not so. While profiling a build system, I noticed suspiciously faster builds when the computer was disconnected from the internet. Further investigation lead me to the root cause.
This behavior still exists in Monterey, and I'm safely assuming also in Ventura. The fix is easy: tell macOS to bypass the Gatekeeper garbage in these situations. Add your terminal program (Terminal.app, iTerm.app, etc) to System Preferences -> Security & Privacy -> Developer Tools. After restarting the app, the results are more sane:
It's also worth mentioning that
Without the fix, my build flow from a clean state was taking around 2600 ms average online, and 1100 ms offline. With the fix, the build now averages 780 ms (still not fantastic, but a significant improvement).
Hope this helps other recoup some stolen time.
For more information on code signing and Gatekeeper, see Apple's Code Signing Guide.
syspolicyd (aka Gatekeeper) phones home to Apple before the first launch of any new executable: not just downloaded binaries, but locally-compiled programs and chmod'd shell scripts too. To say nothing of the security/privacy concerns, this unnecessary roundtrip adds up over time, and with a sub-par internet connection, the result is crippling. To see the problem in action, run the following:
Bash:
$ echo "int main() { return 0; }" | clang -xc -; time ./a.out; time ./a.out
real 0m0.314s
user 0m0.001s
sys 0m0.001s
real 0m0.003s
user 0m0.001s
sys 0m0.002sI've been unknowingly fighting this problem for a long time now, thinking the first run slowness due to a cold cache. Not so. While profiling a build system, I noticed suspiciously faster builds when the computer was disconnected from the internet. Further investigation lead me to the root cause.
This behavior still exists in Monterey, and I'm safely assuming also in Ventura. The fix is easy: tell macOS to bypass the Gatekeeper garbage in these situations. Add your terminal program (Terminal.app, iTerm.app, etc) to System Preferences -> Security & Privacy -> Developer Tools. After restarting the app, the results are more sane:
Bash:
$ echo "int main() { return 0; }" | clang -xc -; time ./a.out; time ./a.out
real 0m0.001s
user 0m0.000s
sys 0m0.001s
real 0m0.001s
user 0m0.000s
sys 0m0.001sIt's also worth mentioning that
spctl does not solve the problem. You can apparently disable Gatekeeper via sudo spctl --global-disable, but syspolicyd still goes through the motions and wastes time.Without the fix, my build flow from a clean state was taking around 2600 ms average online, and 1100 ms offline. With the fix, the build now averages 780 ms (still not fantastic, but a significant improvement).
Hope this helps other recoup some stolen time.
For more information on code signing and Gatekeeper, see Apple's Code Signing Guide.
