"obsolete resource envelope" on El Capitan only

Question

Created Oct ’15

Replies 2

Boosts 0

Views 2.3k

Participants 3

Our app is distributed outside of the App Store and is signed using our Developer ID Application cert.

Under El Capitan, we get the "...can’t be opened because the identity of the developer cannot be confirmed." alert when trying to launch it when using the "Mac App Store and identified Developers" policy. Under Yosemite and Mavericks it is fine.

On El Capitan, "spctl -a -v Our.app" returns:

Our.app: rejected
source=obsolete resource envelope

while on Yosemite on the same version of the app we get

Our.app: accepted
source=Developer ID

The app is built on a Mac running 10.10.5.

On all OSes (including El Cap), "codesign --deep --verify --verbose Our.app" returns

valid on disk
satisfies its Designated Requirement

and check-signature reports no issues either.

"codesign -dv our.app" returns:

...
Sealed Resources version=2 rules=12 files=286
...

and doing the same on the embedded Sparkle Framework also reports "version=2"

What changed in El Capitan that could cause this?

If anyone is able to check the app themselves for anything 'odd' it can be downloaded from via mimecast dot com. Then "Product Downloads" -> "Mimecast for Mac"

(and choose "Mimecast for Mac")

Boost

Answer 1

gunjeet OP

Nov ’15

Hello Wellington,

Did you find the cause and solution to your problem? I am facing a similar problem with my app. The app was distributed both, via App store and outside of it. It is no longer working for people who migrated to El Capitan and were using the outside app store distribution version.

Looking forward to your response.

Gunjeet

0

Answer 2

iacas OP

Nov ’15

Does this explain everything?

http://furbo.org/2015/07/23/code-signing-in-el-capitan/

We just battled the same thing in Analyzr 2.4 and 2.4.1, and this article pretty much explained it.

0