OS X 10.11.4 - Gatekeeper issues

Question

Created Apr ’16

Replies 3

Boosts 0

Views 1.2k

Participants 4

We have an application users can download from the web. This was working fine until 10.11.4. Now users are getting warnings that it is from an unknown developer. We did not have a V2 signature, so today I went through and made the modification to make it a V2 signature and we are still unable to pass GateKeeper checks.

When I execute: codesign -d --verbose=7 <myapp>

I get:

Sealed Resources version=2 rules=12 files=83

Internal requirements count=2 size=232

However when I execute:

spctl -a -t exec -vv <my app>

I get:

Double Click to Install.app: rejected

source=obsolete resource envelope

origin=Developer ID Application: Autodesk

I have tried reducing the app and signing again. No luck. The application passes Gatekeeper checks on all other OS version. Any ideas?

Boost

Answer 1

DesertNomad OP

Apr ’16

Have a look at this:

http://mjtsai.com/blog/2016/03/31/gatekeeper-bug-in-mac-os-x-10-11-4/

It is affecting us too with a prefPane containing a command-line tool.

0

Answer 2

DTS Engineer OP

Apple

Apr ’16

krisberg wrote:

Any ideas?

Have you worked through the steps in Technote 2206 OS X Code Signing In Depth? In my experience that technote allows you to resolve most Gatekeeper issues. If not, you should open a DTS tech support incident and one of my colleagues can help you out on a one-to-one basis.

DesertNomad wrote:

Have a look at this:

That’s a bit of a red herring in this case. The bug that’s the subject of that thread (r. 25466753) only affects non-app code (preferences panes, various plug-ins, and so on) but krisberg has an app.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 3

NorthGuy OP

Apr ’16

I think it could be anything. I had the same problem. it signs fine wirh "codesign", but then "spctl" fails to verify it. I found an app I could sign. Then it was only a matter of time to find a difference. I gradually copied stuff from my app bundle to the "good" one until it stopped working. The method is simple:

codesign -f -s --deep -vvvv "my app.app"

spctl --assess --verbose=4 "my app.app"

reboot (must reboot because spctl remembers the last outcome!)

make some changes and start over

In my case, after several hours of doing this, I nailed it down to a benign typo in the "Info.plist" file. I'm sure this could be lots of other things as well.

I wish Apple would provide better error message to diagnose failures.

0