codesign dmg: spctl fails with "source=Insufficient Context"

Code Signing General
cantgetnosleep OP
Created Sep ’16
Replies 3
Boosts 0
Views 2.1k
Participants 4

I'm signing a DMG that contains a signed app. I sign the app, and then sign the DMG. codesign is happy, but when I try spctl it fails. The app itself passes both codesign and spctl. See below.


Any ideas? What does "insufficient context" mean?


cantgetnosleep@dmg-maker:codesign -dvv build/MyApp-Installer.dmg

Executable=/Users/cantgetnosleep/development/MyApp-Installer.dmg

Identifier=MyApp

Format=disk image

CodeDirectory v=20200 size=322 flags=0x0(none) hashes=1+6 location=embedded

Signature size=8864

Authority=Developer ID Application: Andrew Hughes (XXX)

Authority=Developer ID Certification Authority

Authority=Apple Root CA

Timestamp=Sep 19, 2016, 4:55:01 PM

Info.plist=not bound

TeamIdentifier=XXX

Sealed Resources=none

Internal requirements count=1 size=196


cantgetnosleep@dmg-maker:spctl -a -t open -v build/MyApp-Installer.dmg

build/MyApp-Installer.dmg: rejected

source=Insufficient Context

Replies  3
Boosts  0
Views  2.1k
Participants  4
theeagle OP
May ’17

We're also having this same issue...were you able to find a solution?

0
jonf3n OP
Jul ’17

Same error when trying to verify signature on 

VirtualBox 5.1.26
downloaded from http://download.virtualbox.org/virtualbox/5.1.26/VirtualBox-5.1.26-117224-OSX.dmg


spctl -a -t open --context context:primary-signature -v  VirtualBox-5.1.26-117224-OSX.dmg
VirtualBox-5.1.26-117224-OSX.dmg: rejected
source=Insufficient Context
0
jkbull OP
Jun ’19

Same problem with my application. Did you find a solution?

0
codesign dmg: spctl fails with "source=Insufficient Context"
First post date Last post date
 
 
Q