Mac OS – app can’t be opened because the identity of the developer cannot be confirmed.

Starting with OS X 10.10 existing code signing method doesn’t work. If you have application signed for 10.9 and application works without problems, with 10.10 you will get following error:

2015-02-05_1003

How to verify application sign status from command line:

codesign -dvvv /Applications/APP.app

Executable=/Applications/Skipper.app/Contents/MacOS/Skipper
Identifier=com.skipper.Skipper
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=239848 flags=0x0(none) hashes=11986+3 location=embedded
Hash type=sha1 size=20
CDHash=98839e7aa72de4105ac5ad8a2612682ba3bca53f
Signature size=4237
Authority=Developer ID Application: Inventic s.r.o. (6BYV46LH6T)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=03 Feb 2015 17:38:21
Info.plist entries=10
TeamIdentifier=not set
Sealed Resources version=1 rules=4 files=44
Internal requirements count=1 size=300

As it’s seems from the verification output, application is correctly signed but OSX doesn’t accept it. Another way how to verify application sign status is via spctl command:

spctl --assess --type execute --verbose Skipper.app/

Skipper.app/: rejected
source=obsolete resource envelope

We have some error at least. Now it’s necessary to find out what is wrong. We can try one more test:

codesign -v Skipper.app/
Skipper.app/: resource envelope is obsolete (version 1 signature)

where we dest little bit more details. All these errors we get only on 10.10 mac, not on 10.9 or older.

After another investigation I found following article. The most important part is:

“Important: For your apps to run on updated versions of OSX they must be signed on OS X version 10.9 or later and thus have a version 2 signature.”

Another post about this topic is in felix-schwarz.org blog.

So ,it’s bad. We need to update our build machine to 10.9 or at least create new “sign machine” and make sure that everything will work as expected.

Additional links

Leave a Reply

Your email address will not be published. Required fields are marked *