Developer Blog - Inventic.eu
  • Skipper - The ORM Designer
  • VsBuilds - Parallel building
  • Pulpo - Free Skipper CLI

Tag: #sign

Mac OS - app can't be opened because the identity of the developer cannot be confirmed.

Starting with OS X 10.10 existing code signing method doesn't work. If you have application signed for 10.9 and application works without problems, with 10.10 you will get following error:

2015-02-05_1003

How to verify application sign status from command line:

codesign -dvvv /Applications/APP.app</p>
<p>Executable=/Applications/Skipper.app/Contents/MacOS/Skipper<br />
Identifier=com.skipper.Skipper<br />
Format=bundle with Mach-O thin (x86_64)<br />
CodeDirectory v=20100 size=239848 flags=0x0(none) hashes=11986+3 location=embedded<br />
Hash type=sha1 size=20<br />
CDHash=98839e7aa72de4105ac5ad8a2612682ba3bca53f<br />
Signature size=4237<br />
Authority=Developer ID Application: Inventic s.r.o. (6BYV46LH6T)<br />
Authority=Developer ID Certification Authority<br />
Authority=Apple Root CA<br />
Signed Time=03 Feb 2015 17:38:21<br />
Info.plist entries=10<br />
TeamIdentifier=not set<br />
Sealed Resources version=1 rules=4 files=44<br />
Internal requirements count=1 size=300<br />

As it's seems from the verification output, application is correctly signed but OSX doesn't accept it. Another way how to verify application sign status is via **spctl **command:

spctl --assess --type execute --verbose Skipper.app/</p>
<p>Skipper.app/: rejected<br />
source=obsolete resource envelope<br />

We have some error at least. Now it's necessary to find out what is wrong. We can try one more test:

codesign -v Skipper.app/<br />
Skipper.app/: resource envelope is obsolete (version 1 signature)<br />

where we dest little bit more details. All these errors we get only on 10.10 mac, not on 10.9 or older.

After another investigation I found following article. The most important part is:

"Important: For your apps to run on updated versions of OSX they must be signed on OS X version 10.9 or later and thus have a version 2 signature."

Another post about this topic is in felix-schwarz.org blog.

So ,it's bad. We need to update our build machine to 10.9 or at least create new "sign machine" and make sure that everything will work as expected.

Additional links

05 Feb 2015

Posted by: ludek.vodicka

Programming Mac OS #developer #mac #sign