cancel
Showing results for 
Search instead for 
Did you mean: 
jinojc
Pilgrim

Mac OS code sign not working

I have IA 2012 SP1 installed on my Mac running OS X 10.8.4. I have both Developer ID Application and Developer ID Installer certificates imported in Keychain Access. In the project, the Code Signing option is enabled and both properties (PKCS #12 File and Keystore Password) populated. The problem is after downloading from a test site (IIS for example), it throws the error message below when GateKeeper is set to allow applications downloaded from Mac App Store and identified developers.

"install" is damaged and can't be opened. You should move it to the Trash

Am I missing something here? I thought the purpose of using this option is for the installer to pass this check from GateKeeper as the certificate is coming from an identified developer?

Has anyone successfully use this option? Any help will be great.

Thank you in advance.

Jino
Labels (1)
0 Kudos
6 Replies

Re: Mac OS code sign not working

Hi,

Try to build a simple basic project in IA 2012 SP1 and code sign it using your PKCS #12 File and Keystore Password.
Take the installer to your IIS Server and download it from your Mac machine.

Try the above and let me know.

Regards,
Utsab Karmakar
0 Kudos
jinojc
Pilgrim

Re: Mac OS code sign not working

Hi Utsab,

I did create a simple project (contains only one file) and was still encountering the same behavior when I download it. Could it be my certificate? I used a Developer ID Installer certificate on this test setup.

Were you able to code sign your installer successfully? If so, which certificate did you use?

Jino
0 Kudos

Re: Mac OS code sign not working

Hi Jino,

You can do one thing, add your Developer ID Certificate to Keychain Access on Mac. Then select your Developer ID Certificate from Keychain Access, right click and Export your Certificate as .p12 format.

Now use this .p12 Certificate in IA to codesign the installers.

Let me know if it helps.

Regards,
Utsab Karmakar
0 Kudos
jinojc
Pilgrim

Re: Mac OS code sign not working

Hi Utsab,

I also did that and got the same result.

By the way, I checked the signature using this command:

$ codesign -dvvv /install.app

... and it returned this error:

"invalid or unsupported format for signature"

Not sure what caused it: Is it IA 2012 SP1 or the certificate I am using?

Thanks,

Jino
0 Kudos
Highlighted
rajarajn
Pilgrim

Re: Mac OS code sign not working

Hi,

Can you provide us your output after providing all the commands as below ? The results would be great to debug this issue further.


1. $> codesign -dvvv install.app

2. For any arch in command ($> lipo -info install.app/Contents/MacOS/install )

extract the binary using
$> lipo -extract install -output

For this arch, run the following commands and paste output.
$> pagestuff -a
and
$> otool -l
0 Kudos
Jerzyl
Pilgrim

Re: Mac OS code sign not working

Hi, i know that this thread is little bit old, but we have same problem. Signing IA2012 for Mac and OS don't recognise it as properly signed. Here is additional information below:

$ codesign -v Installer.app
Installer.app: invalid Info.plist (plist or signature have been modified)
In architecture: x86_64

$ codesign -dvvv Installer.app
Installer.app/Contents/MacOS/Installer
Identifier=com.apple.JavaApplicationStub
Format=bundle with Mach-O universal (i386 ppc x86_64)
CodeDirectory v=20001 size=174 flags=0x0(none) hashes=3+2 location=embedded
Hash type=sha1 size=20
CDHash=7287f1123d4caa5746d29aef1a158235031d9463
Signature size=4064
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=0 size=12

$ lipo -info Instller.app/Contents/MacOS/Installer
Architectures in the fat file: Installer.app/Contents/MacOS/Installer are: ppc i386 x86_64

$ lipo -extract x86_64 Instller.app/Contents/MacOS/Installer -output x64
$ pagestuff x64 -a
File Page 0 contains fat file headers
File Page 1 contains Mach-O headers (x86_64)
File Page 1 contains contents of section (__TEXT,__text) (x86_64)
File Page 1 contains contents of section (__TEXT,__symbol_stub1) (x86_64)
File Page 1 contains contents of section (__TEXT,__stub_helper) (x86_64)
File Page 1 contains contents of section (__TEXT,__cstring) (x86_64)
File Page 1 contains contents of section (__TEXT,__eh_frame) (x86_64)
Symbols on file page 1 virtual address 0x100000b44 to 0x100001000
File Page 2 contains contents of section (__TEXT,__eh_frame) (x86_64)
File Page 2 contains contents of section (__DATA,__data) (x86_64)
File Page 2 contains contents of section (__DATA,__dyld) (x86_64)
File Page 2 contains contents of section (__DATA,__nl_symbol_ptr) (x86_64)
File Page 2 contains contents of section (__DATA,__la_symbol_ptr) (x86_64)
File Page 2 contains contents of section (__DATA,__cfstring) (x86_64)
Symbols on file page 2 virtual address 0x100001000 to 0x1000010f0
File Page 3 contains symbol table for defined global symbols (x86_64)
File Page 3 contains symbol table for undefined symbols (x86_64)
File Page 3 contains external relocation entries (x86_64)
File Page 3 contains indirect symbols table (x86_64)
File Page 3 contains string table for external symbols (x86_64)
File Page 3 contains data of code signature (x86_64)
File Page 4 contains data of code signature (x86_64)

$ otool -l x64
x64:
Load command 0
cmd LC_SEGMENT_64
cmdsize 72
segname __PAGEZERO
vmaddr 0x0000000000000000
vmsize 0x0000000100000000
fileoff 0
filesize 0
maxprot 0x00000000
initprot 0x00000000
nsects 0
flags 0x0
Load command 1
cmd LC_SEGMENT_64
cmdsize 472
segname __TEXT
vmaddr 0x0000000100000000
vmsize 0x0000000000001000
fileoff 0
filesize 4096
maxprot 0x00000007
initprot 0x00000005
nsects 5
flags 0x0
Section
sectname __text
segname __TEXT
addr 0x0000000100000b44
size 0x0000000000000235
offset 2884
align 2^2 (4)
reloff 0
nreloc 0
flags 0x80000400
reserved1 0
reserved2 0
Section
sectname __symbol_stub1
segname __TEXT
addr 0x0000000100000d79
size 0x0000000000000054
offset 3449
align 2^0 (1)
reloff 0
nreloc 0
flags 0x80000408
reserved1 0 (index into indirect symbol table)
reserved2 6 (size of stubs)
Section
sectname __stub_helper
segname __TEXT
addr 0x0000000100000dd0
size 0x00000000000000a8
offset 3536
align 2^2 (4)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Section
sectname __cstring
segname __TEXT
addr 0x0000000100000e78
size 0x00000000000000e8
offset 3704
align 2^3 (8)
reloff 0
nreloc 0
flags 0x00000002
reserved1 0
reserved2 0
Section
sectname __eh_frame
segname __TEXT
addr 0x0000000100000f60
size 0x00000000000000a0
offset 3936
align 2^3 (8)
reloff 0
nreloc 0
flags 0x6000000b
reserved1 0
reserved2 0
Load command 2
cmd LC_SEGMENT_64
cmdsize 472
segname __DATA
vmaddr 0x0000000100001000
vmsize 0x0000000000001000
fileoff 4096
filesize 4096
maxprot 0x00000007
initprot 0x00000003
nsects 5
flags 0x0
Section
sectname __data
segname __DATA
addr 0x0000000100001000
size 0x000000000000001c
offset 4096
align 2^3 (8)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Section
sectname __dyld
segname __DATA
addr 0x0000000100001020
size 0x0000000000000038
offset 4128
align 2^3 (8)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Section
sectname __nl_symbol_ptr
segname __DATA
addr 0x0000000100001058
size 0x0000000000000008
offset 4184
align 2^2 (4)
reloff 0
nreloc 0
flags 0x00000006
reserved1 14 (index into indirect symbol table)
reserved2 0
Section
sectname __la_symbol_ptr
segname __DATA
addr 0x0000000100001060
size 0x0000000000000070
offset 4192
align 2^2 (4)
reloff 0
nreloc 0
flags 0x00000007
reserved1 15 (index into indirect symbol table)
reserved2 0
Section
sectname __cfstring
segname __DATA
addr 0x00000001000010d0
size 0x0000000000000020
offset 4304
align 2^3 (8)
reloff 0
nreloc 0
flags 0x00000000
reserved1 0
reserved2 0
Load command 3
cmd LC_SEGMENT_64
cmdsize 72
segname __LINKEDIT
vmaddr 0x0000000100002000
vmsize 0x0000000000002000
fileoff 8192
filesize 5936
maxprot 0x00000007
initprot 0x00000001
nsects 0
flags 0x0
Load command 4
cmd LC_SYMTAB
cmdsize 24
symoff 8192
nsyms 17
stroff 8592
strsize 304
Load command 5
cmd LC_DYSYMTAB
cmdsize 80
ilocalsym 0
nlocalsym 0
iextdefsym 0
nextdefsym 1
iundefsym 1
nundefsym 16
tocoff 0
ntoc 0
modtaboff 0
nmodtab 0
extrefsymoff 0
nextrefsyms 0
indirectsymoff 8472
nindirectsyms 29
extreloff 8464
nextrel 1
locreloff 0
nlocrel 0
Load command 6
cmd LC_LOAD_DYLINKER
cmdsize 32
name /usr/lib/dyld (offset 12)
Load command 7
cmd LC_UUID
cmdsize 24
uuid 4FF3E2B1-8C08-F8CF-7092-00A087321243
Load command 8
cmd LC_UNIXTHREAD
cmdsize 184
flavor x86_THREAD_STATE64
count x86_THREAD_STATE64_COUNT
rax 0x0000000000000000 rbx 0x0000000000000000 rcx 0x0000000000000000
rdx 0x0000000000000000 rdi 0x0000000000000000 rsi 0x0000000000000000
rbp 0x0000000000000000 rsp 0x0000000000000000 r8 0x0000000000000000
r9 0x0000000000000000 r10 0x0000000000000000 r11 0x0000000000000000
r12 0x0000000000000000 r13 0x0000000000000000 r14 0x0000000000000000
r15 0x0000000000000000 rip 0x0000000100000b44
rflags 0x0000000000000000 cs 0x0000000000000000 fs 0x0000000000000000
gs 0x0000000000000000
Load command 9
cmd LC_LOAD_DYLIB
cmdsize 128
name /System/Library/PrivateFrameworks/JavaApplicationLauncher.framework/Versions/A/JavaApplicationLauncher (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 1.0.0
compatibility version 1.0.0
Load command 10
cmd LC_LOAD_DYLIB
cmdsize 96
name /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 677.15.0
compatibility version 300.0.0
Load command 11
cmd LC_LOAD_DYLIB
cmdsize 56
name /usr/lib/libgcc_s.1.dylib (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 1.0.0
compatibility version 1.0.0
Load command 12
cmd LC_LOAD_DYLIB
cmdsize 56
name /usr/lib/libSystem.B.dylib (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 111.0.0
compatibility version 1.0.0
Load command 13
cmd LC_LOAD_DYLIB
cmdsize 104
name /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (offset 24)
time stamp 2 Thu Jan 1 01:00:02 1970
current version 476.10.0
compatibility version 150.0.0
Load command 14
cmd LC_CODE_SIGNATURE
cmdsize 16
dataoff 8896
datasize 5232
0 Kudos