The Saga Continues • furbo.org


I’ve an extended historical past of writing about code signing in macOS. When Large Sur was launched, I assumed “Lastly!”

I used to be improper.

This time round I used to be tripped up by Safari, of all issues. It doesn’t open app archives like different elements of macOS.

This story started with buyer reviews of xScope being a “broken app” on Large Sur. This was stunning as a result of I had been downloading and testing the app on Large Sur for a number of months with out situation.

I used to be additionally doing all this work on Apple Silicon utilizing the DTK. And since Google Chrome wasn’t but engaged on this machine, all my testing was restricted to Safari. Safari’s default setting is to open “protected” information after obtain, so I left that alone (as most clients would).

That is the place I shot myself within the foot. At no level did my downloads contact the Archive Utility. And I had no concept that Safari’s code is totally different than the system utility.

Once I checked the signature of the app downloaded with Safari, every part seems good:

$ codesign -vvvv ~/Downloads/xScope.app
...
/Customers/CHOCK/Downloads/xScope.app: legitimate on disk
/Customers/CHOCK/Downloads/xScope.app: satisfies its Designated Requirement

Issues had been very totally different when utilizing Google Chrome:

$ codesign -vvvv ~/Downloads/xScope.app
/Customers/CHOCK/Downloads/xScope.app: unsealed contents current within the root listing of an embedded framework
In subcomponent: /Customers/CHOCK/Downloads/xScope.app/Contents/Frameworks/Sparkle.framework

$ codesign -vvvv ~/Downloads/xScope.app/Contents/Frameworks/Sparkle.framework
/Customers/CHOCK/Downloads/xScope.app/Contents/Frameworks/Sparkle.framework: a sealed useful resource is lacking or invalid
file added: /Customers/CHOCK/Downloads/xScope.app/Contents/Frameworks/Sparkle.framework/Variations/Present/Assets/._fr_CA.lproj
file added: /Customers/CHOCK/Downloads/xScope.app/Contents/Frameworks/Sparkle.framework/Variations/Present/Assets/Updater.app/Contents/Assets/._fr_CA.lproj
file added: /Customers/CHOCK/Downloads/xScope.app/Contents/Frameworks/Sparkle.framework/Variations/Present/Assets/Updater.app/Contents/Assets/._pt.lproj
file added: /Customers/CHOCK/Downloads/xScope.app/Contents/Frameworks/Sparkle.framework/Variations/Present/Assets/._pt.lproj

It seems all these of us complaining a couple of “broken app” had been both utilizing Chrome or had Safari’s “protected” file dealing with turned off. The broken archive wasn’t getting repaired routinely by Safari.

The root of the issue is localization within the Sparkle framework. There are two symlinks with prolonged attributes (the “._” is the place macOS shops issues like Finder info). The intent of the symlink was to say that French Canadian is identical as French, and Portuguese is identical as Brazilian Portuguese.

Since macOS routinely makes this inference, it’s protected to simply delete the scripts that create the symlinks. In your Sparkle undertaking, discover any occurrences of “Run Script: Hyperlink fr_CA to fr” and “Run Script: Hyperlink pt to pt_BR” in your Goal Construct Phases and take away them. I had them in “Sparkle”, “SparkleCore”, and “Installer Progress”.

After you construct and notarize, you’ll see that your app is “legitimate on disk” regardless of the way it’s unarchived.

I’ve additionally submitted this info to Apple’s Product Safety group. As I stated in my e-mail, the largest downside right here is expectations:

The rationale I’m writing is as a result of Safari’s implementation for opening “protected” information is one way or the other bypassing a code signing verify or repairing the downloaded package deal. The Archive Utility doesn’t. Buyer and developer expectations for unzipping archives is that they aren’t modified and behave the identical approach throughout all Apple merchandise.

For those who’re a Mac developer who’s utilizing Sparkle and distributing your product through an internet obtain, now’s a very good time to verify how issues work in a wide range of browsers. I’ve heard that we’re not the one ones affected.

And should you encounter a obtain that’s broken due to these Sparkle symlinks, this fast repair within the Terminal will set issues proper:

$ ditto xScope.app xScopeFixed.app
$ rm -rf xScope.app
$ mv xScopeFixed.app xScope.app

The ditto command strips the prolonged attributes which might be inflicting the problem. This may occasionally, in reality, be what Safari is doing for “protected” information.

All that’s left to do now’s marvel what surprises codesign has in retailer for subsequent 12 months’s launch of macOS…



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles