Re: Installer pkg built with Xcode 12.2 won't open in macOS 10.10 and 10.11


Jon Gotow
 

On Dec 7, 2020, at 3:58 PM, Alex Zavatone via groups.io <zav=mac.com@groups.io> wrote:

Jon, have you been able to isolate the difference between the two executables?
OK - so I went back and re-signed a known-working build of the app on both machines, just to make sure there weren't any inadvertent build differences caused by building the app with two different versions of Xcode (12.2 on the DTK machine, 12.2 beta 3 on the MacBook Pro). After re-signing them, I zipped both copies of the app and uploaded them to a server, then downloaded them onto an old MacBook Pro running macOS 10.10 Yosemite.

As before, the copy of the app that was code-signed on the DTK machine is reported as damaged when I double-click it to run it on Yosemite, while the copy that was code-signed on my 15" MacBook Pro launches correctly on Yosemite. Both machines where I did the code signing were running macOS 11.1 beta (20C5061b). I checksummed /usr/bin/codesign and the executables on both machines are the same, though they're presumably running different code since codesign is a universal binary.

Using 'codesign -dvvv --deep <appname>.app' (full output below) reveals that the working copy of the app includes both sha1 and sha256 hashes, while the non-working one only includes a sha256 hash. So does Yosemite not like sha256?

- Jon



For completeness, here are the commands I used to sign the code:

codesign -f -s "Developer ID Application: St. Clair Software (7HK42V8R9D)" --timestamp -o runtime Go64.app/Contents/Frameworks/Sparkle.framework/Resources/Autoupdate.app
codesign -f -s "Developer ID Application: St. Clair Software (7HK42V8R9D)" --timestamp -o runtime Go64.app/Contents/Frameworks/Sparkle.framework
codesign -f -s "Developer ID Application: St. Clair Software (7HK42V8R9D)" --entitlements Go64.entitlements --timestamp -o runtime Go64.app

And here are the results of displaying the results with codesign:

----- Copy of Go64 that works on Yosemite -----
Executable=/Volumes/StClairSW/Downloads/codesign test/Go64-Good.app/Contents/MacOS/Go64
Identifier=com.stclairsoft.Go64
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=2560 flags=0x10000(runtime) hashes=69+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=128f8fc1408c76dabe1875e3898c8c5b15c05746
CandidateCDHash sha256=11ce01c6847639cee4bd45b20f3aec69cc367f82
Hash choices=sha1,sha256
CDHash=11ce01c6847639cee4bd45b20f3aec69cc367f82
Signature size=9067
Authority=Developer ID Application: St. Clair Software (7HK42V8R9D)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Dec 7, 2020 at 6:31:38 PM
Info.plist entries=27
TeamIdentifier=7HK42V8R9D
Runtime Version=11.0.0
Sealed Resources version=2 rules=13 files=48
Nested=Frameworks/Sparkle.framework
Nested=MacOS/Go64Search
Internal requirements count=1 size=180


----- Copy of Go64 that does not work on Yosemite -----
Executable=/Volumes/StClairSW/Downloads/codesign test/Go64-Bad.app/Contents/MacOS/Go64
Identifier=com.stclairsoft.Go64
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=2560 flags=0x10000(runtime) hashes=69+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=3e39c465a06ea00880ac5b0d3c4aba523b70e49a
Hash choices=sha256
CDHash=3e39c465a06ea00880ac5b0d3c4aba523b70e49a
Signature size=8987
Authority=Developer ID Application: St. Clair Software (7HK42V8R9D)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Dec 7, 2020 at 5:13:14 PM
Info.plist entries=27
TeamIdentifier=7HK42V8R9D
Runtime Version=11.0.0
Sealed Resources version=2 rules=13 files=48
Nested=Frameworks/Sparkle.framework
Nested=MacOS/Go64Search
Internal requirements count=1 size=180

Join xcode@apple-dev.groups.io to automatically receive all group messages.