Re: Installer pkg built with Xcode 12.2 won't open in macOS 10.10 and 10.11


Jack Brindle
 

I would definitely file a bug report. At the least you may learn why they didn’t use SHA-1 in the Apple Silicon version of codesign.

The big surprise to me is that the Intel version does allow SHA-1. My initial understanding was that it didn’t, but you have shown their inconsistency in the implementation.
We know that SHA-1 is broken and no longer secure, which pretty much now makes codesigning with it useless.

Please let us know what Apple says in response to your ticket.

Jack

On Dec 7, 2020, at 7:26 PM, Jon Gotow <gotow@stclairsoft.com> wrote:

Seriously? I have to keep an Intel machine around just to do release builds that will run on older macOS versions? Is there any chance of getting SHA-1 checksums added in the Apple Silicon version of codesign if we file bugs?

- Jon


On Dec 7, 2020, at 7:20 PM, Jack Brindle via groups.io <jackbrindle=me.com@groups.io> wrote:

That is the issue! Your post jogged my memory. The older versions of macOS need SHA1, but the Apple Silicon version of macOS doesn’t do SHA-1. Apple switched over to SHA-256 several years ago, maintaining both in the system. But, it looks like they didn’t maintain the SHA-1 for Apple Silicon systems. It may be very important to keep an Intel Mac around to handle builds for the foreseeable future.




Join xcode@apple-dev.groups.io to automatically receive all group messages.