search

Lord-Kamina / SwiftDefaultApps

Replacement for RCDefaultApps, written in Swift.
Other
1.42k stars 62 forks source link

spctl shows notarization or signature as "rejected" #59

Open fredjohnsen opened 2 years ago

fredjohnsen commented 2 years ago

I am not having a problem deploying but there does seem to be a problem with the signing:

%  sudo spctl -a -vv -t execute /usr/local/bin/swda
/usr/local/bin/swda: rejected
origin=Mac Developer: g.litenstein@gmail.com (B9BYV4VDX3)

I think it is related to this: https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format

% sudo codesign --display --verbose=99 /usr/local/bin/swda
Executable=/usr/local/bin/swda
Identifier=swda
Format=Mach-O thin (x86_64)
CodeDirectory v=20200 size=2916 flags=0x0(none) hashes=84+5 location=embedded
VersionPlatform=1
VersionMin=658432
VersionSDK=658944
Hash type=sha256 size=32
CandidateCDHash sha256=fa67c7c1ea11d01906ae42c40b05a00e51ab05a7
CandidateCDHashFull sha256=fa67c7c1ea11d01906ae42c40b05a00e51ab05a7cc248e252ae318f783b2f67c
Hash choices=sha256
CMSDigest=fa67c7c1ea11d01906ae42c40b05a00e51ab05a7cc248e252ae318f783b2f67c
CMSDigestType=2
Page size=4096
    -5=eda0e349a903d27ba3b4d17ddb7364e137bc8292a2457384a8dfa9a663f78802
    -4=0000000000000000000000000000000000000000000000000000000000000000
    -3=0000000000000000000000000000000000000000000000000000000000000000
    -2=3179afaf12eec1ea5722f8a58f66f95f4d0ffee7e0ee4dc9443b6139d23f4f6a
    -1=0000000000000000000000000000000000000000000000000000000000000000
     0=c046bdc3613b8f20c4990a1602b9b51d841956c65a67f0c279d6f27934bf55f0

Thanks.

kbluck commented 2 years ago

You can fix this locally with: xattr -d com.apple.quarantine /path/to/swda

I tried screwing around with spctl and adding a rule didn't work, even disabling GateKeeper completely didn't work. So, something about the file having this attribute due to being downloaded. I don't know that this can be fixed in the build.

fredjohnsen commented 2 years ago

The quarantine flag is always added to anything that is downloaded. I don't think that's the issue.

spctl is showing as "rejected" so maybe your developer cert is expired or something in your profile info doesn't match?

On May 20, 2022, at 1:20 PM, Kevin Bluck @.***> wrote:

 You can fix this locally with: xattr -d com.apple.quarantine /path/to/swda

I tried screwing around with spctl and adding a rule didn't work, even disabling GateKeeper completely didn't work. So, something about the file having this attribute due to being downloaded. I don't know that this can be fixed in the build.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.

kbluck commented 2 years ago

Yes, you're right. The code signature needs the new DER entitlements.

Until that happens, removing the quarantine extended attribute does allow you to run swda.

Lord-Kamina commented 2 years ago

Yes, you're right. The code signature needs the new DER entitlements.

Until that happens, removing the quarantine extended attribute does allow you to run swda.

It's never gonna happen because this was a hobby project and I'm not paying to get a proper developer ID. Also, most of the LaunchServices API that this app is based on is deprecated and AFAIK there is no direct replacement for it as of yet.

This is why I've essentially abandoned it for now.

gurple commented 2 years ago

And I just found it after my ages of blindly wandering the earth without RCDefaultApp.