AdobeAcrobatReaderDCUpdates.pkg fails to build - Mismatch in authority names during CodeSignatureVerifier check

ehjmx commented 2 years ago

Hi, I have a routine that automatically runs autopkg once a week an builds a package list. During todays run the AdobeAcrobatReaderDCUpdates.pkg.recipe failed to build with the following error:

autopkg run AdobeAcrobatReaderDCUpdates.pkg -p /Users/autopkg/Downloads/Adobe\ Acrobat\ Reader\ DC\ Updates.dmg Processing AdobeAcrobatReaderDCUpdates.pkg... Mismatch in authority names. Note that all verification can be disabled by setting the variable DISABLE_CODE_SIGNATURE_VERIFICATION to a non-empty value. Failed. The following recipes failed: AdobeAcrobatReaderDCUpdates.pkg Error in local.pkg.AdobeAcrobatReaderDCUpdates: Processor: CodeSignatureVerifier: Error: Mismatch in authority names. Note that all verification can be disabled by setting the variable DISABLE_CODE_SIGNATURE_VERIFICATION to a non-empty value. Nothing downloaded, packaged or imported.

With pkgutil --check-signature I checked the signatur for the AcroRdrDCUpd2100720091_MUI.pkg. The result is:

Package "AcroRdrDCUpd2100720091_MUI.pkg": Status: signed by a developer certificate issued by Apple for distribution Signed with a trusted timestamp on: 2021-09-09 06:35:01 +0000 Certificate Chain:

Developer ID Installer: Adobe Inc. (JQ525L2MZD) Expires: 2025-03-20 15:53:03 +0000 SHA256 Fingerprint: EB A4 77 C5 66 4C 70 60 7B CD 99 73 19 24 5D FF 1A 94 85 A9 32 37 CE 14 9C FD 5C B9 1A 39 CA C5
Developer ID Certification Authority Expires: 2027-02-01 22:12:15 +0000 SHA256 Fingerprint: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03 F2 9C 88 CF B0 B1 BA 63 58 7F
Apple Root CA Expires: 2035-02-09 21:40:36 +0000 SHA256 Fingerprint: B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E 2C 68 C5 BE 91 B5 A1 10 01 F0 24

For me this looks exactly the same as in your AdobeAcrobatDCUpdates.download.recipe CodeSignatureVerifier section:

expected_authority_names Developer ID Installer: Adobe Inc. (JQ525L2MZD) Developer ID Certification Authority Apple Root CA

Could you please take a look at this. Thanks in advance.

Eric

ehjmx commented 2 years ago

I found the solution.

As I have both Reader and Pro I got confused and accidentally open the wrong download recipe.

In the AdobeAcrobatReaderDCUpdates.download.recipe CodeSignatureVerifier section under expected_authority_names there is the following string:

Developer ID Installer: Adobe Systems, Inc. (JQ525L2MZD)

When I change it to the above string Adobe Inc. (JQ525L2MZD) out of AdobeAcrobatDCUpdates.download.recipe the recipe builds.

If you may edit the file accordingly you can close the issue afterwards.

MLBZ521 commented 12 months ago

This was fixed in 3f82b08421ec3d97ef174440f96feef52626864a.

autopkg / novaksam-recipes

AdobeAcrobatReaderDCUpdates.pkg fails to build - Mismatch in authority names during CodeSignatureVerifier check #79

Developer ID Installer: Adobe Inc. (JQ525L2MZD) Expires: 2025-03-20 15:53:03 +0000 SHA256 Fingerprint: EB A4 77 C5 66 4C 70 60 7B CD 99 73 19 24 5D FF 1A 94 85 A9 32 37 CE 14 9C FD 5C B9 1A 39 CA C5

Developer ID Certification Authority Expires: 2027-02-01 22:12:15 +0000 SHA256 Fingerprint: 7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D 03 F2 9C 88 CF B0 B1 BA 63 58 7F