Keystore Explorer 5.4.2 not working with Mac OS Catalina

kaikramer / keystore-explorer

KeyStore Explorer is a free GUI replacement for the Java command-line utilities keytool and jarsigner.

https://keystore-explorer.org/

GNU General Public License v3.0

1.7k stars 275 forks source link

Keystore Explorer 5.4.2 not working with Mac OS Catalina #201

Closed MacMachani closed 4 years ago

MacMachani commented 4 years ago

Downloaded Keystore Explorer on Mac OS Catalina and it is NOT compatible! “KeyStore Explorer” can’t be opened because Apple cannot check it for malicious software. This software needs to be updated. Contact the developer for more information. Screen Shot 2019-12-17 at 9 48 16 AM

kaikramer commented 4 years ago

Thanks for informing me. Here is a link to an official Apple support page that tells you what to do: Safely open apps on your Mac Scroll down to this section: "How to open an app that hasn’t been notarized or is from an unidentified developer"

MacMachani commented 4 years ago

Thanks appreciate the assist! I can open Keystore app on Mac OS Catalina!

joeselway commented 4 years ago

@kaikramer I can help with notarizing this great app so it passes latest Gatekeeper checks. I've had to do a bit of that. Currently the notarization service says:

*** Error: Unable to validate archive '/Applications/KeyStore Explorer.app': (
    "Error Domain=ITunesSoftwareServiceErrorDomain Code=-21017 \"Could not find the main bundle or the Info.plist is missing a CFBundleIdentifier in '/Applications/KeyStore Explorer.app'.\" UserInfo={NSLocalizedDescription=Could not find the main bundle or the Info.plist is missing a CFBundleIdentifier in '/Applications/KeyStore Explorer.app'., NSLocalizedFailureReason=Unable to validate your application.}"

I can see you have added hardened runtime to the code sign, so there should just be a couple more steps to that build process once the requirements such as above feedback are met :-) Let me know if I can help. Cheers!

kaikramer commented 4 years ago

@joeselway Any help is appreciated. However, notarization itself is not really an issue. KSE 5.4.3 actually was successfully notarized right after the release. Unfortunately on some machines the launcher was not able to start the Java runtime. So I had to re-package KSE without hardening and notarization.

My last attempt was to sign with the following entitlements, but it still failed to start:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.cs.allow-jit</key>
        <true />
        <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
        <true />
        <key>com.apple.security.cs.disable-executable-page-protection</key>
        <true />
        <key>com.apple.security.cs.disable-library-validation</key>
        <true />
        <key>com.apple.security.cs.allow-dyld-environment-variables</key>
        <true />
    </dict>
</plist>

allnash commented 4 years ago

I am having the same issue. Sad!