KeePassXC-2.2.4-2.dmg corrupted

[janmach71]

After downloading and opening KeePassXC-2.2.4-2.dmg I get error message:

The following disk images couldn't be opened: KeePassXC-2.2.4-2.dmg corrupt image

Expected Behavior

Dmg opens and app is possible to installed.

Current Behavior

Dmg does not open.

Possible Solution

regenerate dmg

Steps to Reproduce (for bugs)

1. download
2. open

Debug Info

Operating system: OSX 10.10.5

[yan12125]

Maybe an incomplete download? Did you check SHA256 sum or the GPG signature?

[weslly]

The .dmg works fine for me, have you tried downloading it again?

[phoerious]

The dmg is signed, but apparently that only works from 10.11.5 onward. That you can't even open it in earlier versions appears stupid to me. Even more stupid is that signing the dmg seems to have no effect in newer systems that do support it, at least that's the casse on my test system. Maybe we should only sign the app, not the dmg. I did it, because I thought it couldn't hurt, but I suppose I was wrong.

[weslly]

@phoerious The .dmg doesn't need to be signed, since it is not an executable.

[phoerious]

I know, but it's possible to sign it. Theoretically, Gatekeeper should see that and allow to start the contained executable, but it seems to have no effect. As I said, I thought it couldn't hurt, but seems like it does hurt. The tool we use for generating the DMGs also signs DMGs automatically if it detects a valid key, so that was another piece of evidence that signing DMGs is okay and doesn't break anything.

[droidmonkey]

Signing with a valid key should NEVER be a bad thing or the wrong thing to do. Just my two cents.

[phoerious]

No, but apparently, signed DMGs are incompatible with older systems (unless the TO somehow managed to download a broken binary)

[weslly]

Apple's documentation doesn't say signed DMGs are incompatible before 10.11.5, so it may be an error with OP's downloaded file.

[the-real-tokai]

I can't open the provided ".dmg" file either (on Yosemite 10.10.5). Pops up a window and telling me The following disk images couldn't be opened: "KeePassXC-2.2.4.2.dmg: corrupt image".

I checked the downloaded file's sha256 checksum and verified with gpg. All is OK, so the file is supposedly as it's meant to be (which is obviously incompatible with older OS installations.)

[clobber]

@phoerious

$ hdiutil imageinfo -format KeePassXC-2.2.4-2.dmg
ULFO
$ man hdiutil | grep "ULFO -"
         ULFO - UDIF lzfse-compressed image (OS X 10.11+ only)

OS X 10.11 added ULFO format images compressed with lzfse. These images are more efficient and smaller than comparable UDZO images compressed with zlib, and retain kernel compatibility, but are not usable on earlier OSes.

Your disk image was compressed using the newer LZFSE compression algorithm only available in 10.11 and above, so it won't open on 10.10 Yosemite. For maximum compatibility use UDBZ bzip2.

To those still using 10.10 Yosemite: With the release of 10.13 High Sierra, Apple has ended support for 10.10 which means it will no longer receive security updates. Apple's security and End of Life policy is well-known: they support the current version of macOS (now 10.13) and the two previous releases (currently 10.12 and 10.11). 10.11 El Capitan did not leave any hardware behind and is a free upgrade, so if your Mac can run 10.10 it can run 10.11 too. It is strongly advised that you upgrade. Time to click that upgrade button, folks!

[weslly]

The tool used on release-tool to create the .dmg doesn't support changing the compression algorithm, and although 2.2.4 still uses Qt 5.9, Qt 5.10 doesn't support anything before 10.11 either, so unless we stick to Qt 5.9 for some time on the next releases instead of upgrading, updating the .dmg to support 10.10 wouldn't really matter.

[TheZ3ro]

Strange, we are explicitly making UDBZ dmg

IDK why with the last release an ULFO came out, @phoerious can you retry to bundle a dmg, check if it's an UDBZ and try to sign it? Maybe the signing tool is converting it to ULFO

UDZO - UDIF zlib-compressed image
UDBZ - UDIF bzip2-compressed image (OS X 10.4+ only)
ULFO - UDIF lzfse-compressed image (OS X 10.11+ only)

[phoerious]

The release-tool is repackaging the DMG, because it needs to sign the app directory inside it.

[TheZ3ro]

What about using dmgbuild instead of create-dmg in release-tool ?

dmgbuild can pack in UDBZ format https://dmgbuild.readthedocs.io/en/latest/settings.html#disk-image-settings

[phoerious]

I kind of like the looks of the DMGs created by create-dmg.

[TheZ3ro]

We can fork create-dmg and fix the UDBZ parameter :stuck_out_tongue: , or bump the minimum mac version, but I'm not a great fan of bumping versions

[the-real-tokai]

@clobber

We are probably well aware of this fact. Sometimes you can't update to Apple's latest disaster for various reasons (Apple abandoned your hardware; Apple introduced incompatibilities with 3rd party software which can't be updated any longer; or are too expensive to update for each yearly OS update; don't have the time to deal with all the new bugs; don't have the time to deal reinstalling all kind of customisations that have collected over time (usually updates break those kind of things); etc.) 😄

That's why I'm here at least to somewhat secure some sensible data with 3rd party software where Apple fails to provide fixes for its own solutions.

I'm also aware Apple makes it hard, almost impossible, for 3rd-party application developers to keep support for older versions of the OS going in their apps by crippling XCode with each major update. 😢

[clobber]

@the-real-tokai Oh boy, there's always one of you in every thread.

[phoerious]

The problem I have with Apple is that they themselves only support the latest two versions. It's become increasingly harder to support EOL Apple products even if they aren't that old. It's somewhat easier to support a legacy but still-supported Ubuntu 14.04 than a not-so-legacy, but EOL macOS 10.10.

[clobber]

Well I think their EOL philosophy is easy to sympathize with:

• backporting is hard
• OS updates are free
• for the sake of moving forward and lessening maintenance burdens, crusty API must be deprecated and certain hardware support has be dropped eventually (usually about 7 years can be expected)

Given that, supporting the last two major releases with security updates seems acceptable. Most mainstream Mac software follows suit with Apple's EOL policy and have very good reason to drop support of an OS that no longer receives security updates. Apple need not care about a user's weird update-phobia, hackintosh installs or a software vendor's negligence to update their apps. Lucky for Mac devs that they don't have to deal with a scenario where the majority of their userbase is stuck on pirated XP or Win 7. If a user desires insane backwards compatibility, they can switch back to the nightmare that is Windows.

[phoerious]

I wish everybody was running on recent software, but that's just not the real world. It's not been the first time that we try to use some new-ish technology and it only took a day until the first bunch of people started complaining that KeePassXC stopped working for them.

[clobber]

Me too, but luckily on the Mac, OS updates are free so it’s less of a problem or a care for that matter. Sure, there will always be a vocal and stubborn minority with a GitHub account that are not running the latest OS, but if you check analytics you’ll find that’s a small base that’s not worth the effort of supporting. Eventually you will use the latest Qt which requires 10.11+.

[TheZ3ro]

@clobber yes, usually our releases are compiled with latest available Qt so this isn't really a problem

[phoerious]

I would totally agree if we were some low-risk productivity application (some photo or text editor, e.g.), but KeePassXC is a product that is used in many different (critical) environments, such as companies' internal infrastructure. Those often run on older software, regardless of Apple's EOL policy.

[yan12125]

TexStudio, another Qt application I use on macOS, distribute apps in zip archives. To use that app, users just need to decompress the archive and double-click on the extracted texstudio.app. Do you think it's a good idea for distribution?

[phoerious]

I thinks it's rather uncommon. A DMG is both an installer and a portable distribution.

[weslly]

Using zip archives to distribute mac apps is actually very common, it is just not as customizable as .dmg images.

[serge-vk]

Please, consider providing an alternative zip or other archive format distribution. There are many of us here who for various reasons are not updating to 10.11. Yes, it is possible to unpack the dmg on a computer with a more recent OS, but that may be quite a complication if you only have one piece of hardware.

[phoerious]

I'll make a patch to use dmgbuild instead.

[toddfoster]

I'm guessing this is a related issue:

I'm running 10.13.2 (17C88).

The download checks out:

~/Downloads$ shasum -a 256 -c KeePassXC-2.2.4-2.dmg.DIGEST
KeePassXC-2.2.4-2.dmg: OK

The dmg shows it has opened in Finder & DiskUtil but when I try to go to that folder (/Volumes/KeePassXC) it pops up a dialog complaining `"KeePassXC" can't be opened because the original item can't be found.' On the other hand, in the shell I get:

/Volumes/KeePassXC$ ls -l
total 8
lrwxr-xr-x  1 toddfoster  staff   13 Dec 14 09:24 Applications -> /Applications
drwxr-xr-x  3 toddfoster  staff  102 Dec 14 09:24 KeePassXC.app

I can move the .app to /Applications from the CLI and it works just fine.

Thank you for doing the painful work of cross-platform support!

[weslly]

@toddfoster Doesn't seem to be an issue with the .dmg. Try restarting finder.

[toddfoster]

@weslly Confirmed, the image opens fine after a restart. I apologize for the false report. I thought only Windows boxes had to be restarted in order to function properly. :-)

[jsoref]

Guys, can you please fix the website to indicate that the current build doesn't work with 10.10.5 and point to a version that does?

[TheZ3ro]

Note: Soon we will release 2.3.0