"Preserve extended attributes" not respected

[cbenhagen]

Tested in version 1.2.8

For some reason notarizing our .app bundles works but the .pkg built by packages fail with "The signature of the binary is invalid". It looks like extended attributes (and thus the signatures) are being stripped from the bundles.

[ClaireDuSoleil]

I am also seeing this, even though "PRESERVE_EXTENDED_ATTRIBUTES" is true. The codesign command is adding extended attributes to the entitlements plist file which are stripped off when it gets packaged so it invalidates the signature and it won't notarize.

[ClaireDuSoleil]

I was able to fix my issue by moving the Entitlements.plist file out of the app folder before signing and just using it in the codesign command. It's not in the package that I'm building and I guess it doesn't need to be.

So, it's all working for me now. Thank you.

[packagesdev]

If you have an example to provide that reproduces the issue, I'm interested because so far I haven't been able to reproduce it (with a shell script for instance).

[packagesdev]

This beta build may address the issue: https://drive.google.com/open?id=0B_2n1wyuWXGVVXNPTUlJVnprSGM

[packagesdev]

Fixed for version 1.2.9.

[bruce0036]

hi @packagesdev I am using 1.2.9 to build pkg file from our app then I am getting The signature of the binary is invalid. for pkg notarization Can you help me?

[packagesdev]

Can you provide the package?

[yudiz-mobilegames]

Hey @packagesdev

I am using v1.2.10(beta version) which I downloaded from the link given above. Still getting the Invalid error. The error comes in "Contents/MacOS/appname" folder of the build. I have tried creating the package manually, there I don't face any issue in notarization but with the manual process, postinsall script does not run in the machine.

please advice.

[lart2150]

I need to do some more troubleshooting but with 1.2.9 I have this error notarizing FileMaker 19.4 but didn't have any issues with earlier versions. when I uncheck remove .DS_Store files, remove .pbdevelopment files and remove SCM metatadata the package notarizes without issue. I hope to have more time later to narrow it down to one of those.

[verdx]

I am getting the same problem when signing the script used in the /Library/StartupItems. After using the command line utility packagesbuild to create a package and installing the package, the extended attributes of the script are removed and thus, it is not signed. I have had to wrap the script in a tar file previous to the package creation and to decompress it in postinstall so that the extended arguments were preserved. More info at https://github.com/wazuh/wazuh-packages/issues/1917