www.cendio.com

Bug 5625

Summary: Signed client downloaded from our web fails to pass OS X Gatekeeper
Product: ThinLinc Reporter: Henrik Andersson <hean01@cendio.se>
Component: Client platformsAssignee: Peter Åstrand <astrand@cendio.se>
Status: CLOSED FIXED QA Contact: Bugzilla mail exporter <bugzilla-qa@cendio.se>
Severity: Normal    
Priority: P2 CC: hean01@cendio.se
Version: 4.3.0Keywords: hean01_tester, relnotes
Target Milestone: 4.5.0   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:

Description From cendio 2015-09-01 13:49:07
Downloaded our OS X client from www.cendio.se on out Mac OS X 10.10 client. The
GateKeeper prevent running the application. Verified that package was signed
using `codesign -v`...

Also verified that GateKeeper was configured to allow apps from identified
developers.
------- Comment #1 From cendio 2015-09-08 13:11:34 -------
https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG211

"You can also use the spctl tool to check if Gatekeeper will accept
your app's signature. spctl is a command-line interface to the same
security assessment policy subsystem that Gatekeeper uses."

$ spctl -a -t exec -vv Foo.app
------- Comment #2 From cendio 2015-09-11 12:59:57 -------
lab-42:~ admin$ spctl -a -t exec -vv /Volumes/ThinLinc\ Client\ 1/ThinLinc\
Client.app
/Volumes/ThinLinc Client 1/ThinLinc Client.app: accepted
source=Developer ID
origin=Developer ID Application: Cendio AB (PHUT6TWL4H)

However:

Sep  8 13:33:55 lab-42.lkpg.cendio.se CoreServicesUIAgent[314]: Error -60005
creating authorization
Sep  8 13:33:55 lab-42.lkpg.cendio.se CoreServicesUIAgent[314]: File
/Volumes/ThinLinc Client 1/ThinLinc Client.app/Contents/lib/tlclient/pulseaudio
failed on loadCmd /opt/thinlinc/lib/libpulsecore-4.0.dylib
Sep  8 13:33:55 lab-42.lkpg.cendio.se CoreServicesUIAgent[314]: Fails dylib
check

This is mentioned here:

https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG207

"Gatekeeper Changes in OS X v10.10.4 and Later"

Note: The changes in this section also apply to OS X v10.9.5 if Security Update
2015-005 Mavericks has been installed.

The changes in this section also apply to OS X v10.8.5 if Security Update
2015-005 Mountain Lion has been installed."
------- Comment #7 From cendio 2015-09-23 09:59:54 -------
Tested signing tl-4.4.0post_4895-client-osx.iso, seems to work fine.
------- Comment #9 From cendio 2015-09-25 08:12:15 -------
Verified that my test signed iso worked as expected.