www.cendio.com
Bug 5625 - Signed client downloaded from our web fails to pass OS X Gatekeeper
: Signed client downloaded from our web fails to pass OS X Gatekeeper
Status: CLOSED FIXED
: ThinLinc
Client platforms
: 4.3.0
: PC Unknown
: P2 Normal
: 4.5.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2015-09-01 13:49 by
Modified: 2015-09-28 12:33 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2015-09-01 13:49:07
Downloaded our OS X client from www.cendio.se on out Mac OS X 10.10 client. The
GateKeeper prevent running the application. Verified that package was signed
using `codesign -v`...

Also verified that GateKeeper was configured to allow apps from identified
developers.
------- Comment #1 From cendio 2015-09-08 13:11:34 -------
https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG211

"You can also use the spctl tool to check if Gatekeeper will accept
your app's signature. spctl is a command-line interface to the same
security assessment policy subsystem that Gatekeeper uses."

$ spctl -a -t exec -vv Foo.app
------- Comment #2 From cendio 2015-09-11 12:59:57 -------
lab-42:~ admin$ spctl -a -t exec -vv /Volumes/ThinLinc\ Client\ 1/ThinLinc\
Client.app
/Volumes/ThinLinc Client 1/ThinLinc Client.app: accepted
source=Developer ID
origin=Developer ID Application: Cendio AB (PHUT6TWL4H)

However:

Sep  8 13:33:55 lab-42.lkpg.cendio.se CoreServicesUIAgent[314]: Error -60005
creating authorization
Sep  8 13:33:55 lab-42.lkpg.cendio.se CoreServicesUIAgent[314]: File
/Volumes/ThinLinc Client 1/ThinLinc Client.app/Contents/lib/tlclient/pulseaudio
failed on loadCmd /opt/thinlinc/lib/libpulsecore-4.0.dylib
Sep  8 13:33:55 lab-42.lkpg.cendio.se CoreServicesUIAgent[314]: Fails dylib
check

This is mentioned here:

https://developer.apple.com/library/mac/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG207

"Gatekeeper Changes in OS X v10.10.4 and Later"

Note: The changes in this section also apply to OS X v10.9.5 if Security Update
2015-005 Mavericks has been installed.

The changes in this section also apply to OS X v10.8.5 if Security Update
2015-005 Mountain Lion has been installed."
------- Comment #7 From cendio 2015-09-23 09:59:54 -------
Tested signing tl-4.4.0post_4895-client-osx.iso, seems to work fine.
------- Comment #9 From cendio 2015-09-25 08:12:15 -------
Verified that my test signed iso worked as expected.