I've seen quite a bit on my newsfeed regarding this... http://mjtsai.com/blog/2016/03/31/gatekeeper-bug-in-mac-os-x-10-11-4/ https://www.noodlesoft.com/blog/2016/04/05/hazel-3-3-8-getting-past-the-gates/ https://forums.developer.apple.com/message/81349#81349
Haven't seen any workarounds yet - hope this helps! John On Thu, Apr 7, 2016, at 08:13 AM, Trygve Inda wrote: > My app is built on 10.11.3. It is a prefPane with one command line tool > and > three app bundles (four helper tools) in it's bundle. I am getting > GateKeeper warnings on 10.11.4 systems, but not on anything else. > > It is manually codesigned with my Developer ID... first the helper tool > frameworks, then the helper tools themselves and then the prefPane. So > everything is signed from the inside-out. > > In terminal (on two different machines running 10.11.3) I get: > > spctl -a -t exec -vv My.prefPane > > /Volumes/Path/To//My.prefPane: accepted > source=Developer ID > origin=Developer ID Application: My Company, Inc. > > codesign --verbose=4 --deep --strict My.prefPane > > /Volumes/Path/To//My.prefPane: valid on disk > /Volumes/Path/To//My.prefPane: satisfies its Designated Requirement > > > In terminal (on two different machines running 10.11.4) I get: > > spctl -a -t exec -vv My.prefPane > > /Volumes/Path/To//My.prefPane: rejected > source=obsolete resource envelope > origin=Developer ID Application: My Company, Inc. > > codesign --verbose=4 --deep --strict My.prefPane > > /Volumes/Path/To//My.prefPane: valid on disk > /Volumes/Path/To//My.prefPane: satisfies its Designated Requirement > > > The codesign command is taken directly from what Xcode uses: > > codesign --force --sign "Developer ID Application: My Company, Inc." > --requirements "=designated => anchor apple generic and identifier > \"com.mycompany.myproduct.helper\" and ((cert > leaf[field.1.2.840.113635.100.6.1.9] exists) or (certificate > 1[field.1.2.840.113635.100.6.2.6] exists and certificate > leaf[field.1.2.840.113635.100.6.1.13] exists and certificate > leaf[subject.OU] = \"MYAPPLE123\"))" --timestamp=none > "$BASEPATH/My.prefPane/Contents/Resources/MyHelper.app" > > > When I run the above spctl terminal command on the helpers within the > bundle > on 10.11.4, the three helper app bundles are accepted but the command > line > tool is rejected with "obsolete resource envelope". > > If I copy that command line tool to a 10.11.3 system and run spctl, it is > accepted. > > I have spent more than a day on this and am at a loss as to what is > happening. > > Any ideas? > > > > > _______________________________________________ > > Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/johnp%2Blists%40peach.io > > This email sent to johnp+li...@peach.io _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
