My app is built on 10.11.3. It is a prefPane with one command line tool and three app bundles (four helper tools) in it's bundle. I am getting GateKeeper warnings on 10.11.4 systems, but not on anything else.
It is manually codesigned with my Developer ID... first the helper tool frameworks, then the helper tools themselves and then the prefPane. So everything is signed from the inside-out. In terminal (on two different machines running 10.11.3) I get: spctl -a -t exec -vv My.prefPane /Volumes/Path/To//My.prefPane: accepted source=Developer ID origin=Developer ID Application: My Company, Inc. codesign --verbose=4 --deep --strict My.prefPane /Volumes/Path/To//My.prefPane: valid on disk /Volumes/Path/To//My.prefPane: satisfies its Designated Requirement In terminal (on two different machines running 10.11.4) I get: spctl -a -t exec -vv My.prefPane /Volumes/Path/To//My.prefPane: rejected source=obsolete resource envelope origin=Developer ID Application: My Company, Inc. codesign --verbose=4 --deep --strict My.prefPane /Volumes/Path/To//My.prefPane: valid on disk /Volumes/Path/To//My.prefPane: satisfies its Designated Requirement The codesign command is taken directly from what Xcode uses: codesign --force --sign "Developer ID Application: My Company, Inc." --requirements "=designated => anchor apple generic and identifier \"com.mycompany.myproduct.helper\" and ((cert leaf[field.1.2.840.113635.100.6.1.9] exists) or (certificate 1[field.1.2.840.113635.100.6.2.6] exists and certificate leaf[field.1.2.840.113635.100.6.1.13] exists and certificate leaf[subject.OU] = \"MYAPPLE123\"))" --timestamp=none "$BASEPATH/My.prefPane/Contents/Resources/MyHelper.app" When I run the above spctl terminal command on the helpers within the bundle on 10.11.4, the three helper app bundles are accepted but the command line tool is rejected with "obsolete resource envelope". If I copy that command line tool to a 10.11.3 system and run spctl, it is accepted. I have spent more than a day on this and am at a loss as to what is happening. Any ideas? _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
