Were there some changes with how certificates are handled, and how can I add back support for earlier OS versions?
Thanks
Yeah, that’s my suspicion too. I took a look at the macOS 11 version of productsign to see if it had an option to control this but, AFAICT, it does not.Big Sur does not correctly sign pkg files using SHA1 which is required
by El Capitan (10.11) and earlier.
An example package that reproduces the problem
A sysdiagnose log from the Mac taken immediately after it refuses to install the package
Apple never tells anyone their plans, for good reason.We'd like to know what Apple's plans are to fix this problem, and when we can expect this fix to be released.
This is expected behavior, you will need to produce two different packages that are signed with different hashes if you want to support older OSs.
under Big Sur, go to the folder where your libraries are stored and extract x86_64 libraries to a x86_64 folder with a command similar to:
Code Block find . -name "*.dylib" -exec lipo -extract x86_64 -output path/to/x86_64/'{}' '{}' ';'
extract arm64 libraries to an arm64 folder with a command similar to:
Code Block find . -name "*.dylib" -exec lipo -extract arm64 -output path/to/arm64/'{}' '{}' ';'
under an older system, go to x86_64 folder and change the signature of x86_64 libraries with a command like:
Code Block find . -name "*.dylib" -exec codesign -v -f -s "Developer ID Application" --options=runtime {} --entitlements path/to/entitlements.plist ';'
finally under Big Sur, go to x86_64 folder and rebuild universal libraries with a command similar to:
Code Block find . -name "*.dylib" -exec lipo '{}' path/to/arm64/'{}' -output path/to/yourApplication/'{}' -create ';'
I've got the following answer in my ticket:
that's pretty crazy. apple really loves its developersThis is expected behavior, you will need to produce two different packages that are signed with different hashes if you want to support older OSs.
Share and EnjoyFixed an issue that caused OS X 10.11 and earlier to reject packages
signed in macOS 11 or later. (71695608, 75599040)
This really is another annoying problem. We launched our software and keep getting complaints due to this. Looks like Apple doesn't really care about a solution though...
This really is another annoying problem.
So, with reference to my earlier post, are you saying that Xcode 12.5 has not fixed this issue for you?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"