We have a case where some users, within the same organization, report that our application does not start on macOS Catalina.
When this is the case, the error message in console is
Trust evaluate failure: [leaf TemporalValidity]
The same app works on other devices which seem to be equivalent (same macOS version...).
I'm trying to figure out what could be the issue and which log could help us understanding what's wrong.
I can see track of this error in a blog post from the Eclectic Light Company Blog (sounds like I can't post the link, but googling for "What happened when MRT was updated" should redirect to it) ; both running / not running devices have most up to date MRT Data.
The app is signed and notarized (and it's anyway the same app on both devices).
Any idea on what to look at to understand what fails ?
When this is the case, the error message in console is
Trust evaluate failure: [leaf TemporalValidity]
The same app works on other devices which seem to be equivalent (same macOS version...).
I'm trying to figure out what could be the issue and which log could help us understanding what's wrong.
I can see track of this error in a blog post from the Eclectic Light Company Blog (sounds like I can't post the link, but googling for "What happened when MRT was updated" should redirect to it) ; both running / not running devices have most up to date MRT Data.
The app is signed and notarized (and it's anyway the same app on both devices).
Any idea on what to look at to understand what fails ?
Ah, I missed the point that this was a code signing certificate. That does change my answer somewhat. Specifically, the About upcoming limits on trusted certificates article applies to TLS certificates only.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
No. -d displays information about the code signature, which doesn’t give you any insight into what’s going wrong. You could use --extract-certificates to extract the certificates and then look for date-related validity issues. Or you could actually do a trust evaluation using codesign -v.Is this enough to run codesign -dv --verbose=4 … to track down the
issue ?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"