SecCodeCheckValidityWithErrors returns -67030 on OS X 10.9/10.10

Is there a known bug/limitation with the SecCodeCheckValidityWithErrors on OS X 10.9/10.10 when it comes to checking the validity of an app in the following case:
  • the application A.app is a bundle.

  • inside Ap.app/Contents/MacOS there is an additional binary B.


B is launched by launchd and runs an XPC mach service.
A is a client of this XPC mach service.

When A tries to connect to B, B checks the calling process with SecCodeCheckValidityWithErrors.

On OS X 10.9/10.10, SecCodeCheckValidityWithErrors returns -67030 (errSecCSInfoPlistFailed / invalid Info.plist (plist or signature have been modified)).

On OS X 10.11 and later, SecCodeCheckValidityWithErrors succeeds.

If a copy of B is installed outside of the A.app bundle and it's this copy that launchd starts, A can communicate with B.

[Q] Was there a bug in OS X 10.9/10.10 where SecCodeCheckValidityWithErrors would return -67030 if the XPC server is inside the MacOS folder of the XPC client?

This doesn’t ring any bells. My only suggestion is that you open a DTS tech support incident so that I can dig into this in depth.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
SecCodeCheckValidityWithErrors returns -67030 on OS X 10.9/10.10
 
 
Q