Hello,
My app (embedding a Finder ext and Sys ext) is running well in my development machine (Big Sur with SIP disabled) but crashes at startup in Catalina (with SIP).
The app is signed and notarized.
Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
I did the following checks:
codesign -dv --verbose=4 /Applications/myApp.app
Executable=/Applications/myApp.app/Contents/MacOS/myApp
Identifier=a.b.c.d
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=37422 flags=0x10000(runtime) hashes=1158+7 location=embedded
VersionPlatform=1
VersionMin=659200
VersionSDK=721152
Hash type=sha256 size=32
CandidateCDHash sha256=97cb5bb480cd24ee3f3abc025271110f481bef5a
CandidateCDHashFull sha256=97cb5bb480cd24ee3f3abc025271110f481bef5a601b72d7c0b1440d2188c096
Hash choices=sha256
CMSDigest=97cb5bb480cd24ee3f3abc025271110f481bef5a601b72d7c0b1440d2188c096
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=3915776
Executable Segment flags=0x1
Page size=4096
CDHash=97cb5bb480cd24ee3f3abc025271110f481bef5a
Signature size=8992
Authority=Developer ID Application: ...
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=19 May 2021 at 10:50:35
Info.plist entries=22
TeamIdentifier=...
Runtime Version=11.1.0
Sealed Resources version=2 rules=13 files=118
Internal requirements count=1 size=196
=> Could the "Runtime Version=11.1.0" explain the issue?
Note that the deployment target is 10.15.
codesign -vvv --deep --strict /Applications/myApp.app
...
/Applications/myApp.app: valid on disk
/Applications/myApp.app: satisfies its Designated Requirement
spctl -a -t exec -vvv /Applications/myApp.app 2>&1 | grep Notarized
source=Notarized Developer ID
security cms -D -i /Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.e.Extension.systemextension/Contents/embedded.provisionprofile
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "...">
<plist version="1.0">
<dict>
<key>AppIDName</key>
<string>...</string>
<key>ApplicationIdentifierPrefix</key>
<array>
<string>...</string>
</array>
<key>CreationDate</key>
<date>2021-03-29T06:47:11Z</date>
<key>Platform</key>
<array>
<string>OSX</string>
</array>
<key>IsXcodeManaged</key>
<false/>
<key>DeveloperCertificates</key>
<array>
<data>MIIFtjCCBJ6gAwIBAgIIDPP2OBmNMQwwDQYJKoZIhvcNAQELBQAweTEtMCsGA1UEAwwkRGV2ZWxvcGVyIElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwNjIyMTE1OTI1WhcNMjUwNjIzMTE1OTI1WjCBpTEaMBgGCgmSJomT8ixkAQEMCjg2NFZEQ1MyUVkxRTBDBgNVBAMMPERldmVsb3BlciBJRCBBcHBsaWNhdGlvbjogSW5mb21hbmlhayBOZXR3b3JrIFNBICg4NjRWRENTMlFZKTETMBEGA1UECwwKODY0VkRDUzJRWTEeMBwGA1UECgwVSW5mb21hbmlhayBOZXR3b3JrIFNBMQswCQYDVQQGEwJDSDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOPkChyZl1hPMQNeU+YEBi+lDQxQsFFmpjrFPpZNlM3noLKvzP8KI9uBs/TEt0Yx/OpbbuQHT+z0afr/eVepffT/c001dMMy96AwesjT0L3VI5tApzBC8Ds+iAXV0LBSkj41rcnxoRSH7tnOcIQ7pQbe2RJVBsc0R686b3lf8RTDDnKsDbYQ0NjLLRu+gg3XQaaF2YkGwavYlOH4W674UbhauyDp427yL4rHmpWqsWB16iKVLngATvhRsIAoMMDQNiqgpwFQvgM+RE87gWITXtMeiLJsN11ycZgC+NwIVlAgk6niLZkPJyQyRXtC/dMYUGlju0OxQJlR3aZ4FDUhl8UCAwEAAaOCAhMwggIPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUVxftos/cfJihEOD8voctLPLjF1QwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWRldmlkMDYwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBQSsj8IO9I/UtSJbMvBWka5Yp6GyTAOBgNVHQ8BAf8EBAMCB4AwHwYKKoZIhvdjZAYBIQQRDA8yMDE5MDkxNjAwMDAwMFowEwYKKoZIhvdjZAYBDQEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABL6WyRaT4OIK8kEpcbAiLyy3J2MRuB9sWIyQR0iYoqZyd3D+I+kEhd25UCuMyxUN48nK1juNoKdHqtkEjl6xJqOioNMAGbBga3jHl8LTmOWZ8u5Vg2ODzsI2uX/oTmHelh1g6dAxk6nl2UBhiJdCTpszJXMPvOHUqIpbH8kRHhQUq+OoRXkkB32bJPd/fLyPjxnPz30tN4OFu6ms6rO08e1Z9avhQntwAMPi6OYy3LAED2n7NOSkdtpP8j9rFCz6yrcZyNjG0D045G1bIA8mVzU95j5bc68Bpb4NUKxC9vqkoUbNbM8vkTOVJmceuBqt3i+3bLRnfkeFwKrtDSeP00=</data>
</array>
<key>Entitlements</key>
<dict>
<key>com.apple.developer.endpoint-security.client</key>
<true/>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.application-identifier</key>
<string>...</string>
<key>keychain-access-groups</key>
<array>
<string>....*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>...</string>
</dict>
<key>ExpirationDate</key>
<date>2039-03-25T06:47:11Z</date>
<key>Name</key>
<string>...</string>
<key>ProvisionsAllDevices</key>
<true/>
<key>TeamIdentifier</key>
<array>
<string>...</string>
</array>
<key>TeamName</key>
<string>...</string>
<key>TimeToLive</key>
<integer>6570</integer>
<key>UUID</key>
<string>db2079f3-d329-4c03-b8ca-23a61ec3b305</string>
<key>Version</key>
<integer>1</integer>
</dict>
</plist>%
Is there something bad here?
Thank you
Chris
My app (embedding a Finder ext and Sys ext) is running well in my development machine (Big Sur with SIP disabled) but crashes at startup in Catalina (with SIP).
The app is signed and notarized.
Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace CODESIGNING, Code 0x1
I did the following checks:
codesign -dv --verbose=4 /Applications/myApp.app
Executable=/Applications/myApp.app/Contents/MacOS/myApp
Identifier=a.b.c.d
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=37422 flags=0x10000(runtime) hashes=1158+7 location=embedded
VersionPlatform=1
VersionMin=659200
VersionSDK=721152
Hash type=sha256 size=32
CandidateCDHash sha256=97cb5bb480cd24ee3f3abc025271110f481bef5a
CandidateCDHashFull sha256=97cb5bb480cd24ee3f3abc025271110f481bef5a601b72d7c0b1440d2188c096
Hash choices=sha256
CMSDigest=97cb5bb480cd24ee3f3abc025271110f481bef5a601b72d7c0b1440d2188c096
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=3915776
Executable Segment flags=0x1
Page size=4096
CDHash=97cb5bb480cd24ee3f3abc025271110f481bef5a
Signature size=8992
Authority=Developer ID Application: ...
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=19 May 2021 at 10:50:35
Info.plist entries=22
TeamIdentifier=...
Runtime Version=11.1.0
Sealed Resources version=2 rules=13 files=118
Internal requirements count=1 size=196
=> Could the "Runtime Version=11.1.0" explain the issue?
Note that the deployment target is 10.15.
codesign -vvv --deep --strict /Applications/myApp.app
...
/Applications/myApp.app: valid on disk
/Applications/myApp.app: satisfies its Designated Requirement
spctl -a -t exec -vvv /Applications/myApp.app 2>&1 | grep Notarized
source=Notarized Developer ID
security cms -D -i /Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.e.Extension.systemextension/Contents/embedded.provisionprofile
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "...">
<plist version="1.0">
<dict>
<key>AppIDName</key>
<string>...</string>
<key>ApplicationIdentifierPrefix</key>
<array>
<string>...</string>
</array>
<key>CreationDate</key>
<date>2021-03-29T06:47:11Z</date>
<key>Platform</key>
<array>
<string>OSX</string>
</array>
<key>IsXcodeManaged</key>
<false/>
<key>DeveloperCertificates</key>
<array>
<data>MIIFtjCCBJ6gAwIBAgIIDPP2OBmNMQwwDQYJKoZIhvcNAQELBQAweTEtMCsGA1UEAwwkRGV2ZWxvcGVyIElEIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwNjIyMTE1OTI1WhcNMjUwNjIzMTE1OTI1WjCBpTEaMBgGCgmSJomT8ixkAQEMCjg2NFZEQ1MyUVkxRTBDBgNVBAMMPERldmVsb3BlciBJRCBBcHBsaWNhdGlvbjogSW5mb21hbmlhayBOZXR3b3JrIFNBICg4NjRWRENTMlFZKTETMBEGA1UECwwKODY0VkRDUzJRWTEeMBwGA1UECgwVSW5mb21hbmlhayBOZXR3b3JrIFNBMQswCQYDVQQGEwJDSDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOPkChyZl1hPMQNeU+YEBi+lDQxQsFFmpjrFPpZNlM3noLKvzP8KI9uBs/TEt0Yx/OpbbuQHT+z0afr/eVepffT/c001dMMy96AwesjT0L3VI5tApzBC8Ds+iAXV0LBSkj41rcnxoRSH7tnOcIQ7pQbe2RJVBsc0R686b3lf8RTDDnKsDbYQ0NjLLRu+gg3XQaaF2YkGwavYlOH4W674UbhauyDp427yL4rHmpWqsWB16iKVLngATvhRsIAoMMDQNiqgpwFQvgM+RE87gWITXtMeiLJsN11ycZgC+NwIVlAgk6niLZkPJyQyRXtC/dMYUGlju0OxQJlR3aZ4FDUhl8UCAwEAAaOCAhMwggIPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUVxftos/cfJihEOD8voctLPLjF1QwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWRldmlkMDYwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBQSsj8IO9I/UtSJbMvBWka5Yp6GyTAOBgNVHQ8BAf8EBAMCB4AwHwYKKoZIhvdjZAYBIQQRDA8yMDE5MDkxNjAwMDAwMFowEwYKKoZIhvdjZAYBDQEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABL6WyRaT4OIK8kEpcbAiLyy3J2MRuB9sWIyQR0iYoqZyd3D+I+kEhd25UCuMyxUN48nK1juNoKdHqtkEjl6xJqOioNMAGbBga3jHl8LTmOWZ8u5Vg2ODzsI2uX/oTmHelh1g6dAxk6nl2UBhiJdCTpszJXMPvOHUqIpbH8kRHhQUq+OoRXkkB32bJPd/fLyPjxnPz30tN4OFu6ms6rO08e1Z9avhQntwAMPi6OYy3LAED2n7NOSkdtpP8j9rFCz6yrcZyNjG0D045G1bIA8mVzU95j5bc68Bpb4NUKxC9vqkoUbNbM8vkTOVJmceuBqt3i+3bLRnfkeFwKrtDSeP00=</data>
</array>
<key>Entitlements</key>
<dict>
<key>com.apple.developer.endpoint-security.client</key>
<true/>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.application-identifier</key>
<string>...</string>
<key>keychain-access-groups</key>
<array>
<string>....*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>...</string>
</dict>
<key>ExpirationDate</key>
<date>2039-03-25T06:47:11Z</date>
<key>Name</key>
<string>...</string>
<key>ProvisionsAllDevices</key>
<true/>
<key>TeamIdentifier</key>
<array>
<string>...</string>
</array>
<key>TeamName</key>
<string>...</string>
<key>TimeToLive</key>
<integer>6570</integer>
<key>UUID</key>
<string>db2079f3-d329-4c03-b8ca-23a61ec3b305</string>
<key>Version</key>
<integer>1</integer>
</dict>
</plist>%
Is there something bad here?
Thank you
Chris
I finally managed to fix the problem.
I created a dummy application in Xcode embedding my sysext and I was able to recover the right entitlements.
Thank you, Quinn, for putting me on the path to the solution.
I created a dummy application in Xcode embedding my sysext and I was able to recover the right entitlements.
Thank you, Quinn, for putting me on the path to the solution.
Code Block % codesign -d --entitlements :- /Applications/myApp.app Executable=/Applications/myApp.app/Contents/MacOS/kDrive <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>TTTTTTTT.a.b.c.d</string> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.team-identifier</key> <string>TTTTTTTT</string> </dict> </plist>
Code Block % codesign -d --entitlements :- /Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.mySysExt.systemextension Executable=/Applications/myApp.app/Contents/Library/SystemExtensions/a.b.c.d.mySysExt.systemextension/Contents/MacOS/a.b.c.d.mySysExt <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>TTTTTTTT.a.b.c.d.mySysExt</string> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.team-identifier</key> <string>TTTTTTTT</string> </dict> </plist>