Hello. According to Apple documentation,
Developer ID Installer Certificate (Mac applications): If your certificate expires, users can no longer launch installer packages for your Mac applications that were signed with this certificate.
https://developer.apple.com/support/certificates/
However, using installer signed before expiration, I can still install the application, even after certificate has expired and installer even shows it as Expired but valid.
Could you please clarify if the quote above is true? Or how is it possible that I can still install the application?
Thank you,
Jakub
Could you please clarify if the quote above is true?
That article is definitely out of date. I’ve filed a bug to get it corrected (r. 90418064).
I believe that this info was correct in the past. However, modern installer packages include a trusted timestamp. For example:
% pkgutil --check-signature Test702219.pkg
Package "Test702219.pkg":
Status: signed by a developer certificate issued by Apple for distribution
Notarization: trusted by the Apple notary service
Signed with a trusted timestamp on: 2022-03-16 11:26:42 +0000
Certificate Chain:
1. Developer ID Installer: Quinn Quinn (SKMME9E2Y8)
Expires: 2022-08-01 16:32:52 +0000
…
Note the Signed with a trusted timestamp
item.
This trusted timestamp allows macOS to apply the same logic it does for Developer ID signed apps, that is: Was the Developer ID certificate valid at the time that the item was signed?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"