My application is showing obtained from "UN KNOWN" in Systme_profile

Hello,


My application showing the obtained from unknown in system_profile, even though it is signed by proper Mac Developer Certificate.


AT&T Global Network Client:

Version: 2.1.0

Obtained from: Unknown

Last Modified: 8/5/19, 11:40 AM

Signed by: Mac Developer: *********** (**********), Apple Worldwide Developer Relations Certification Authority, Apple Root CA

Location: /Applications/AT&T Global Network Client/AT&T Global Network Client.app

Kind: 64-bit



When I tried to open the .pkg file, getting the above warning, application is a 64 bit. Coudn't figure out, what went wrong, kind of struck here, any help would be appreciated.


Much Thaks,

Ganesh.

Replies

Sorry, forgot to provide warning, here is the warning getting, when I tried to open the .pkg file


"agnc_mac.pkg" can't be opened because Apple can not check it for Malicious software.

This software needs to be updated. Contact the developer for more information.

What macOS release are you testing this on? If it’s 10.14.5 or later, you need to notarise your

.pkg
. See Notarizing Your App Before Distribution for general background on this and Customizing the Notarization Workflow for more specific info.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Quinn,


Thank you for the response. Currently I am testing on MacOS Catalina 10.15 Beta (19A526h).


Thank you,

Ganesh.

Currently I am testing on MacOS Catalina 10.15 Beta (19A526h).

So, does it work on 10.14.6? Or is it broken on both systems?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi, Quinn,


It works fine on 10.14.6. The issue is only with the MacOS Catalina 10.15 Beta (19A526h)


Thank you!

Ganesh.

It works fine on 10.14.6.

OK.

Looking through your earlier email I noticed this:

Signed by: Mac Developer…

That looks like a Mac App Store development certificate. Are you target the Mac App Store? Or do you plan to distribute independently?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Quinn,


We distribute the application independently. Now I changed MacDeveloper to Developer ID Application in XCode, now it shows Identified Developer in System Profile.


Though it is showing Identified Developer, do we need to still go for notarization before distributing the Application?


Thank you,

Ganesh.

… do we need to still go for notarization before distributing the Application?

Yes. All executable code distributed outside of the Mac App Store should be notarised. This requirement is enforced for apps on 10.14.5 and later, but on 10.15 beta it’s also being enforced for non-app code. For more info on these changes, watch WWDC 2019 Session 701 Advances in macOS Security.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Quinn,


I was trying to fix all the notarization erros, but go stuck with the below, couldn't figure out where it went wrong, and am using the Developer ID Application to sign the application, can you please guide me thorugh the right direction.



spctl -a -v agnc_mac2.1.1_3007.pkg

agnc_mac2.1.1_3007.pkg: rejected

source=no usable signature



{

"logFormatVersion": 1,

"jobId": "*********************************",

"status": "Invalid",

"statusSummary": "Archive contains critical validation errors",

"statusCode": 4000,

"archiveFilename": "******************.pkg",

"uploadDate": "2019-08-14T17:22:59Z",

"sha256": "253b80223d140fea91",

"ticketContents": null,

"issues": [

{

"severity": "error",

"code": null,

"path": "*********************_mac.pkg Contents/Payload/Applications/AT&T Global Network Client/AT&T Global Network Client.app/Contents/MacOS/AT&T Global Network Client",

"message": "The signature of the binary is invalid.",

"docUrl": null,

"architecture": "x86_64"

},

{

"severity": "error",

"code": null,

"path": "*********************mac.pkg Contents/Payload/Applications/AT&T Global Network Client/AT&T Global Network Client.app/Contents/Frameworks/CocoaLumberjack.framework/CocoaLumberjack",

"message": "The signature of the binary is invalid.",

"docUrl": null,

"architecture": "x86_64"

},

{

"severity": "error",

"code": null,

"path": "*********************_mac.pkg Contents/Payload/Applications/AT&T Global Network Client/Customer Support App.app/Contents/MacOS/Customer Support App",

"message": "The signature of the binary is invalid.",

"docUrl": null,

"architecture": "x86_64"

},

{

"severity": "error",

"code": null,

"path": "*********************_mac.pkg Contents/Payload/Applications/AT&T Global Network Client/Customer Support App.app/Contents/Frameworks/CocoaLumberjack.framework/CocoaLumberjack",

"message": "The signature of the binary is invalid.",

"docUrl": null,

"architecture": "x86_64"

}

]

}


Thank you,

Ganesh.

The errors you’re seeing, “The signature of the binary is invalid.”, is a pretty general one, so it’s hard to be sure what’s going on. The paths referenced all seem pretty reasonable (for example, you have the CocoaLumberjack framework in the

Contents/Frameworks/
directory, which is the right place for it), so I suspect that there’s something wrong with your underlying code signing.

To investigate this you need to look at the input to

agnc_mac2.1.1_3007.pkg
. For example, you can check the signature on the CocoaLumberjack framework with a command like this:
$ codesign -v -vvv ***/AT&T Global Network Client.app/Contents/Frameworks/CocoaLumberjack.framework/CocoaLumberjack

where

***
is the path to the app as it existing on disk before you packaged it.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"