This may, in fact, be what Safari is doing for “safe” files.Using the Azure CLI 2.x, I cannot find a way to "add a Scope" under the expose an API section in Azure AD Portal. The ditto command strips the extended attributes that are causing the issue. #Xscope app downloadI’ve heard that we’re not the only ones affected.Īnd if you encounter a download that’s damaged because of these Sparkle symlinks, this quick fix in the Terminal will set things right: $ ditto xScope.app xScopeFixed.app #Xscope app macIf you’re a Mac developer who’s using Sparkle and distributing your product via a web download, now’s a good time to check how things work in a variety of browsers. Customer and developer expectations for unzipping archives is that they are not modified and behave the same way across all Apple products. #Xscope app codeThe reason I’m writing is because Safari’s implementation for opening “safe” files is somehow bypassing a code signing check or repairing the downloaded package. As I said in my email, the biggest problem here is expectations: I’ve also submitted this information to Apple’s Product Security group. I had them in “Sparkle”, “SparkleCore”, and “Installer Progress”.Īfter you build and notarize, you’ll see that your app is “valid on disk” no matter how it’s unarchived. In your Sparkle project, find any occurrences of “Run Script: Link fr_CA to fr” and “Run Script: Link pt to pt_BR” in your Target Build Phases and remove them. Since macOS automatically makes this inference, it’s safe to just delete the scripts that create the symlinks. The intent of the symlink was to say that French Canadian is the same as French, and Portuguese is the same as Brazilian Portuguese. There are two symlinks with extended attributes (the “._” is where macOS stores things like Finder information). The root of the problem is localization in the Sparkle framework. #Xscope app archiveThe damaged archive wasn’t getting repaired automatically by Safari. It turns out all these folks complaining about a “damaged app” were either using Chrome or had Safari’s “safe” file handling turned off. Users/CHOCK/Downloads/xScope.app/Contents/Frameworks/amework: a sealed resource is missing or invalidįile added: /Users/CHOCK/Downloads/xScope.app/Contents/Frameworks/amework/Versions/Current/Resources/._fr_CA.lprojįile added: /Users/CHOCK/Downloads/xScope.app/Contents/Frameworks/amework/Versions/Current/Resources/Updater.app/Contents/Resources/._fr_CA.lprojįile added: /Users/CHOCK/Downloads/xScope.app/Contents/Frameworks/amework/Versions/Current/Resources/Updater.app/Contents/Resources/._pt.lprojįile added: /Users/CHOCK/Downloads/xScope.app/Contents/Frameworks/amework/Versions/Current/Resources/._pt.lproj $ codesign -vvvv ~/Downloads/xScope.app/Contents/Frameworks/amework In subcomponent: /Users/CHOCK/Downloads/xScope.app/Contents/Frameworks/amework Users/CHOCK/Downloads/xScope.app: unsealed contents present in the root directory of an embedded framework Things were very different when using Google Chrome: $ codesign -vvvv ~/Downloads/xScope.app Users/CHOCK/Downloads/xScope.app: satisfies its Designated Requirement Users/CHOCK/Downloads/xScope.app: valid on disk When I checked the signature of the app downloaded with Safari, everything looks good: $ codesign -vvvv ~/Downloads/xScope.app And I had no idea that Safari’s code is different than the system utility. At no point did my downloads touch the Archive Utility. Safari’s default setting is to open “safe” files after download, so I left that alone (as most customers would). And since Google Chrome wasn’t yet working on this device, all my testing was limited to Safari. I was also doing all this work on Apple Silicon using the DTK. This was surprising because I had been downloading and testing the app on Big Sur for several months without issue. This story began with customer reports of xScope being a “damaged app” on Big Sur. It doesn’t open app archives like other parts of macOS. This time around I was tripped up by Safari, of all things. When Big Sur was released, I thought “Finally!” I have a long history of writing about code signing in macOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |