OSX app - Unidentified developer #216
Comments
|
@courajs thanks for reporting this! I'm in the process of pushing out a new release now. I've tested this on OSX High Sierra with settings which allow identified developers only, and it seems to run fine. Can you please reopen this issue if v1.0.2 doesn't work for you? |
|
I had the same issue with 1.0.1. Unfortunately I'm seeing the same behaviour with 1.0.2, too:
I'm running High Sierra. |
|
Thanks for getting back to me on this, @mjrusso! What version of OSX are you running (visible under Apple Menu -> About This Mac)? I have removed my developer certificates from keychain and toggled my security settings to run only identified apps, and I can still run this build of Ganache. I'm running High Sierra, 10.13.2. |
|
I've tried with 10.13.1 and 10.13.2. Here's what I see with the $ codesign -dv /Applications/Ganache.app/
/Applications/Ganache.app/: code object is not signed at all |
|
Interesting. I think we might only be signing the dmg. Thanks for this, @mjrusso! |
|
@mjrusso I just uploaded another build of v1.0.2 to fix #238. During this process I did my best to ensure that both the app and the dmg were signed. Could you give it a try? Direct download link. |
|
Same request for @courajs, if possible. |
|
This may be just a local issue for me, but I'm now seeing that the app is damaged: I say it may be local, because I feel like I may have seen the broken icon before I extracted the most recent version (but I wasn't paying close attention) I'm on macOS 10.12.6 |
|
I'm seeing the same error message as @courajs about the app being damaged. However, progress on the code signing front: $ codesign -dv /Applications/Ganache.app/
Executable=/Applications/Ganache.app/Contents/MacOS/Ganache
Identifier=com.electron.ganache
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=276 flags=0x0(none) hashes=3+3 location=embedded
Signature size=8919
Timestamp=Jan 9, 2018 at 10:16:09 PM
Info.plist entries=20
TeamIdentifier=58RKXWC272
Sealed Resources version=2 rules=13 files=34099
Internal requirements count=1 size=180$ codesign -dvvv /Applications/Ganache.app/
Executable=/Applications/Ganache.app/Contents/MacOS/Ganache
Identifier=com.electron.ganache
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=276 flags=0x0(none) hashes=3+3 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=2b356bb7a8dfa2f29e5b5aac463ed7bc4d25185a
CandidateCDHash sha256=8be0922e1f6db85844c190fa38c50d3925e82cc2
Hash choices=sha1,sha256
CDHash=8be0922e1f6db85844c190fa38c50d3925e82cc2
Signature size=8919
Authority=Developer ID Application: Timothy Coulter (58RKXWC272)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jan 9, 2018 at 10:16:09 PM
Info.plist entries=20
TeamIdentifier=58RKXWC272
Sealed Resources version=2 rules=13 files=34099
Internal requirements count=1 size=180 |
|
Thanks, guys. I'm installing an OSX VM in hopes that it lets me reproduce these issues. I have a feeling that even though I remove the developer keys from my keychain before testing, my machine somehow knows that it produced the build, so it green lights it. Also just for sanity, can you confirm the DMG's MD5? It should be |
|
Alright - I've finally been able to reproduce these issues locally by setting up an OS X vm. I've now updated the dmg file for what will hopefully be the last time. MD5 sum is 0xbb8db43e1b50aad0a3bfaf1c0a090fd8. |
|
Closing this one. If including vms, I've validated it on four different machines, spanning three versions of OS X. |
|
Confirmed working as well. Thanks @benjamincburns! |
Via the download button on http://truffleframework.com/ganache/ I got
Ganache-1.0.1.dmg. The contained app is signed by an unidentified developer.It seemed like it should signed properly given the closure of #30 and the mention of Truffle's signing keys in the readme: https://github.com/trufflesuite/ganache#on-mac
Perhaps someone new pushed the latest release, or the keys have expired?
If we no longer have signing keys and it will be unidentified developer going forward, the site & docs should mention it.
The text was updated successfully, but these errors were encountered: