spotio
spotio copied to clipboard
devinhalladay
Doesn't work on macOS Sierra?
"Spotify.app is damaged and can't be opened. You should move it to the Trash."
Cancel / Move to Trash
It does work on Sierra, but Apple disabled the "Anywhere" option in Gatekeeper during the beta. Here's the workaround: Just right click and then click "Open". That should work; let me know.
Nope, that doesn't work. Even by right clicking it and selecting open. Removing signature using codesign --remove-signature works, but still can't be opened. I can't seem to be able to resign it using the adhoc profile
My 'fix' / workaround for this issue was this: (Since I am also running Mac OS sierra)
https://github.com/devinhalladay/spotio/issues/3#issuecomment-241570828
Works for me on Sierra PB7 (also worked on PB6 before I updated today). I have "Allow apps downloaded from" set to "App Store and identified developers" under Security & Privacy.
@swrobel You probably have to re-run sudo spctl --master-disable. This command will disable GateKeeper, because most likely GateKeeper was enable after the update in Sierra.
To anybody reading this, this is a really bad idea. It's stuff like that that allowed Xcodeghost to spread. Ideally we should figure out a way for everybody to self-resign the app
@abarisain I totally agree with you that disabling GateKeeper is a bad idea. I agree with you that we should figure out a way to resign the app on OS X / Mac OS.
On Linux I've already "resigned" (during the building of the .deb file) the inside of the .deb file. So there shouldn't be any problems there, but on OS X / Mac OS we need a method to figure this out.
I think think THINK that if we rebuild the .spa files on Mac properly that everything will return to normal and the certificate will not break. I wasn't sure how until @sandervankasteel submitted his Linux PR so I'm going to reuse your repackaging code and see if it helps. Will publish a new release in a few minutes and I could use as much help Mac testing as possible to ensure this works (with "Allow from anywhere" turned OFF/Gatekeeper turned ON)
Will it? Every file is checksummed
What I have no idea, is why codesign fails to resign it manually, even if the signature is stripped
@devinhalladay I doubt that it will.. Because your changes to the contents of the spa file changed the checksum of the .spa file and that in turn changes the checksum of the complete .app. So you need to re-checksum the complete Spotify.app. To do that codesign uses 2 parts, the checksum of the files and the developers certificate. You can always resign it with your own local certificates, that should atleast prevent OS X from saying "The app is damaged".
The only reason I could resign the .deb file on Linux is because the inside the .deb file, there is a in the control.tar.gz which in turn contains a md5sums file, and that just contains the hashes of all files. And as long as the hashes that are in the md5sums file, match the actual file. No worries, the OS will install it!
You can always resign it with your own local certificates, that should atleast prevent OS X from saying "The app is damaged".
That's the stuff that needs to be figured out. Sadly, even with the beta Xcode, codesign says that spotify is corrupted when trying to resign it :/
That's the stuff that needs to be figured out. Sadly, even with the beta Xcode, codesign says that spotify is corrupted when trying to resign it :/
Ugh, that sucks :( Have you tried removing the complete _CodeSignature directory inside the .app, and then resigning it ?
Have you tried an application like: https://github.com/steakknife/unsign yet?
Nope, but the description says " (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)", which explains a lot :)
Yeah but technically our binary is a signed with a certificate from Spotify, albeit invalid after our modifications