packages icon indicating copy to clipboard operation
packages copied to clipboard

Published 20 hours ago verified publisher icon packagesdev

"Preserve extended attributes" not respected

Open cbenhagen opened this issue 5 years ago • 10 comments

Tested in version 1.2.8

For some reason notarizing our .app bundles works but the .pkg built by packages fail with "The signature of the binary is invalid". It looks like extended attributes (and thus the signatures) are being stripped from the bundles.

cbenhagen avatar Feb 20 '20 18:02 cbenhagen

I am also seeing this, even though "PRESERVE_EXTENDED_ATTRIBUTES" is true. The codesign command is adding extended attributes to the entitlements plist file which are stripped off when it gets packaged so it invalidates the signature and it won't notarize.

ClaireDuSoleil avatar Feb 26 '20 16:02 ClaireDuSoleil

I was able to fix my issue by moving the Entitlements.plist file out of the app folder before signing and just using it in the codesign command. It's not in the package that I'm building and I guess it doesn't need to be.

So, it's all working for me now. Thank you.

ClaireDuSoleil avatar Feb 26 '20 19:02 ClaireDuSoleil

If you have an example to provide that reproduces the issue, I'm interested because so far I haven't been able to reproduce it (with a shell script for instance).

packagesdev avatar Mar 19 '20 21:03 packagesdev

This beta build may address the issue: https://drive.google.com/open?id=0B_2n1wyuWXGVVXNPTUlJVnprSGM

packagesdev avatar Apr 05 '20 16:04 packagesdev

Fixed for version 1.2.9.

packagesdev avatar Apr 07 '20 13:04 packagesdev

hi @packagesdev I am using 1.2.9 to build pkg file from our app then I am getting The signature of the binary is invalid. for pkg notarization Can you help me?

bruce0036 avatar Jun 03 '20 16:06 bruce0036

Can you provide the package?

packagesdev avatar Jun 18 '20 18:06 packagesdev

Hey @packagesdev

I am using v1.2.10(beta version) which I downloaded from the link given above. Still getting the Invalid error. The error comes in "Contents/MacOS/appname" folder of the build. I have tried creating the package manually, there I don't face any issue in notarization but with the manual process, postinsall script does not run in the machine.

please advice.

yudiz-mobilegames avatar Jul 17 '20 12:07 yudiz-mobilegames

I need to do some more troubleshooting but with 1.2.9 I have this error notarizing FileMaker 19.4 but didn't have any issues with earlier versions. when I uncheck remove .DS_Store files, remove .pbdevelopment files and remove SCM metatadata the package notarizes without issue. I hope to have more time later to narrow it down to one of those.

lart2150 avatar Nov 22 '21 17:11 lart2150

I am getting the same problem when signing the script used in the /Library/StartupItems. After using the command line utility packagesbuild to create a package and installing the package, the extended attributes of the script are removed and thus, it is not signed. I have had to wrap the script in a tar file previous to the package creation and to decompress it in postinstall so that the extended arguments were preserved. More info at https://github.com/wazuh/wazuh-packages/issues/1917

verdx avatar Jan 16 '23 14:01 verdx