wazuh-packages
wazuh-packages copied to clipboard
wazuh
Improve the Wazuh "login item" on macOS Ventura
Wazuh agent version: 4.3.9 for macOS
@santiago-bassett reported the following issue:
After upgrading macOS to the Ventura version, there is something weird in Settings -> General -> Login Items:
A warning message with Item from unidentified developer. appeared. In order to avoid the Wazuh agent uninstalling by mistake (due to user mistrust), it's necessary to fix it.
Tasks
Research
- [x] Investigate if it appears in Big Sur.
- [x] Investigate why it appears as unidentified, it should be because the package is notarized.
- [x] Investigate how other software resolves this.
Code
- [ ] Apply the necessary changes (code).
Test
- [ ] Fresh installation Big Sur.
- [ ] Fresh installation Ventura.
- [ ] Upgrade from Big Sur to Ventura.
- [ ] Upgrade the old Wazuh agent on Ventura to the new one (including fix).
A fresh installation of the agent following the official documentation doesn't seem to create a login item on its own in Monterey, even after running # /Library/Ossec/bin/wazuh-control start, although the application is running correctly.
More testing on Monterey
The installed agent has correctly been added to a manager without problem, and in more fresh install tests no login item is added on installation.
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html
It has been tried to add manually the Login Item, although Wazuh Agent doesn't appear in the application list to create Login Items. Searching for Wazuh in that screen you can get to a script called Launcher.sh, presumably the same that gives the error in Ventura.
The launcher just starts Wazuh if it is stopped and stops it else.
No warning has appeared in the Login Item screen at any moment.
Testing on Big Sur
With a fresh installation of the agent in Big Sur, as with Monterey, no Login Item is added. Furthermore, the launcher.sh cannot be added manually as one.
After finally being able to upgrade it to MacOS Ventura (in AWS), the error has been replicated.
From the investigation, it has been concluded that with this new version of MacOS, the Login Items logic has changed, at least which to show, now all services are shown in Settings. It has been a problem even for Operative System's services, as seen here, here and here.
From the solutions given in this forum it seems using iMazing to create a Profile to sign our scripts may be the solution.
launchctl information on the Wazuh Agent Login Item:
ec2-user@ip-172-31-46-132 ~ % sudo launchctl list | grep 'wazuh'
337 0 com.wazuh.agent
ec2-user@ip-172-31-46-132 ~ % launchctl print system/com.wazuh.agent
system/com.wazuh.agent = {
active count = 1
path = /Library/LaunchDaemons/com.wazuh.agent.plist
type = LaunchDaemon
state = running
program = /Library/StartupItems/WAZUH/launcher.sh
arguments = {
/Library/StartupItems/WAZUH/launcher.sh
}
default environment = {
PATH => /usr/bin:/bin:/usr/sbin:/sbin
}
environment = {
XPC_SERVICE_NAME => com.wazuh.agent
}
domain = system
minimum runtime = 10
exit timeout = 5
runs = 1
pid = 337
immediate reason = speculative
forks = 19901
execs = 2
initialized = 1
trampolined = 1
started suspended = 0
proxy started suspended = 0
last exit code = (never exited)
spawn type = daemon (3)
jetsam priority = 40
jetsam memory limit (active) = (unlimited)
jetsam memory limit (inactive) = (unlimited)
jetsamproperties category = daemon
jetsam thread limit = 32
cpumon = default
probabilistic guard malloc policy = {
activation rate = 1/1000
sample rate = 1/0
}
properties = runatload | inferred program | system service
}
We can see the LaunchDaemon runs a program in /Library/StartupItems, which is a mixture of different types of ways to start an Application on boot. As we can see here, the Startup Items are deprecated, which leaves us with two options:
- Launch Daemons and Agents: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html#//apple_ref/doc/uid/10000172i-SW7-BCIEDDBJ
- Login Items: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html It seems we are using a Launch Daemon, but in MacOS Ventura, it is also showed as a Login Item.
A test was done to stop using the Startup Items, in the case this could be the problem. The objective is to change the location of laucher.sh to inside /Library/Ossec, so it is considered as part of out application. First it has been done manually:
sh-3.2# mkdir /Library/Ossec/LoginItems
sh-3.2# cp -r /Library/StartupItems/WAZUH/* /Library/Ossec/LoginItems/
sh-3.2# nano /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# cat /Library/LaunchDaemons/com.wazuh.agent.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.wazuh.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Ossec/LoginItems/launcher.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
sh-3.2#
This didn't seem to work, but maybe the identification of the executables is done on installation, so the next test is to try and do it as part of the installation.
After changing it in file preinstall.sh and creating the package, this is not installed correctly, as we can see in this /var/log/install.log:
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: UID available for wazuh user is:
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: 101
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <dscl_cmd> DS Error: -14136 (eDSRecordNotFound)
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <dscl_cmd> DS Error: -14136 (eDSRecordNotFound)
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <?xml version="1.0" encoding="UTF-8"?>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <plist version="1.0">
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <dict>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>Label</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <string>com.wazuh.agent</string>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>ProgramArguments</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <array>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <string>/Library/Ossec/LoginItems/WAZUH/launcher.sh</string>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </array>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>RunAtLoad</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <true/>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </dict>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </plist>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: mkdir: /Library/Ossec: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: mkdir: /Library/Ossec/LoginItems: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: chown: /Library/Ossec/LoginItems/WAZUH: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: tee: /Library/Ossec/LoginItems/WAZUH/WAZUH: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: #!/bin/sh
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: . /etc/rc.common
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: DIRECTORY="/Library/Ossec"
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: StartService ()
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: {
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: ${DIRECTORY}/bin/wazuh-control start
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: }
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: StopService ()
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: {
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: ${DIRECTORY}/bin/wazuh-control stop
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: }
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: RestartService ()
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: {
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: ${DIRECTORY}/bin/wazuh-control restart
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: }
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: RunService "$1"
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: chown: /Library/Ossec/LoginItems/WAZUH/WAZUH: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: chmod: /Library/Ossec/LoginItems/WAZUH/WAZUH: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: tee: /Library/Ossec/LoginItems/WAZUH/StartupParameters.plist: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <?xml version="1.0" encoding="UTF-8"?>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: www.apple.com/DTDs/PropertyList-1.0.dtd">
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <plist version="1.0">
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <dict>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>Description</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <string>WAZUH Security agent</string>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>Messages</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <dict>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>start</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <string>Starting Wazuh agent</string>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>stop</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <string>Stopping Wazuh agent</string>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </dict>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>Provides</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <array>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <string>WAZUH</string>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </array>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <key>Requires</key>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <array>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: <string>IPFilter</string>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </array>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </dict>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: </plist>
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: chown: /Library/Ossec/LoginItems/WAZUH/StartupParameters.plist: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: chmod: /Library/Ossec/LoginItems/WAZUH/StartupParameters.plist: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: tee: /Library/Ossec/LoginItems/WAZUH/launcher.sh: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: #!/bin/sh
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: DIRECTORY="/Library/Ossec"
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: capture_sigterm() {
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: ${DIRECTORY}/bin/wazuh-control stop
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: exit $?
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: }
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: if ! ${DIRECTORY}/bin/wazuh-control start; then
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: ${DIRECTORY}/bin/wazuh-control stop
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: fi
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: while : ; do
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: trap capture_sigterm SIGTERM
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: sleep 3
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: done
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: chown: /Library/Ossec/LoginItems/WAZUH/launcher.sh: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: ./preinstall: chmod: /Library/Ossec/LoginItems/WAZUH/launcher.sh: No such file or directory
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: PackageKit: Hosted team responsible for script has been cleared.
2022-11-25 12:32:40+00 ip-172-31-46-132 package_script_service[1761]: Responsibility set back to self.
2022-11-25 12:32:40+00 ip-172-31-46-132 install_monitor[5316]: Re-included: /Applications, /Library, /System, /bin, /private, /sbin, /usr
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: releasing backupd
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: allow user idle system sleep
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: Install Failed: Error Domain=PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “wazuh-agent-4.3.10-1917-2.pkg”." UserInfo={NSFilePath=./preinstall, NSURL=file:///Users/ec2-user/wazuh-agent-4.3.10-1917-2.pkg#agent.pkg, PKInstallPackageIdentifier=com.wazuh.pkg.wazuh-agent, NSLocalizedDescription=An error occurred while running scripts from the package “wazuh-agent-4.3.10-1917-2.pkg”.} {
NSFilePath = "./preinstall";
NSLocalizedDescription = "An error occurred while running scripts from the package \U201cwazuh-agent-4.3.10-1917-2.pkg\U201d.";
NSURL = "file:///Users/ec2-user/wazuh-agent-4.3.10-1917-2.pkg#agent.pkg";
PKInstallPackageIdentifier = "com.wazuh.pkg.wazuh-agent";
}
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: Cleared responsibility for install from 5315.
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: Hosted team responsible for install has been cleared.
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: Running idle tasks
2022-11-25 12:32:41+00 ip-172-31-46-132 installer[5315]: install:didFailWithError:Error Domain=PKInstallErrorDomain Code=112 "An error occurred while running scripts from the package “wazuh-agent-4.3.10-1917-2.pkg”." UserInfo={NSFilePath=./preinstall, NSURL=file:///Users/ec2-user/wazuh-agent-4.3.10-1917-2.pkg#agent.pkg, PKInstallPackageIdentifier=com.wazuh.pkg.wazuh-agent, NSLocalizedDescription=An error occurred while running scripts from the package “wazuh-agent-4.3.10-1917-2.pkg”.}
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: Removing client PKInstallDaemonClient pid=5315, uid=0 (/usr/sbin/installer)
2022-11-25 12:32:41+00 ip-172-31-46-132 installd[1759]: PackageKit: Done with sandbox removals
2022-11-25 12:32:41+00 ip-172-31-46-132 installer[5315]: Install failed: The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.
The next test was to try and change the location of launcher.sh, but outside /Library/Ossec, into /Library/TestFolder, to see if the use of Startup Items was either unnecessary or problematic. This package did install without errors, but somehow, still copying the files to /Library/StartupItems, even though it is not even mentioned in any part of the package building scripts. It was also copied to Library/TestingFolder, which makes it even weirder
sh-3.2# /Library/Ossec/bin/wazuh-control stop
wazuh-modulesd not running...
wazuh-logcollector not running...
wazuh-syscheckd not running...
wazuh-agentd not running...
wazuh-execd not running...
Wazuh v4.3.10 Stopped
sh-3.2# /bin/rm -r /Library/Ossec
sh-3.2# /bin/launchctl unload /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -f /Library/LaunchDaemons/com.wazuh.agent.plist
sh-3.2# /bin/rm -rf /Library/StartupItems/WAZUH
sh-3.2# /usr/bin/dscl . -delete "/Users/wazuh"
sh-3.2# /usr/bin/dscl . -delete "/Groups/wazuh"
sh-3.2# /usr/sbin/pkgutil --forget com.wazuh.pkg.wazuh-agent
Forgot package 'com.wazuh.pkg.wazuh-agent' on '/'.
sh-3.2# installer -pkg wazuh-agent-4.3.10-1917-test -target / -verboseR
wazuh-agent-4.3.10-1917-test(1).pkg wazuh-agent-4.3.10-1917-test.pkg
sh-3.2# installer -pkg wazuh-agent-4.3.10-1917-test( -target / -verboseR
Display all 1358 possibilities? (y or n)
sh-3.2# installer -pkg wazuh-agent-4.3.10-1917-test\(1\).pkg -target / -verboseR
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer:PHASE:Preparing for installation…
installer:PHASE:Preparing the disk…
installer:PHASE:Preparing Wazuh Agent…
installer:PHASE:Waiting for other installations to complete…
installer:PHASE:Configuring the installation…
installer:STATUS:
installer:%36.051663
installer:PHASE:Running package scripts…
installer:%37.984592
installer:PHASE:Running package scripts…
installer:%86.551602
installer:PHASE:Running package scripts…
installer:PHASE:Validating packages…
installer:%97.750000
installer:STATUS:Running installer actions…
installer:STATUS:
installer:PHASE:Finishing the Installation…
installer:STATUS:
installer:%100.000000
installer:PHASE:The software was successfully installed.
installer: The install was successful.
sh-3.2# ls /Library/StartupItems/
WAZUH
sh-3.2# ls
.CFUserTextEncoding Library
.DS_Store Movies
.Trash Music
.lesshst Pictures
.ssh macos
.zsh_history wazuh-agent-4.3.10-1.pkg
.zsh_sessions wazuh-agent-4.3.10-1917-2.pkg
.zshrc wazuh-agent-4.3.10-1917-test(1).pkg
Desktop wazuh-agent-4.3.10-1917-test.pkg
Documents wazuh-agent-4.3.10-1917.pkg
Downloads
sh-3.2# rm wazuh-agent-4.3.10-1*
sh-3.2# ls /Library/TestingFolder/WAZUH/
StartupParameters.plist WAZUH launcher.sh
After a new try, folder StartupItems is still being created, although not mentioned in the wazuh-packages code. New files are also created, as TestingFolder.
As seen in this documentation page , apart from being deprecated, StartupItems needs for the executable to have the same name as the folder, so a new test was done with a different executable in StartupItems. This managed to change it in file, but the removed launcher.sh is still being created
The new executable:
#!/bin/sh
# The start subroutine
StartService() {
${DIRECTORY}/bin/wazuh-control start
}
# The stop subroutine
StopService() {
${DIRECTORY}/bin/wazuh-control stop
}
# The restart subroutine
RestartService() {
${DIRECTORY}/bin/wazuh-control stop
sleep 5
${DIRECTORY}/bin/wazuh-control start
}
RunService "$1"
As seen in the previous image, there are more Login Items, some unidentified and one identified. After searching in the /Library nothing was found related to AMZN Mobile LLC. For the contrary, all other Login Items were called by files in /Library/LaunchDaemons, from where Wazuh is also called.
sh-3.2# cat /Library/LaunchDaemons/* | grep -A3 ProgramArguments
<key>ProgramArguments</key>
<array>
<string>/opt/aws/ssm/bin/amazon-ssm-agent</string>
</array>
--
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ec2-macos-init</string>
<string>run</string>
--
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/send-cpu-utilization</string>
</array>
--
<key>ProgramArguments</key>
<array>
<string>/Library/StartupItems/WAZUH/launcher.sh</string>
</array>
sh-3.2#
After seeing it in a forum photo as an identified Login Item, program iMazing was installed, as to compare ways of creating a Login Item, but as with AMZN Mobile LLC, it couldn't be found in the same places.
sh-3.2# ls /Library/LaunchAgents/
sh-3.2# ls /Library/LaunchDaemons/
com.amazon.aws.ssm.plist com.amazon.ec2.macos-init.plist com.wazuh.agent.plist
com.amazon.ec2.ena-ethernet.plist com.amazon.ec2.monitoring.agents.cpuutilization.plist
sh-3.2# ls /Library/StartupItems/
WAZUH
sh-3.2#
More investigation in the code has made me aware that the files used for the Login Item and Launch Daemon may not be correctly signed and/or notarized, as they are created in script preinstall.sh and not mentioned on the spec file wazuh-agent.pkgproj.
[verdx@verdx-big specs]$ cat wazuh-agent.pkgproj| grep launcher.sh
[verdx@verdx-big specs]$ cat wazuh-agent.pkgproj| grep com.wazuh.agent.plist
[verdx@verdx-big specs]$ cat wazuh-agent.pkgproj| grep WAZUH
[verdx@verdx-big specs]$ cat wazuh-agent.pkgproj| grep StartupParameters.plist
[verdx@verdx-big specs]$
Creation of the startup files:
sudo tee /Library/LaunchDaemons/com.wazuh.agent.plist <<-'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.wazuh.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/StartupItems/WAZUH/launcher.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOF
chown root:wheel /Library/LaunchDaemons/com.wazuh.agent.plist
chmod u=rw-,go=r-- /Library/LaunchDaemons/com.wazuh.agent.plist
sudo mkdir /Library/StartupItems/WAZUH
chown root:wheel /Library/StartupItems/WAZUH
sudo tee /Library/StartupItems/WAZUH/WAZUH <<-'EOF'
#!/bin/sh
. /etc/rc.common
DIRECTORY="/Library/Ossec"
StartService ()
{
${DIRECTORY}/bin/wazuh-control start
}
StopService ()
{
${DIRECTORY}/bin/wazuh-control stop
}
RestartService ()
{
${DIRECTORY}/bin/wazuh-control restart
}
RunService "$1"
EOF
chown root:wheel /Library/StartupItems/WAZUH/WAZUH
chmod u=rwx,go=r-x /Library/StartupItems/WAZUH/WAZUH
sudo tee /Library/StartupItems/WAZUH/StartupParameters.plist <<-'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://
www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Description</key>
<string>WAZUH Security agent</string>
<key>Messages</key>
<dict>
<key>start</key>
<string>Starting Wazuh agent</string>
<key>stop</key>
<string>Stopping Wazuh agent</string>
</dict>
<key>Provides</key>
<array>
<string>WAZUH</string>
</array>
<key>Requires</key>
<array>
<string>IPFilter</string>
</array>
</dict>
</plist>
EOF
chown root:wheel /Library/StartupItems/WAZUH/StartupParameters.plist
chmod u=rw-,go=r-- /Library/StartupItems/WAZUH/StartupParameters.plist
sudo tee /Library/StartupItems/WAZUH/launcher.sh <<-'EOF'
#!/bin/sh
DIRECTORY="/Library/Ossec"
capture_sigterm() {
${DIRECTORY}/bin/wazuh-control stop
exit $?
}
if ! ${DIRECTORY}/bin/wazuh-control start; then
${DIRECTORY}/bin/wazuh-control stop
fi
while : ; do
trap capture_sigterm SIGTERM
sleep 3
done
EOF
chown root:wheel /Library/StartupItems/WAZUH/launcher.sh
chmod u=rxw-,go=rx- /Library/StartupItems/WAZUH/launcher.sh
The rest of the files installed in the system are first installed on the pkgproj and then its permissions are changed in script postinstall.sh. For example, for file /Library/Ossec/etc/internal_options.conf:
<dict>
<key>CHILDREN</key>
<array/>
<key>GID</key>
<integer>0</integer>
<key>PATH</key>
<string>/Library/Ossec/etc/internal_options.conf</string>
<key>PATH_TYPE</key>
<integer>0</integer>
<key>PERMISSIONS</key>
<integer>416</integer>
<key>TYPE</key>
<integer>3</integer>
<key>UID</key>
<integer>0</integer>
</dict>
chmod 640 ${DIR}/etc/internal_options.conf
chown root:${GROUP} ${DIR}/etc/internal_options.conf
chmod 640 ${DIR}/etc/local_internal_options.conf
chown root:${GROUP} ${DIR}/etc/local_internal_options.conf
Changing the way of installing all the files for the LoginItems should let all of them be signed and the warning should no longer appear.
The changes proposed in the last comment have been done in branch 1917-improve-login-item-Macos-Ventura, and tried to make a package with them, but script generate-wazuh-package.sh fails with error:
ec2-user@ip-172-31-43-156 macos % sudo bash generate_wazuh_packages.sh -b 4.3
/usr/local/bin/packagesbuild
Cloning into '/Users/ec2-user/wazuh-packages/macos/repository/wazuh'...
remote: Enumerating objects: 3555, done.
remote: Counting objects: 100% (3555/3555), done.
remote: Compressing objects: 100% (3120/3120), done.
remote: Total 3555 (delta 711), reused 955 (delta 215), pack-reused 0
Receiving objects: 100% (3555/3555), 8.17 MiB | 6.49 MiB/s, done.
Resolving deltas: 100% (711/711), done.
Modifiying specs/wazuh-agent.pkgproj to match revision.
cp: package_files/*.sh: No such file or directory
generate_wazuh_packages.sh: line 146: /Users/ec2-user/wazuh-packages/macos/package_files/build.sh: No such file or directory
==============================================================================
ERROR:
Description:
Unable to read attributes of item at path "/Library/Ossec"
Step:
Project > Distribution > Package 'agent' > Payload > Assemble
==============================================================================
Build Failed
ERROR: something went wrong while building the package.
sudo: /Library/Ossec/bin/ossec-control: command not found
rm: /Library/Ossec*: No such file or directory
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
It has also been tried to build the package using Jenkins, and it has also failed, but I haven't been able to isolate the error, in the Console View for the failed Ansible Playbook the error is:
17:07:29 TASK [Build Wazuh agent package for macOS, sign binaries and package and notarize the package.] ***
17:07:29 task path: /home/ec2-user/workspace/Packages_builder_macos/ansible-playbooks/packages/build_macos_packages.yml:57
17:07:29 fatal: [****_host]: FAILED! => {
17:07:29 "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
17:07:29 "changed": true
17:07:29 }
17:07:29
17:07:29 PLAY RECAP *********************************************************************
17:07:29 ****_host : ok=4 changed=3 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
17:07:29
17:07:29 Playbook run took 0 days, 0 hours, 0 minutes, 35 seconds
17:07:30 FATAL: command execution failed
17:07:30 hudson.AbortException: Ansible playbook execution failed
17:07:30 at org.****ci.plugins.ansible.AnsiblePlaybookBuilder.perform(AnsiblePlaybookBuilder.java:262)
17:07:30 at org.****ci.plugins.ansible.workflow.AnsiblePlaybookStep$AnsiblePlaybookExecution.run(AnsiblePlaybookStep.java:430)
17:07:30 at org.****ci.plugins.ansible.workflow.AnsiblePlaybookStep$AnsiblePlaybookExecution.run(AnsiblePlaybookStep.java:351)
17:07:30 at org.****ci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
17:07:30 at hudson.security.ACL.impersonate2(ACL.java:449)
17:07:30 at hudson.security.ACL.impersonate(ACL.java:461)
17:07:30 at org.****ci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
17:07:30 at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
17:07:30 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
17:07:30 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
17:07:30 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
17:07:30 at java.base/java.lang.Thread.run(Thread.java:829)
, which seems more a problem with Ansible than with creating the package
Still testing to create a package with a correct way to create the Login Items using MacOS Ventura, the first error has been:
cd data_provider/ && mkdir -p build && cd build && cmake -DCMAKE_SYSTEM_NAME=Darwin .. && /Library/Developer/CommandLineTools/usr/bin/make
cd shared_modules/dbsync/ && mkdir -p build && cd build && cmake .. && /Library/Developer/CommandLineTools/usr/bin/make
/bin/sh: cmake: command not found
/bin/sh: cmake: command not found
make[1]: *** [build_sysinfo] Error 127
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [build_shared_modules] Error 127
make: *** [agent] Error 2
==============================================================================
ERROR:
Description:
Incorrect type for file at path "/Users/ec2-user/wazuh-packages/macos/package_files/wazuh-agent.pkgproj"
Step:
Project
==============================================================================
Build Failed
ERROR: something went wrong while building the package.
sudo: /Library/Ossec/bin/ossec-control: command not found
rm: /Library/Ossec*: No such file or directory
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
After correctly installing Cmake, the error changes to:
ec2-user@ip-172-31-34-153 macos % sudo bash generate_wazuh_packages.sh -b 4.3
/usr/local/bin/packagesbuild
Cloning into '/Users/ec2-user/wazuh-packages/macos/repository/wazuh'...
remote: Enumerating objects: 3555, done.
remote: Counting objects: 100% (3555/3555), done.
remote: Compressing objects: 100% (3120/3120), done.
remote: Total 3555 (delta 711), reused 955 (delta 215), pack-reused 0
Receiving objects: 100% (3555/3555), 8.17 MiB | 5.91 MiB/s, done.
Resolving deltas: 100% (711/711), done.
Updating files: 100% (3139/3139), done.
Modifiying specs/wazuh-agent.pkgproj to match revision.
cp: package_files/*.sh: No such file or directory
generate_wazuh_packages.sh: line 148: /Users/ec2-user/wazuh-packages/macos/package_files/build.sh: No such file or directory
==============================================================================
ERROR:
Description:
Incorrect type for file at path "/Users/ec2-user/wazuh-packages/macos/package_files/wazuh-agent.pkgproj"
Step:
Project
==============================================================================
Build Failed
ERROR: something went wrong while building the package.
sudo: /Library/Ossec/bin/ossec-control: command not found
rm: /Library/Ossec*: No such file or directory
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
Looking for error Incorrect type for file at path "/Users/ec2-user/wazuh-packages/macos/package_files/wazuh-agent.pkgproj" this question and answer was found:
Just want to confirm that granting full disk access to packages_builder AND packages_dispatcher makes it work.
After testing that solution, the error is exactly the same
A test in 4.3 to see if the problem is with the OS or machine ends with an error, confirming it:
[100%] Built target rsync_test_tool
make: *** [agent] Error 2
==============================================================================
ERROR:
Description:
Unable to read attributes of item at path "/Library/Ossec"
Step:
Project > Distribution > Package 'agent' > Payload > Assemble
==============================================================================
Build Failed
ERROR: something went wrong while building the package.
sudo: /Library/Ossec/bin/ossec-control: command not found
rm: /Library/Ossec*: No such file or directory
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
ec2-user@ip-172-31-34-153 macos %
A new issue was also discovered while doing this tests: https://github.com/wazuh/wazuh-packages/issues/1965
The next tests were done in Sierra, with the same error but none of the previous ones, it seems those were OS-specific and the one stopping the build is the Incorrect type for file at path:
+ cp /Users/vagrant/wazuh-packages/macos/repository/wazuh/src/REVISION /Library/Ossec/packages_files/agent_installation_scripts/src/
==============================================================================
ERROR:
Description:
Incorrect type for file at path "/Users/vagrant/wazuh-packages/macos/package_files/wazuh-agent.pkgproj"
Step:
Project
==============================================================================
Build Failed
ERROR: something went wrong while building the package.
sudo: /Library/Ossec/bin/ossec-control: command not found
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
macos-1012-cmake:macos vagrant$
Some more changes were done in wazuh-agent.pkgproj but nothing changed in the error. The directories also had some problems, some identified in this issue and some yet unidentified:
macos-1012-cmake:macos vagrant$ sudo bash generate_wazuh_packages.sh -b 4.3
/usr/local/bin/packagesbuild
Cloning into '/Users/vagrant/wazuh-packages/macos/repository/wazuh'...
fatal: The remote end hung up unexpectedly
fatal: protocol error: bad pack header
generate_wazuh_packages.sh: line 199: /Users/vagrant/wazuh-packages/macos/repository/wazuh/src/VERSION: No such file or directory
Modifiying specs/wazuh-agent.pkgproj to match revision.
cat: /Users/vagrant/wazuh-packages/macos/repository/wazuh/src/VERSION: No such file or directory
cp: /Users/vagrant/wazuh-packages/macos/package_files/build.sh and package_files/build.sh are identical (not copied).
cp: /Users/vagrant/wazuh-packages/macos/package_files/postinstall.sh and package_files/postinstall.sh are identical (not copied).
cp: /Users/vagrant/wazuh-packages/macos/package_files/preinstall.sh and package_files/preinstall.sh are identical (not copied).
+ DESTINATION_PATH=/Library/Ossec
+ SOURCES_PATH=/Users/vagrant/wazuh-packages/macos/repository/wazuh
+ BUILD_JOBS=2
+ INSTALLATION_SCRIPTS_DIR=/Library/Ossec/packages_files/agent_installation_scripts
+ build
+ configure
+ echo USER_LANGUAGE=en
/Users/vagrant/wazuh-packages/macos/package_files/build.sh: line 17: /Users/vagrant/wazuh-packages/macos/repository/wazuh/etc/preloaded-vars.conf: No such file or directory
==============================================================================
ERROR:
Description:
Incorrect type for file at path "/Users/vagrant/wazuh-packages/macos/package_files/wazuh-agent.pkgproj"
Step:
Project
==============================================================================
Build Failed
ERROR: something went wrong while building the package.
sudo: /Library/Ossec/bin/ossec-control: command not found
rm: /Library/Ossec*: No such file or directory
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
As there is no documentation on the error, an option would be the new elements in the wazuh-agent.pkgproj had property TYPE incorrect, and it seemed it was it, but after correcting them the build gives the same error as before.
After lots of tests and solving each new error one by one a package has been finally created with the changes in the Login Item installation and now the are part of the package in the Package Project and supposedly in signing:
Press enter to continue
Build Successful (1 second)
The wazuh agent package for MacOS X has been successfully built.
sudo: /Library/Ossec/bin/ossec-control: command not found
No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
Wazuh agent correctly removed from the system.
macos-1012-cmake:macos vagrant$
With these changes and more done during the testing to fix various things throughout the generation of macOS packages a PR has been created, https://github.com/wazuh/wazuh-packages/pull/1970, which does not solve this issue but fixes other little problems and/or bad practices.
When the new package has been installed in macOS Ventura, it has not solved the issue. The login item still appears as coming from an unidentified developer and what's more, the previously used and now erased launcher.sh has appeared again in the file.
A new file remains to be changed for these changes to be correctly tested, darwin-init.sh, this time in the source directory, which is why it hadn't been found before. Next day changes will be done to that file to see if the files can be signed.
After removing the call the file darwin-init.sh, only the files defined inside the package and thus signed are placed in folder /Library/StartupItems. Even with that, the package is still shown as from an unidentified developer.
Since the last commentary, it has been on hold for #1965 #1969 and #1984 but it is now back on progress
A rebase has been done to version 4.5.0 and some problems have arisen. When trying to create a package using the Jenkins pipeline, an error has appeared:
https://ci.wazuh.info/job/Packages_builder_macos/8333/consoleFull:
17:37:44 TASK [Build Wazuh agent package for macOS, sign binaries and package and notarize the package.] ***
17:37:44 task path: /home/ec2-user/workspace/Packages_builder_macos/ansible-playbooks/packages/build_macos_packages.yml:57
17:37:44 fatal: [****_host]: FAILED! => {
17:37:44 "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result",
17:37:44 "changed": true
17:37:44 }
17:37:44
A branch 1917-macos-package-generation-fixes-jenkins was created on https://github.com/wazuh/wazuh-jenkins to change the no_log property to see better the error. Using it to create a package gave a more verbose error:
https://ci.wazuh.info/job/Packages_builder_macos/8334/console
17:48:57 TASK [Build Wazuh agent package for macOS, sign binaries and package and notarize the package.] ***
17:48:57 task path: /home/ec2-user/workspace/Packages_builder_macos/ansible-playbooks/packages/build_macos_packages.yml:57
17:48:57 [WARNING]: Consider using 'become', 'become_method', and 'become_user' rather
17:48:57 than running sudo
17:48:57 fatal: [****_host]: FAILED! => {
17:48:57 "changed": true,
17:48:57 "cmd": "sudo -E /tmp/Packages_builder_macos/B8334/wazuh-packages/macos/generate_wazuh_packages.sh -b master -r 1917 -s /Users/****/packages/trash/macos --notarize --keychain **** --keychain-password **** --application-certificate **** --installer-certificate **** --developer-id **** --altool-password ****",
17:48:57 "delta": "0:00:15.764390",
17:48:57 "end": "2022-12-20 17:48:56.867351",
17:48:57 "failed_when_result": true,
17:48:57 "invocation": {
17:48:57 "module_args": {
17:48:57 "_raw_params": "sudo -E /tmp/Packages_builder_macos/B8334/wazuh-packages/macos/generate_wazuh_packages.sh -b master -r 1917 -s /Users/****/packages/trash/macos --notarize --keychain **** --keychain-password **** --application-certificate **** --installer-certificate **** --developer-id **** --altool-password ****",
17:48:57 "_uses_shell": true,
17:48:57 "argv": null,
17:48:57 "chdir": "/tmp/Packages_builder_macos/B8334/wazuh-packages/macos",
17:48:57 "creates": null,
17:48:57 "executable": "/bin/bash",
17:48:57 "removes": null,
17:48:57 "stdin": null,
17:48:57 "stdin_add_newline": true,
17:48:57 "strip_empty_ends": true,
17:48:57 "warn": true
17:48:57 }
17:48:57 },
17:48:57 "rc": 1,
17:48:57 "start": "2022-12-20 17:48:41.102961"
17:48:57 }
17:48:57
17:48:57 STDOUT:
17:48:57
17:48:57 /usr/local/bin/packagesbuild
17:48:57 Modifiying /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/specs/wazuh-agent.pkgproj to match revision.
17:48:57 Running install script
17:48:57
17:48:57 Wazuh v4.5.0 (Rev. 40500) Installation Script - [https://www.wazuh.com](https://www.wazuh.com[0m)
17:48:57
17:48:57 You are about to start the installation process of Wazuh.
17:48:57 You must have a C compiler pre-installed in your system.
17:48:57
17:48:57 - System: Darwin Wazuhs-Mac-mini.local 18.7.0 (darwin 18.7)
17:48:57 - User: root
17:48:57 - Host: Wazuhs-Mac-mini.local
17:48:57
17:48:57
17:48:57 -- Press ENTER to continue or Ctrl-C to abort. --
17:48:57
17:48:57 - Installation will be made at /Library/Ossec .
17:48:57
17:48:57 3- Configuring Wazuh.
17:48:57
17:48:57
17:48:57 3.2- Do you want to run the integrity check daemon? (y/n) [y]:
17:48:57 - Running syscheck (integrity check daemon).
17:48:57
17:48:57 3.3- Do you want to run the rootkit detection engine? (y/n) [y]:
17:48:57 - Running rootcheck (rootkit detection).
17:48:57
17:48:57 3.5 - Do you want to enable active response? (y/n) [y]:
17:48:57 - Active response enabled.
17:48:57
17:48:57 3.6- Remote upgrades use packages signed by the system maintainer. The
17:48:57 corresponding certificate (or root certificate) must be installed
17:48:57 in the system in order to verify the WPK packages. By default,
17:48:57 the root certificate by Wazuh is installed.
17:48:57
17:48:57 - Do you want to add more certificates? (y/n)? [n]:
17:48:57 3.7- Setting the configuration to analyze the following logs:
17:48:57
17:48:57 -- /Library/Ossec/logs/active-responses.log
17:48:57 -- /var/log/system.log
17:48:57
17:48:57 - If you want to monitor any other file, just change
17:48:57 the ossec.conf and add a new localfile entry.
17:48:57 Any questions about the configuration can be answered
17:48:57 by visiting us online at [https://documentation.wazuh.com/.](https://documentation.wazuh.com/.%1B[0m)
17:48:57
17:48:57
17:48:57 --- Press ENTER to continue ---
17:48:57
17:48:57 4- Installing the system
17:48:57
17:48:57 DIR="/Library/Ossec"
17:48:57 - Running the Makefile
17:48:57
17:48:57 Wait for success...
17:48:57 UIDs available: 103 104 105
17:48:57 success
17:48:57 PF
17:48:57 Removing old SCA policies...
17:48:57 Installing SCA policies...
17:48:57
17:48:57
17:48:57 - System is Darwin.
17:48:57 - Init script modified to start Wazuh during boot.
17:48:57
17:48:57 - Configuration finished properly.
17:48:57
17:48:57 - To start Wazuh:
17:48:57 /Library/Ossec/bin/wazuh-control start
17:48:57
17:48:57 - To stop Wazuh:
17:48:57 /Library/Ossec/bin/wazuh-control stop
17:48:57
17:48:57 - The configuration can be viewed or modified at /Library/Ossec/etc/ossec.conf
17:48:57
17:48:57
17:48:57 Thanks for using Wazuh.
17:48:57 Please don't hesitate to contact us if you need help or find
17:48:57 any bugs.
17:48:57
17:48:57 Use our public Mailing List at:
17:48:57 [https://groups.google.com/forum/#!forum/wazuh](https://groups.google.com/forum/#!forum/wazuh%1B[0m)
17:48:57
17:48:57 More information can be found at:
17:48:57 - [http://www.wazuh.com](http://www.wazuh.com[0m)
17:48:57
17:48:57 --- Press ENTER to finish (maybe more information below). ---
17:48:57
17:48:57 - Add the following lines to the beginning of your PF rules:
17:48:57 More information at:
17:48:57 [https://documentation.wazuh.com](https://documentation.wazuh.com[0m)
17:48:57
17:48:57
17:48:57 table <wazuh_fwtable> persist #wazuh_fwtable
17:48:57 block in quick from <wazuh_fwtable> to any
17:48:57 block out quick from any to <wazuh_fwtable>
17:48:57
17:48:57
17:48:57
17:48:57 - More information at:
17:48:57 [https://documentation.wazuh.com/](https://documentation.wazuh.com/%1B[0m)
17:48:57
17:48:57 ==============================================================================
17:48:57 ERROR:
17:48:57
17:48:57 Description:
17:48:57
17:48:57 Incorrect type for file at path "/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/package_files/wazuh-agent.pkgproj"
17:48:57 Step:
17:48:57
17:48:57 Project
17:48:57
17:48:57 ==============================================================================
17:48:57 Build Failed
17:48:57 ERROR: something went wrong while building the package.
17:48:57 wazuh-modulesd not running...
17:48:57 wazuh-logcollector not running...
17:48:57 wazuh-syscheckd not running...
17:48:57 wazuh-agentd not running...
17:48:57 wazuh-execd not running...
17:48:57 Wazuh v4.5.0 Stopped
17:48:57
17:48:57 Wazuh agent correctly removed from the system.
17:48:57
17:48:57
17:48:57 STDERR:
17:48:57
17:48:57 fatal: destination path '/private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh' already exists and is not an empty directory.
17:48:57 + DESTINATION_PATH=/Library/Ossec
17:48:57 + SOURCES_PATH=/private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh
17:48:57 + BUILD_JOBS=2
17:48:57 + INSTALLATION_SCRIPTS_DIR=/Library/Ossec/packages_files/agent_installation_scripts
17:48:57 + build
17:48:57 + configure
17:48:57 + echo USER_LANGUAGE=en
17:48:57 + echo USER_NO_STOP=y
17:48:57 + echo USER_INSTALL_TYPE=agent
17:48:57 + echo USER_DIR=/Library/Ossec
17:48:57 + echo USER_DELETE_DIR=y
17:48:57 + echo USER_CLEANINSTALL=y
17:48:57 + echo USER_BINARYINSTALL=y
17:48:57 + echo USER_AGENT_SERVER_IP=MANAGER_IP
17:48:57 + echo USER_ENABLE_SYSCHECK=y
17:48:57 + echo USER_ENABLE_ROOTCHECK=y
17:48:57 + echo USER_ENABLE_OPENSCAP=n
17:48:57 + echo USER_ENABLE_CISCAT=n
17:48:57 + echo USER_ENABLE_ACTIVE_RESPONSE=y
17:48:57 + echo USER_CA_STORE=n
17:48:57 + '[' -z yes ']'
17:48:57 + echo 'Running install script'
17:48:57 + /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/install.sh
17:48:57 grep: /etc/os-release: No such file or directory
17:48:57 + find /Library/Ossec/ruleset/sca/ -type f -exec rm -f '{}' ';'
17:48:57 + mkdir -p /Library/Ossec/packages_files/agent_installation_scripts/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/gen_ossec.sh /Library/Ossec/packages_files/agent_installation_scripts/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/add_localfiles.sh /Library/Ossec/packages_files/agent_installation_scripts/
17:48:57 + mkdir -p /Library/Ossec/packages_files/agent_installation_scripts/src/init
17:48:57 + mkdir -p /Library/Ossec/packages_files/agent_installation_scripts/etc/templates/config/generic /Library/Ossec/packages_files/agent_installation_scripts/etc/templates/config/darwin
17:48:57 + cp -r /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/generic /Library/Ossec/packages_files/agent_installation_scripts/etc/templates/config
17:48:57 + cp -r /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin /Library/Ossec/packages_files/agent_installation_scripts/etc/templates/config
17:48:57 + find /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/src/init/ -name '*.sh' -type f -exec install -m 0640 '{}' /Library/Ossec/packages_files/agent_installation_scripts/src/init ';'
17:48:57 + mkdir -p /Library/Ossec/packages_files/agent_installation_scripts/sca/generic
17:48:57 + mkdir -p /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/15 /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/16 /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/17 /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/18 /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/20 /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/21
17:48:57 + cp -r /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/ruleset/sca/darwin /Library/Ossec/packages_files/agent_installation_scripts/sca
17:48:57 + cp -r /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/ruleset/sca/generic /Library/Ossec/packages_files/agent_installation_scripts/sca
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/generic/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/generic/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin/15/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/15/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin/16/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/16/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin/17/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/17/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin/18/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/18/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin/19/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/19/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin/20/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/20/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/etc/templates/config/darwin/21/sca.files /Library/Ossec/packages_files/agent_installation_scripts/sca/darwin/21/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/src/VERSION /Library/Ossec/packages_files/agent_installation_scripts/src/
17:48:57 + cp /private/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/repository/wazuh/src/REVISION /Library/Ossec/packages_files/agent_installation_scripts/src/
17:48:57 unlock-keychain "-p" "****" "****"
17:48:57 /Library/Ossec/bin/wazuh-logcollector: signed Mach-O thin (x86_64) [wazuh-logcollector]
17:48:57 /Library/Ossec/bin/wazuh-execd: signed Mach-O thin (x86_64) [wazuh-execd]
17:48:57 /Library/Ossec/bin/wazuh-syscheckd: signed Mach-O thin (x86_64) [wazuh-syscheckd]
17:48:57 /Library/Ossec/bin/manage_agents: signed Mach-O thin (x86_64) [manage_agents]
17:48:57 /Library/Ossec/bin/agent-auth: signed Mach-O thin (x86_64) [agent-auth]
17:48:57 /Library/Ossec/bin/wazuh-agentd: signed Mach-O thin (x86_64) [wazuh-agentd]
17:48:57 /Library/Ossec/bin/wazuh-modulesd: signed Mach-O thin (x86_64) [wazuh-modulesd]
17:48:57 /Library/Ossec/lib/libwazuhshared.dylib: signed Mach-O thin (x86_64) [libwazuhshared]
17:48:57 /Library/Ossec/lib/libsysinfo.dylib: signed Mach-O thin (x86_64) [libsysinfo]
17:48:57 /Library/Ossec/lib/libdbsync.dylib: signed Mach-O thin (x86_64) [libdbsync]
17:48:57 /Library/Ossec/lib/librsync.dylib: signed Mach-O thin (x86_64) [librsync]
17:48:57 /Library/Ossec/lib/libsyscollector.dylib: signed Mach-O thin (x86_64) [libsyscollector]
17:48:57 /Library/Ossec/lib/libwazuhext.dylib: signed Mach-O thin (x86_64) [libwazuhext]
17:48:57 /Library/Ossec/active-response/bin/firewall-drop: signed Mach-O thin (x86_64) [firewall-drop]
17:48:57 /Library/Ossec/active-response/bin/host-deny: signed Mach-O thin (x86_64) [host-deny]
17:48:57 /Library/Ossec/active-response/bin/firewalld-drop: signed Mach-O thin (x86_64) [firewalld-drop]
17:48:57 /Library/Ossec/active-response/bin/default-firewall-drop: signed Mach-O thin (x86_64) [default-firewall-drop]
17:48:57 /Library/Ossec/active-response/bin/npf: signed Mach-O thin (x86_64) [npf]
17:48:57 /Library/Ossec/active-response/bin/pf: signed Mach-O thin (x86_64) [pf]
17:48:57 /Library/Ossec/active-response/bin/ip-customblock: signed Mach-O thin (x86_64) [ip-customblock]
17:48:57 /Library/Ossec/active-response/bin/ipfw: signed Mach-O thin (x86_64) [ipfw]
17:48:57 /Library/Ossec/active-response/bin/route-null: signed Mach-O thin (x86_64) [route-null]
17:48:57 /Library/Ossec/active-response/bin/restart-wazuh: signed Mach-O thin (x86_64) [restart-wazuh]
17:48:57 /Library/Ossec/active-response/bin/wazuh-slack: signed Mach-O thin (x86_64) [wazuh-slack]
17:48:57 /Library/Ossec/active-response/bin/kaspersky: signed Mach-O thin (x86_64) [kaspersky]
17:48:57 /Library/Ossec/active-response/bin/disable-account: signed Mach-O thin (x86_64) [disable-account]
17:48:57 lock-keychain "****"
17:48:57 No receipt for 'com.wazuh.pkg.wazuh-agent' found at '/'.
17:48:57 No receipt for 'com.wazuh.pkg.wazuh-agent-etc' found at '/'.
17:48:57
17:48:57
17:48:57 MSG:
17:48:57
17:48:57 non-zero return code
Of which the main error seems to be:
17:48:57 ERROR:
17:48:57
17:48:57 Description:
17:48:57
17:48:57 Incorrect type for file at path "/tmp/Packages_builder_macos/B8334/wazuh-packages/macos/package_files/wazuh-agent.pkgproj"
17:48:57 Step:
17:48:57
17:48:57 Project
Some syntax must have changed in the project file with the merges and it should be closely examined.
After fixing the macOS SPECS file (wazuh-agent.pkgproj) a package has been able to be generated. The problem was some lines had gone missing with the merge.
When creating the package with logs (https://ci.wazuh.info/job/Packages_builder_macos/8346/console) and with a debug output on the signing function we can see the new files added to the project are not being signed, although that may be correct. The new files are not binaries, although they are executables.
Signing /Library/Ossec/bin/wazuh-logcollector
Signing /Library/Ossec/bin/wazuh-execd
Signing /Library/Ossec/bin/wazuh-syscheckd
Signing /Library/Ossec/bin/manage_agents
Signing /Library/Ossec/bin/agent-auth
Signing /Library/Ossec/bin/wazuh-agentd
Signing /Library/Ossec/bin/wazuh-modulesd
Signing /Library/Ossec/lib/libwazuhshared.dylib
Signing /Library/Ossec/lib/libsysinfo.dylib
Signing /Library/Ossec/lib/libdbsync.dylib
Signing /Library/Ossec/lib/librsync.dylib
Signing /Library/Ossec/lib/libsyscollector.dylib
Signing /Library/Ossec/lib/libwazuhext.dylib
Signing /Library/Ossec/active-response/bin/firewall-drop
Signing /Library/Ossec/active-response/bin/host-deny
Signing /Library/Ossec/active-response/bin/firewalld-drop
Signing /Library/Ossec/active-response/bin/default-firewall-drop
Signing /Library/Ossec/active-response/bin/npf
Signing /Library/Ossec/active-response/bin/pf
Signing /Library/Ossec/active-response/bin/ip-customblock
Signing /Library/Ossec/active-response/bin/ipfw
Signing /Library/Ossec/active-response/bin/route-null
Signing /Library/Ossec/active-response/bin/restart-wazuh
Signing /Library/Ossec/active-response/bin/wazuh-slack
Signing /Library/Ossec/active-response/bin/kaspersky
Signing /Library/Ossec/active-response/bin/disable-account
Build Successful (2 seconds)
The wazuh agent package for MacOS X has been successfully built.
After adding a line to sign the executable of the Login Item, a package has been created and tested in macOS Ventura, but the same error as always has appeared.
codesign -f --sign "${CERT_APPLICATION_ID}" --entitlements "${ENTITLEMENTS_PATH}" --timestamp --options=runtime --verbose=4 "${LOGIN_ITEM_PATH}/Wazuh"
After checking the files, it is seen the StartupItem files hadn't been correctly signed, unlike the files in /Library/Ossec/bin:
sh-3.2# codesign -dv --verbose=4 /Library/StartupItems/WAZUH/Wazuh
/Library/StartupItems/WAZUH/Wazuh: code object is not signed at all
sh-3.2# codesign -dv --verbose=4 /Library/Ossec/bin/wazuh-execd
Executable=/Library/Ossec/bin/wazuh-execd
Identifier=wazuh-execd
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=5431 flags=0x10000(runtime) hashes=161+5 location=embedded
VersionPlatform=1
VersionMin=658432
VersionSDK=658432
Hash type=sha256 size=32
CandidateCDHash sha256=3e2fc1aec136042a81d0aacf2ef3bc3437b9eff6
CandidateCDHashFull sha256=3e2fc1aec136042a81d0aacf2ef3bc3437b9eff6f0db48d3bb8c685db9126fea
Hash choices=sha256
CMSDigest=3e2fc1aec136042a81d0aacf2ef3bc3437b9eff6f0db48d3bb8c685db9126fea
CMSDigestType=2
Page size=4096
Launch Constraints:
None
CDHash=3e2fc1aec136042a81d0aacf2ef3bc3437b9eff6
Signature size=8968
Authority=Developer ID Application: Wazuh Inc (KLZK8P68R5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Dec 21, 2022 at 12:00:14 PM
Info.plist=not bound
TeamIdentifier=KLZK8P68R5
Runtime Version=10.12.0
Sealed Resources=none
Internal requirements count=1 size=172
The files had been added after signing, and after fixing that error and by writing to the output the file before signing it, we can see it is there, but it is still not signed:
Signing /Library/Ossec/active-response/bin/disable-account
#!/bin/sh
# The start subroutine
DIRECTORY="/Library/Ossec"
StartService() {
${DIRECTORY}/bin/wazuh-control start
}
# The stop subroutine
StopService() {
${DIRECTORY}/bin/wazuh-control stop
}
# The restart subroutine
RestartService() {
${DIRECTORY}/bin/wazuh-control stop
sleep 5
${DIRECTORY}/bin/wazuh-control start
}
RunService "$1"
Build Successful (2 seconds)
sh-3.2# codesign -dv --verbose=4 /Library/StartupItems/WAZUH/Wazuh
/Library/StartupItems/WAZUH/Wazuh: code object is not signed at all
When trying to get the result of calling on codesign with the Login Item, nothing is shown:
result=$(codesign -f --sign "${CERT_APPLICATION_ID}" --entitlements "${ENTITLEMENTS_PATH}" --timestamp --options=runtime --verbose "${LOGIN_ITEM_PATH}/Wazuh")
echo "The codesign for the Login Item has ended in ${result}."
The codesign for the Login Item has ended in .
To try and get why the file wasn't being signed, various debug methods were tried:
set -x
codesign -f --sign "${CERT_APPLICATION_ID}" --entitlements "${ENTITLEMENTS_PATH}" --timestamp --options=runtime --verbose "${LOGIN_ITEM_PATH}/Wazuh" && echo "Correctly signed Login Item" || echo "Error signing Login Item"
set +x
But in several tries the only output of that part of the code was
11:36:05 Signing /Library/Ossec/active-response/bin/disable-account
11:36:05 Correctly signed Login Item
11:36:05 Build Successful (2 seconds)
After trying to run it locally or entering the machine without any luck, in an stopped pipeline the output of signing /Library/StartupItems/WAZUH/Wazuh was found:
12:43:21 + codesign -f --sign **** --entitlements /private/tmp/Packages_builder_macos/B8371/wazuh-packages/macos/entitlements.plist --timestamp --options=runtime --verbose /Library/StartupItems/WAZUH/Wazuh
12:43:21 /Library/StartupItems/WAZUH/Wazuh: signed generic [WAZUH]
12:43:21 + echo 'Correctly signed Login Item'
12:43:21 + set +x
Trying with the rest of files as well we can see they are signed apparently differently, all with Mach-o:
13:32:50 /Library/Ossec/active-response/bin/disable-account: signed Mach-O thin (x86_64) [disable-account]
13:32:50 + codesign -f --sign **** --entitlements /private/tmp/Packages_builder_macos/B8372/wazuh-packages/macos/entitlements.plist --timestamp --options=runtime --verbose /Library/StartupItems/WAZUH/Wazuh
13:32:50 /Library/StartupItems/WAZUH/Wazuh: signed generic [WAZUH]
13:32:50 + echo 'Correctly signed Login Item'
13:32:50 + set +x
As seen here, it seems scripts can be signed.
Since version 4.3.0, where this issue was first pointed at, the .pkgproj file has changed, and now there isn't any file there, only the ones put by this issue. I haven't been able to find anywhere why the difference in signing, although it would be understandable if it had to do with the fact that the Startup Item is not a binary, it is a script. I tried adding --deep again to the signing of it but it gives the same result.
As seen here and in the Technical Note for Code Signing, scripts can be signed and are signed the same, using --sign. All non-Mach-o executables store the signing in their extended attributes, which sometimes don't survive moving the files between places.
To see if the sign is correctly I added a check of the extended attributes before and after signing the script and we can confirm it is correctly signed:
13:02:12 + codesign -f --sign **** --entitlements /private/tmp/Packages_builder_macos/B8390/wazuh-packages/macos/entitlements.plist --deep --timestamp --options=runtime --verbose /Library/StartupItems/WAZUH/Wazuh
13:02:12 /Library/StartupItems/WAZUH/Wazuh: signed generic [WAZUH]
13:02:12 + echo 'Correctly signed Login Item'
13:02:12 ++ codesign -dvvv /Library/StartupItems/WAZUH/Wazuh
13:02:12 Executable=/Library/StartupItems/WAZUH/WAZUH
13:02:12 Identifier=WAZUH
13:02:12 Format=generic
13:02:12 CodeDirectory v=20200 size=261 flags=0x10000(runtime) hashes=1+5 location=embedded
13:02:12 Hash type=sha256 size=32
13:02:12 CandidateCDHash sha1=866be19cb189c3302eef65fe8ffc573e838790ba
13:02:12 CandidateCDHash sha256=a7d994f748e25a6cd30eb2b04bf86b8bcb6a354c
13:02:12 Hash choices=sha1,sha256
13:02:12 CDHash=a7d994f748e25a6cd30eb2b04bf86b8bcb6a354c
13:02:12 Signature size=9048
13:02:12 Authority=****
13:02:12 Authority=Developer ID Certification Authority
13:02:12 Authority=Apple Root CA
13:02:12 Timestamp=23 Dec 2022 at 12:59:44
13:02:12 Info.plist=not bound
13:02:12 TeamIdentifier=KLZK8P68R5
13:02:12 Sealed Resources=none
13:02:12 Internal requirements count=1 size=168
11:59:16 ++ xattr -l /Library/StartupItems/WAZUH/Wazuh
11:59:16 + result=
11:59:16 + echo
11:59:16 + codesign -f --sign **** --entitlements /private/tmp/Packages_builder_macos/B8388/wazuh-packages/macos/entitlements.plist --deep --timestamp --options=runtime --verbose /Library/StartupItems/WAZUH/Wazuh
11:59:16 /Library/StartupItems/WAZUH/Wazuh: signed generic [WAZUH]
11:59:16 + echo 'Correctly signed Login Item'
11:59:16 ++ xattr -l /Library/StartupItems/WAZUH/Wazuh
11:59:16 + result='com.apple.cs.CodeDirectory:
11:59:16 00000000 FA DE 0C 02 00 00 00 BD 00 02 02 00 00 01 00 00 |................|
11:59:16 00000010 00 00 00 A9 00 00 00 34 00 00 00 05 00 00 00 01 |.......4........|
11:59:16 00000020 00 00 00 F9 14 01 00 00 00 00 00 00 00 00 00 00 |................|
11:59:16 00000030 00 00 00 3A 57 41 5A 55 48 00 4B 4C 5A 4B 38 50 |...:WAZUH.KLZK8P|
11:59:16 00000040 36 38 52 35 00 5E 7D E9 35 39 41 10 C1 39 FA D2 |68R5.^}.59A..9..|
11:59:16 00000050 41 86 6D A8 33 BE 0A 6F 8B 00 00 00 00 00 00 00 |A.m.3..o........|
11:59:16 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
11:59:16 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
11:59:16 00000080 00 55 7D 63 59 F7 A9 D0 64 2D FB CF E0 CC 3E 17 |.U}cY...d-....>.|
11:59:16 00000090 07 50 D4 57 36 00 00 00 00 00 00 00 00 00 00 00 |.P.W6...........|
11:59:16 000000A0 00 00 00 00 00 00 00 00 00 1D 7F 8D 86 46 3D FD |.............F=.|
11:59:16 000000B0 38 E0 AF BB F8 59 3C 39 83 93 B8 42 C2 |8....Y<9...B.|
11:59:16 000000bd
11:59:16 com.apple.cs.CodeEntitlements:
11:59:16 00000000 FA DE 71 71 00 00 03 15 3C 3F 78 6D 6C 20 76 65 |..qq....<?xml ve|
11:59:16 00000010 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 6E 63 6F |rsion="1.0" enco|
11:59:16 00000020 64 69 6E 67 3D 22 55 54 46 2D 38 22 3F 3E 0A 3C |ding="UTF-8"?>.<|
11:59:16 00000030 21 44 4F 43 54 59 50 45 20 70 6C 69 73 74 20 50 |!DOCTYPE plist P|
11:59:16 00000040 55 42 4C 49 43 20 22 2D 2F 2F 41 70 70 6C 65 2F |UBLIC "-//Apple/|
11:59:16 00000050 2F 44 54 44 20 50 4C 49 53 54 20 31 2E 30 2F 2F |/DTD PLIST 1.0//|
11:59:16 00000060 45 4E 22 20 22 68 74 74 70 3A 2F 2F 77 77 77 2E |EN" "[http://www.|](http://www.|[0m)
11:59:16 00000070 61 70 70 6C 65 2E 63 6F 6D 2F 44 54 44 73 2F 50 |apple.com/DTDs/P|
11:59:16 00000080 72 6F 70 65 72 74 79 4C 69 73 74 2D 31 2E 30 2E |ropertyList-1.0.|
11:59:16 00000090 64 74 64 22 3E 0A 3C 70 6C 69 73 74 20 76 65 72 |dtd">.<plist ver|
11:59:16 000000A0 73 69 6F 6E 3D 22 31 2E 30 22 3E 0A 20 20 3C 64 |sion="1.0">. <d|
11:59:16 000000B0 69 63 74 3E 0A 20 20 20 20 3C 6B 65 79 3E 63 6F |ict>. <key>co|
11:59:16 000000C0 6D 2E 61 70 70 6C 65 2E 73 65 63 75 72 69 74 79 |m.apple.security|
11:59:16 000000D0 2E 61 75 74 6F 6D 61 74 69 6F 6E 2E 61 70 70 6C |.automation.appl|
11:59:16 000000E0 65 2D 65 76 65 6E 74 73 3C 2F 6B 65 79 3E 0A 20 |e-events</key>. |
11:59:16 000000F0 20 20 20 3C 74 72 75 65 2F 3E 0A 20 20 20 20 3C | <true/>. <|
11:59:16 00000100 6B 65 79 3E 63 6F 6D 2E 61 70 70 6C 65 2E 73 65 |key>com.apple.se|
11:59:16 00000110 63 75 72 69 74 79 2E 70 65 72 73 6F 6E 61 6C 2D |curity.personal-|
11:59:16 00000120 69 6E 66 6F 72 6D 61 74 69 6F 6E 2E 70 68 6F 74 |information.phot|
11:59:16 00000130 6F 73 2D 6C 69 62 72 61 72 79 3C 2F 6B 65 79 3E |os-library</key>|
11:59:16 00000140 0A 20 20 20 20 3C 74 72 75 65 2F 3E 0A 20 20 20 |. <true/>. |
11:59:16 00000150 20 3C 6B 65 79 3E 63 6F 6D 2E 61 70 70 6C 65 2E | <key>com.apple.|
11:59:16 00000160 73 65 63 75 72 69 74 79 2E 70 65 72 73 6F 6E 61 |security.persona|
11:59:16 00000170 6C 2D 69 6E 66 6F 72 6D 61 74 69 6F 6E 2E 61 64 |l-information.ad|
11:59:16 00000180 64 72 65 73 73 62 6F 6F 6B 3C 2F 6B 65 79 3E 0A |dressbook</key>.|
11:59:16 00000190 20 20 20 20 3C 74 72 75 65 2F 3E 0A 20 20 20 20 | <true/>. |
11:59:16 000001A0 3C 6B 65 79 3E 63 6F 6D 2E 61 70 70 6C 65 2E 73 |<key>com.apple.s|
11:59:16 000001B0 65 63 75 72 69 74 79 2E 66 69 6C 65 73 2E 75 73 |ecurity.files.us|
11:59:16 000001C0 65 72 2D 73 65 6C 65 63 74 65 64 2E 72 65 61 64 |er-selected.read|
11:59:16 000001D0 2D 6F 6E 6C 79 3C 2F 6B 65 79 3E 0A 20 20 20 20 |-only</key>. |
11:59:16 000001E0 3C 74 72 75 65 2F 3E 0A 20 20 20 20 3C 6B 65 79 |<true/>. <key|
11:59:16 000001F0 3E 63 6F 6D 2E 61 70 70 6C 65 2E 73 65 63 75 72 |>com.apple.secur|
11:59:16 00000200 69 74 79 2E 66 69 6C 65 73 2E 64 6F 77 6E 6C 6F |ity.files.downlo|
11:59:16 00000210 61 64 73 2E 72 65 61 64 2D 6F 6E 6C 79 3C 2F 6B |ads.read-only</k|
11:59:16 00000220 65 79 3E 0A 20 20 20 20 3C 74 72 75 65 2F 3E 0A |ey>. <true/>.|
11:59:16 00000230 20 20 20 20 3C 6B 65 79 3E 63 6F 6D 2E 61 70 70 | <key>com.app|
11:59:16 00000240 6C 65 2E 73 65 63 75 72 69 74 79 2E 61 73 73 65 |le.security.asse|
11:59:16 00000250 74 73 2E 70 69 63 74 75 72 65 73 2E 72 65 61 64 |ts.pictures.read|
11:59:16 00000260 2D 6F 6E 6C 79 3C 2F 6B 65 79 3E 0A 20 20 20 20 |-only</key>. |
11:59:16 00000270 3C 74 72 75 65 2F 3E 0A 20 20 20 20 3C 6B 65 79 |<true/>. <key|
11:59:16 00000280 3E 63 6F 6D 2E 61 70 70 6C 65 2E 73 65 63 75 72 |>com.apple.secur|
11:59:16 00000290 69 74 79 2E 61 73 73 65 74 73 2E 6D 75 73 69 63 |ity.assets.music|
11:59:16 000002A0 2E 72 65 61 64 2D 6F 6E 6C 79 3C 2F 6B 65 79 3E |.read-only</key>|
11:59:16 000002B0 0A 20 20 20 20 3C 74 72 75 65 2F 3E 0A 20 20 20 |. <true/>. |
11:59:16 000002C0 20 3C 6B 65 79 3E 63 6F 6D 2E 61 70 70 6C 65 2E | <key>com.apple.|
11:59:16 000002D0 73 65 63 75 72 69 74 79 2E 61 73 73 65 74 73 2E |security.assets.|
11:59:16 000002E0 6D 6F 76 69 65 73 2E 72 65 61 64 2D 6F 6E 6C 79 |movies.read-only|
11:59:16 000002F0 3C 2F 6B 65 79 3E 0A 20 20 20 20 3C 74 72 75 65 |</key>. <true|
11:59:16 00000300 2F 3E 0A 20 20 3C 2F 64 69 63 74 3E 0A 3C 2F 70 |/>. </dict>.</p|
11:59:16 00000310 6C 69 73 74 3E |list>|
11:59:16 00000315
11:59:16 com.apple.cs.CodeRequirements:
11:59:16 00000000 FA DE 0C 01 00 00 00 A8 00 00 00 01 00 00 00 03 |................|
11:59:16 00000010 00 00 00 14 FA DE 0C 00 00 00 00 94 00 00 00 01 |................|
11:59:16 00000020 00 00 00 06 00 00 00 02 00 00 00 05 57 41 5A 55 |............WAZU|
11:59:16 00000030 48 00 00 00 00 00 00 06 00 00 00 0F 00 00 00 06 |H...............|
11:59:16 00000040 00 00 00 0E 00 00 00 01 00 00 00 0A 2A 86 48 86 |............*.H.|
11:59:16 00000050 F7 63 64 06 02 06 00 00 00 00 00 00 00 00 00 06 |.cd.............|
11:59:16 00000060 00 00 00 0E 00 00 00 00 00 00 00 0A 2A 86 48 86 |............*.H.|
11:59:16 00000070 F7 63 64 06 01 0D 00 00 00 00 00 00 00 00 00 0B |.cd.............|
11:59:16 00000080 00 00 00 00 00 00 00 0A 73 75 62 6A 65 63 74 2E |........subject.|
11:59:16 00000090 4F 55 00 00 00 00 00 01 00 00 00 0A 4B 4C 5A 4B |OU..........KLZK|
11:59:16 000000A0 38 50 36 38 52 35 00 00 |8P68R5..|
11:59:16 000000a8
11:59:16 com.apple.cs.CodeRequirements-1:
11:59:16 00000000 FA DE 0C 02 00 00 01 05 00 02 02 00 00 01 00 00 |................|
11:59:16 00000010 00 00 00 E5 00 00 00 34 00 00 00 05 00 00 00 01 |.......4........|
11:59:16 00000020 00 00 00 F9 20 02 00 00 00 00 00 00 00 00 00 00 |.... ...........|
11:59:16 00000030 00 00 00 3A 57 41 5A 55 48 00 4B 4C 5A 4B 38 50 |...:WAZUH.KLZK8P|
11:59:16 00000040 36 38 52 35 00 C6 C4 F2 CC F2 CC D4 20 68 AA 7C |68R5........ h.||
11:59:16 00000050 3B 21 A1 24 91 13 D9 91 4A 56 A7 CF 35 1B 4F 9D |;!.$....JV..5.O.|
11:59:16 00000060 F2 34 2B B5 83 00 00 00 00 00 00 00 00 00 00 00 |.4+.............|
11:59:16 00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
11:59:16 00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
11:59:16 00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
11:59:16 000000A0 00 00 00 00 00 A2 B0 78 6F BA 5D F9 77 65 06 07 |.......xo.].we..|
11:59:16 000000B0 56 83 28 AE 41 2E FA DE 1D 11 52 42 B5 38 90 A5 |V.(.A.....RB.8..|
11:59:16 000000C0 E6 5B 17 F8 7C 00 00 00 00 00 00 00 00 00 00 00 |.[..|...........|
11:59:16 000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
11:59:16 000000E0 00 00 00 00 00 05 A5 1A D4 F7 E3 E4 47 BF FE 27 |............G..'\''|
11:59:16 000000F0 43 60 25 4B 88 DA 19 ED 5B 2B 51 E2 70 44 C6 55 |C`%K....[+Q.pD.U|
11:59:16 00000100 1E E5 60 75 2D |..`u-|
11:59:16 00000105
11:59:16 com.apple.cs.CodeSignature:
11:59:16 00000000 30 80 06 09 2A 86 48 86 F7 0D 01 07 02 A0 80 30 |0...*.H........0|
11:59:16 00000010 80 02 01 01 31 0F 30 0D 06 09 60 86 48 01 65 03 |....1.0...`.H.e.|
11:59:16 00000020 04 02 01 05 00 30 80 06 09 2A 86 48 86 F7 0D 01 |.....0...*.H....|
11:59:16 00000030 07 01 00 00 A0 82 0E 69 30 82 04 04 30 82 02 EC |.......i0...0...|
11:59:16 00000040 A0 03 02 01 02 02 08 18 7A A9 A8 C2 96 21 0C 30 |........z....!.0|
11:59:16 00000050 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 62 |...*.H........0b|
11:59:16 00000060 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 |1.0...U....US1.0|
11:59:16 00000070 11 06 03 55 04 0A 13 0A 41 70 70 6C 65 20 49 6E |...U....Apple In|
11:59:16 00000080 63 2E 31 26 30 24 06 03 55 04 0B 13 1D 41 70 70 |c.1&0$..U....App|
11:59:16 00000090 6C 65 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E |le Certification|
11:59:16 000000A0 20 41 75 74 68 6F 72 69 74 79 31 16 30 14 06 03 | Authority1.0...|
11:59:16 000000B0 55 04 03 13 0D 41 70 70 6C 65 20 52 6F 6F 74 20 |U....Apple Root |
11:59:16 000000C0 43 41 30 1E 17 0D 31 32 30 32 30 31 32 32 31 32 |CA0...1202012212|
11:59:16 000000D0 31 35 5A 17 0D 32 37 30 32 30 31 32 32 31 32 31 |15Z..27020122121|
11:59:16 000000E0 35 5A 30 79 31 2D 30 2B 06 03 55 04 03 0C 24 44 |5Z0y1-0+..U...$D|
11:59:16 000000F0 65 76 65 6C 6F 70 65 72 20 49 44 20 43 65 72 74 |eveloper ID Cert|
11:59:16 00000100 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 |ification Author|
11:59:16 00000110 69 74 79 31 26 30 24 06 03 55 04 0B 0C 1D 41 70 |ity1&0$..U....Ap|
11:59:16 00000120 70 6C 65 20 43 65 72 74 69 66 69 63 61 74 69 6F |ple Certificatio|
11:59:16 00000130 6E 20 41 75 74 68 6F 72 69 74 79 31 13 30 11 06 |n Authority1.0..|
11:59:16 00000140 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49 6E 63 2E |.U....Apple Inc.|
11:59:16 00000150 31 0B 30 09 06 03 55 04 06 13 02 55 53 30 82 01 |1.0...U....US0..|
11:59:16 00000160 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 |"0...*.H........|
11:59:16 00000170 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 89 76 |.....0.........v|
11:59:16 00000180 4F 06 5B 9A 41 EE A5 23 2B 02 A3 5F D7 73 3F C0 |O.[.A..#+.._.s?.|
11:59:16 00000190 35 B0 8B 84 0A 3F 06 24 7F A7 95 3F EB 4F 0E 93 |5....?.$...?.O..|
11:59:16 000001A0 AF B4 0E D0 C8 3E E5 6D 18 B3 1F E8 89 47 BF D7 |.....>.m.....G..|
11:59:16 000001B0 09 08 E4 FF 56 98 29 15 E7 94 9D B9 35 A3 0A CD |....V.).....5...|
11:59:16 000001C0 B4 C0 E1 E2 60 F4 CA EC 29 78 45 69 69 60 6B 5F |....`...)xEii`k_|
11:59:16 000001D0 8A 92 FC 9E 23 E6 3A C2 22 B3 31 4F 1C BA F2 B6 |....#.:.".1O....|
11:59:16 000001E0 34 59 42 EE B0 A9 02 03 18 91 04 B6 B3 78 2E 33 |4YB..........x.3|
11:59:16 000001F0 1F 80 45 0D 45 6F BB 0E 5A 5B 7F 3A E7 D8 08 D7 |..E.Eo..Z[.:....|
11:59:16 00000200 0B 0E 32 6D FB 86 36 E4 6C AB C4 11 8A 70 84 26 |..2m..6.l....p.&|
11:59:16 00000210 AA 9F 44 D1 F1 B8 C6 7B 94 17 9B 48 F7 0B 58 16 |..D....{...H..X.|
11:59:16 00000220 BA 23 C5 9F 15 39 7E CA 5D C3 32 5F 0F E0 52 7F |.#...9~.].2_..R.|
11:59:16 00000230 40 EA BE AC 08 64 95 5B C9 1A 9C E5 80 CA 1F 6A |@....d.[.......j|
11:59:16 00000240 44 1C 6C 3E C4 B0 26 1F 1D EC 7B AF 5E A0 6A 3D |D.l>..&...{.^.j=|
11:59:16 00000250 47 A9 58 12 31 3F 20 76 28 6D 1D 1C B0 C2 4E 11 |G.X.1? v(m....N.|
11:59:16 00000260 69 26 8B CB D6 D0 11 82 C9 4E 0F F1 56 74 D0 D9 |i&.......N..Vt..|
11:59:16 00000270 08 4B 66 78 A2 AB AC A7 E2 D2 4C 87 59 C9 02 03 |.Kfx......L.Y...|
11:59:16 00000280 01 00 01 A3 81 A6 30 81 A3 30 1D 06 03 55 1D 0E |......0..0...U..|
11:59:16 00000290 04 16 04 14 57 17 ED A2 CF DC 7C 98 A1 10 E0 FC |....W.....|.....|
11:59:16 000002A0 BE 87 2D 2C F2 E3 17 54 30 0F 06 03 55 1D 13 01 |..-,...T0...U...|
11:59:16 000002B0 01 FF 04 05 30 03 01 01 FF 30 1F 06 03 55 1D 23 |....0....0...U.#|
11:59:16 000002C0 04 18 30 16 80 14 2B D0 69 47 94 76 09 FE F4 6B |..0...+.iG.v...k|
11:59:16 000002D0 8D 2E 40 A6 F7 47 4D 7F 08 5E 30 2E 06 03 55 1D |[email protected]..^0...U.|
11:59:16 000002E0 1F 04 27 30 25 30 23 A0 21 A0 1F 86 1D 68 74 74 |..'\''0%0#.!....htt|
11:59:16 000002F0 70 3A 2F 2F 63 72 6C 2E 61 70 70 6C 65 2E 63 6F |p://crl.apple.co|
11:59:16 00000300 6D 2F 72 6F 6F 74 2E 63 72 6C 30 0E 06 03 55 1D |m/root.crl0...U.|
11:59:16 00000310 0F 01 01 FF 04 04 03 02 01 86 30 10 06 0A 2A 86 |..........0...*.|
11:59:16 00000320 48 86 F7 63 64 06 02 06 04 02 05 00 30 0D 06 09 |H..cd.......0...|
11:59:16 00000330 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 |*.H.............|
11:59:16 00000340 42 39 74 6B A1 DC C6 A4 8F 37 2A 8C B3 1D 0A 44 |B9tk.....7*....D|
11:59:16 00000350 BC 95 2C 7F BC 59 B8 AC 61 FB 07 90 92 32 B9 D4 |..,..Y..a....2..|
11:59:16 00000360 BF 3B C1 50 39 6A 44 74 A2 EC 5B 1F 70 E5 AA DD |.;.P9jDt..[.p...|
11:59:16 00000370 4B 6C 1C 23 71 2D 5F D1 C5 93 BE EE 9B 8A 70 65 |Kl.#q-_.......pe|
11:59:16 00000380 82 9D 16 E3 1A 10 17 89 2D A8 CD FD 0C 78 58 49 |........-....xXI|
11:59:16 00000390 0C 28 7F 33 EE 00 7A 1B B4 76 AC B6 B5 BB 4F DF |.(.3..z..v....O.|
11:59:16 000003A0 A8 1B 9D C8 19 97 4A 0B 56 67 2F C2 3E B6 B3 C4 |......J.Vg/.>...|
11:59:16 000003B0 83 3A F0 77 6D 74 C4 2E 23 51 EE 9A A5 03 6F 60 |.:.wmt..#Q....o`|
11:59:16 000003C0 F4 A5 48 A7 06 C2 BB 5A E2 1F 1F 46 45 7E E4 97 |..H....Z...FE~..|
11:59:16 000003D0 F5 27 10 B7 20 22 72 6F 72 DA C6 50 75 C5 3D 25 |.'\''.. "ror..Pu.=%|
11:59:16 000003E0 8F 5D A3 00 E9 9F 36 8C 48 39 8F B3 3B EA 90 80 |.]....6.H9..;...|
11:59:16 000003F0 2E 95 9A 60 F4 78 CE F4 0E 0A 53 3E A2 FA 4F D8 |...`.x....S>..O.|
11:59:16 00000400 1E AE 84 95 8D 32 BC 56 4D 89 E9 78 18 E0 AC 9A |.....2.VM..x....|
11:59:16 00000410 42 BA 7A 46 1B 84 A2 89 CE 14 E8 88 D1 58 8B F6 |B.zF.........X..|
11:59:16 00000420 AE 56 C4 2C 05 2A 45 AF 0B D9 4B A9 02 0F 34 AC |.V.,.*E...K...4.|
11:59:16 00000430 88 C7 61 55 89 44 C9 27 73 07 EE 82 E5 4E F5 70 |..aU.D.'\''s....N.p|
11:59:16 00000440 30 82 04 BB 30 82 03 A3 A0 03 02 01 02 02 01 02 |0...0...........|
11:59:16 00000450 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 |0...*.H........0|
11:59:16 00000460 62 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 |b1.0...U....US1.|
11:59:16 00000470 30 11 06 03 55 04 0A 13 0A 41 70 70 6C 65 20 49 |0...U....Apple I|
11:59:16 00000480 6E 63 2E 31 26 30 24 06 03 55 04 0B 13 1D 41 70 |nc.1&0$..U....Ap|
11:59:16 00000490 70 6C 65 20 43 65 72 74 69 66 69 63 61 74 69 6F |ple Certificatio|
11:59:16 000004A0 6E 20 41 75 74 68 6F 72 69 74 79 31 16 30 14 06 |n Authority1.0..|
11:59:16 000004B0 03 55 04 03 13 0D 41 70 70 6C 65 20 52 6F 6F 74 |.U....Apple Root|
11:59:16 000004C0 20 43 41 30 1E 17 0D 30 36 30 34 32 35 32 31 34 | CA0...060425214|
11:59:16 000004D0 30 33 36 5A 17 0D 33 35 30 32 30 39 32 31 34 30 |036Z..3502092140|
11:59:16 000004E0 33 36 5A 30 62 31 0B 30 09 06 03 55 04 06 13 02 |36Z0b1.0...U....|
11:59:16 000004F0 55 53 31 13 30 11 06 03 55 04 0A 13 0A 41 70 70 |US1.0...U....App|
11:59:16 00000500 6C 65 20 49 6E 63 2E 31 26 30 24 06 03 55 04 0B |le Inc.1&0$..U..|
11:59:16 00000510 13 1D 41 70 70 6C 65 20 43 65 72 74 69 66 69 63 |..Apple Certific|
11:59:16 00000520 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 |ation Authority1|
11:59:16 00000530 16 30 14 06 03 55 04 03 13 0D 41 70 70 6C 65 20 |.0...U....Apple |
11:59:16 00000540 52 6F 6F 74 20 43 41 30 82 01 22 30 0D 06 09 2A |Root CA0.."0...*|
11:59:16 00000550 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 |.H.............0|
11:59:16 00000560 82 01 0A 02 82 01 01 00 E4 91 A9 09 1F 91 DB 1E |................|
11:59:16 00000570 47 50 EB 05 ED 5E 79 84 2D EB 36 A2 57 4C 55 EC |GP...^y.-.6.WLU.|
11:59:16 00000580 8B 19 89 DE F9 4B 6C F5 07 AB 22 30 02 E8 18 3E |.....Kl..."0...>|
11:59:16 00000590 F8 50 09 D3 7F 41 A8 98 F9 D1 CA 66 9C 24 6B 11 |.P...A.....f.$k.|
11:59:16 000005A0 D0 A3 BB E4 1B 2A C3 1F 95 9E 7A 0C A4 47 8B 5B |.....*....z..G.[|
11:59:16 000005B0 D4 16 37 33 CB C4 0F 4D CE 14 69 D1 C9 19 72 F5 |..73...M..i...r.|
11:59:16 000005C0 5D 0E D5 7F 5F 9B F2 25 03 BA 55 8F 4D 5D 0D F1 |]..._..%..U.M]..|
11:59:16 000005D0 64 35 23 15 4B 15 59 1D B3 94 F7 F6 9C 9E CF 50 |d5#.K.Y........P|
11:59:16 000005E0 BA C1 58 50 67 8F 08 B4 20 F7 CB AC 2C 20 6F 70 |..XPg... ..., op|
11:59:16 000005F0 B6 3F 01 30 8C B7 43 CF 0F 9D 3D F3 2B 49 28 1A |.?.0..C...=.+I(.|
11:59:16 00000600 C8 FE CE B5 B9 0E D9 5E 1C D6 CB 3D B5 3A AD F4 |.......^...=.:..|
11:59:16 00000610 0F 0E 00 92 0B B1 21 16 2E 74 D5 3C 0D DB 62 16 |......!..t.<..b.|
11:59:16 00000620 AB A3 71 92 47 53 55 C1 AF 2F 41 B3 F8 FB E3 70 |..q.GSU../A....p|
11:59:16 00000630 CD E6 A3 4C 45 7E 1F 4C 6B 50 96 41 89 C4 74 62 |...LE~.LkP.A..tb|
11:59:16 00000640 0B 10 83 41 87 33 8A 81 B1 30 58 EC 5A 04 32 8C |...A.3...0X.Z.2.|
11:59:16 00000650 68 B3 8F 1D DE 65 73 FF 67 5E 65 BC 49 D8 76 9F |h....es.g^e.I.v.|
11:59:16 00000660 33 14 65 A1 77 94 C9 2D 02 03 01 00 01 A3 82 01 |3.e.w..-........|
11:59:16 00000670 7A 30 82 01 76 30 0E 06 03 55 1D 0F 01 01 FF 04 |z0..v0...U......|
11:59:16 00000680 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 |.....0...U......|
11:59:16 00000690 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 |.0....0...U.....|
11:59:16 000006A0 14 2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 |.+.iG.v...k..@..|
11:59:16 000006B0 47 4D 7F 08 5E 30 1F 06 03 55 1D 23 04 18 30 16 |GM..^0...U.#..0.|
11:59:16 000006C0 80 14 2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 |..+.iG.v...k..@.|
11:59:16 000006D0 F7 47 4D 7F 08 5E 30 82 01 11 06 03 55 1D 20 04 |.GM..^0.....U. .|
11:59:16 000006E0 82 01 08 30 82 01 04 30 82 01 00 06 09 2A 86 48 |...0...0.....*.H|
11:59:16 000006F0 86 F7 63 64 05 01 30 81 F2 30 2A 06 08 2B 06 01 |..cd..0..0*..+..|
11:59:16 00000700 05 05 07 02 01 16 1E 68 74 74 70 73 3A 2F 2F 77 |.......[https://w|](https://w|[0m)
11:59:16 00000710 77 77 2E 61 70 70 6C 65 2E 63 6F 6D 2F 61 70 70 |ww.apple.com/app|
11:59:16 00000720 6C 65 63 61 2F 30 81 C3 06 08 2B 06 01 05 05 07 |leca/0....+.....|
11:59:16 00000730 02 02 30 81 B6 1A 81 B3 52 65 6C 69 61 6E 63 65 |..0.....Reliance|
11:59:16 00000740 20 6F 6E 20 74 68 69 73 20 63 65 72 74 69 66 69 | on this certifi|
11:59:16 00000750 63 61 74 65 20 62 79 20 61 6E 79 20 70 61 72 74 |cate by any part|
11:59:16 00000760 79 20 61 73 73 75 6D 65 73 20 61 63 63 65 70 74 |y assumes accept|
11:59:16 00000770 61 6E 63 65 20 6F 66 20 74 68 65 20 74 68 65 6E |ance of the then|
11:59:16 00000780 20 61 70 70 6C 69 63 61 62 6C 65 20 73 74 61 6E | applicable stan|
11:59:16 00000790 64 61 72 64 20 74 65 72 6D 73 20 61 6E 64 20 63 |dard terms and c|
11:59:16 000007A0 6F 6E 64 69 74 69 6F 6E 73 20 6F 66 20 75 73 65 |onditions of use|
11:59:16 000007B0 2C 20 63 65 72 74 69 66 69 63 61 74 65 20 70 6F |, certificate po|
11:59:16 000007C0 6C 69 63 79 20 61 6E 64 20 63 65 72 74 69 66 69 |licy and certifi|
11:59:16 000007D0 63 61 74 69 6F 6E 20 70 72 61 63 74 69 63 65 20 |cation practice |
11:59:16 000007E0 73 74 61 74 65 6D 65 6E 74 73 2E 30 0D 06 09 2A |statements.0...*|
11:59:16 000007F0 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 5C |.H..............|
11:59:16 00000800 36 99 4C 2D 78 B7 ED 8C 9B DC F3 77 9B F2 76 D2 |6.L-x......w..v.|
11:59:16 00000810 77 30 4F C1 1F 85 83 85 1B 99 3D 47 37 F2 A9 9B |w0O.......=G7...|
11:59:16 00000820 40 8E 2C D4 B1 90 12 D8 BE F4 73 9B EE D2 64 0F |@.,.......s...d.|
11:59:16 00000830 CB 79 4F 34 D8 A2 3E F9 78 FF 6B C8 07 EC 7D 39 |.yO4..>.x.k...}9|
11:59:16 00000840 83 8B 53 20 D3 38 C4 B1 BF 9A 4F 0A 6B FF 2B FC |..S .8....O.k.+.|
11:59:16 00000850 59 A7 05 09 7C 17 40 56 11 1E 74 D3 B7 8B 23 3B |Y...|[email protected]...#;|
11:59:16 00000860 47 A3 D5 6F 24 E2 EB D1 B7 70 DF 0F 45 E1 27 CA |G..o$....p..E.'\''.|
11:59:16 00000870 F1 6D 78 ED E7 B5 17 17 A8 DC 7E 22 35 CA 25 D5 |.mx.......~"5.%.|
11:59:16 00000880 D9 0F D6 6B D4 A2 24 23 11 F7 A1 AC 8F 73 81 60 |...k..$#.....s.`|
11:59:16 00000890 C6 1B 5B 09 2F 92 B2 F8 44 48 F0 60 38 9E 15 F5 |..[./...DH.`8...|
11:59:16 000008A0 3D 26 67 20 8A 33 6A F7 0D 82 CF DE EB A3 2F F9 |=&g .3j......./.|
11:59:16 000008B0 53 6A 5B 64 C0 63 33 77 F7 3A 07 2C 56 EB DA 0F |Sj[d.c3w.:.,V...|
11:59:16 000008C0 21 0E DA BA 73 19 4F B5 D9 36 7F C1 87 55 D9 A7 |!...s.O..6...U..|
11:59:16 000008D0 99 B9 32 42 FB D8 D5 71 9E 7E A1 52 B7 1B BD 93 |..2B...q.~.R....|
11:59:16 000008E0 42 24 12 2A C7 0F 1D B6 4D 9C 5E 63 C8 4B 80 17 |B$.*....M.^c.K..|
11:59:16 000008F0 50 AA 8A D5 DA E4 FC D0 09 07 37 B0 75 75 21 30 |P.........7.uu!0|
11:59:16 00000900 82 05 9E 30 82 04 86 A0 03 02 01 02 02 08 28 F7 |...0..........(.|
11:59:16 00000910 C2 01 6A 72 C2 78 30 0D 06 09 2A 86 48 86 F7 0D |..jr.x0...*.H...|
11:59:16 00000920 01 01 0B 05 00 30 79 31 2D 30 2B 06 03 55 04 03 |.....0y1-0+..U..|
11:59:16 00000930 0C 24 44 65 76 65 6C 6F 70 65 72 20 49 44 20 43 |.$Developer ID C|
11:59:16 00000940 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 74 |ertification Aut|
11:59:16 00000950 68 6F 72 69 74 79 31 26 30 24 06 03 55 04 0B 0C |hority1&0$..U...|
11:59:16 00000960 1D 41 70 70 6C 65 20 43 65 72 74 69 66 69 63 61 |.Apple Certifica|
11:59:16 00000970 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 13 |tion Authority1.|
11:59:16 00000980 30 11 06 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49 |0...U....Apple I|
11:59:16 00000990 6E 63 2E 31 0B 30 09 06 03 55 04 06 13 02 55 53 |nc.1.0...U....US|
11:59:16 000009A0 30 1E 17 0D 32 32 30 32 30 37 32 31 30 31 33 36 |0...220207210136|
11:59:16 000009B0 5A 17 0D 32 37 30 32 30 31 32 32 31 32 31 35 5A |Z..270201221215Z|
11:59:16 000009C0 30 81 8D 31 1A 30 18 06 0A 09 92 26 89 93 F2 2C |0..1.0.....&...,|
11:59:16 000009D0 64 01 01 0C 0A 4B 4C 5A 4B 38 50 36 38 52 35 31 |d....KLZK8P68R51|
11:59:16 000009E0 39 30 37 06 03 55 04 03 0C 30 44 65 76 65 6C 6F |907..U...0Develo|
11:59:16 000009F0 70 65 72 20 49 44 20 41 70 70 6C 69 63 61 74 69 |per ID Applicati|
11:59:16 00000A00 6F 6E 3A 20 57 61 7A 75 68 20 49 6E 63 20 28 4B |on: Wazuh Inc (K|
11:59:16 00000A10 4C 5A 4B 38 50 36 38 52 35 29 31 13 30 11 06 03 |LZK8P68R5)1.0...|
11:59:16 00000A20 55 04 0B 0C 0A 4B 4C 5A 4B 38 50 36 38 52 35 31 |U....KLZK8P68R51|
11:59:16 00000A30 12 30 10 06 03 55 04 0A 0C 09 57 61 7A 75 68 20 |.0...U....Wazuh |
11:59:16 00000A40 49 6E 63 31 0B 30 09 06 03 55 04 06 13 02 55 53 |Inc1.0...U....US|
11:59:16 00000A50 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 |0.."0...*.H.....|
11:59:16 00000A60 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 |........0.......|
11:59:16 00000A70 00 CD A2 A0 BE C3 18 7A 7B 9F DB 38 D7 4E 1E 26 |.......z{..8.N.&|
11:59:16 00000A80 90 16 1E 25 D7 F5 30 24 2D F6 BC 12 14 2F 82 5C |...%..0$-..../..|
11:59:16 00000A90 B5 01 69 21 B3 75 EC 54 34 A4 E0 E5 F6 58 A1 F5 |..i!.u.T4....X..|
11:59:16 00000AA0 9E 00 BA BE 48 E9 1F D8 B9 2C 53 7A D9 1D 5B B0 |....H....,Sz..[.|
11:59:16 00000AB0 61 B6 E2 F0 AA 0A A4 A5 37 25 11 37 6D 88 3F 59 |a.......7%.7m.?Y|
11:59:16 00000AC0 14 CC 4E 15 88 60 1D AC 52 AF 46 05 5C 0F 84 AE |..N..`..R.F.....|
11:59:16 00000AD0 FE BE 2C AC 04 DC 5E 39 56 35 37 23 2A 9A 89 C2 |..,...^9V57#*...|
11:59:16 00000AE0 43 34 B6 B4 35 A7 FF A4 B8 DB EC 7E 8A 74 59 38 |C4..5......~.tY8|
11:59:16 00000AF0 C9 87 7E E7 5A ED 18 BA 8D 88 11 44 25 B0 02 06 |..~.Z......D%...|
11:59:16 00000B00 3B 86 F5 46 7D 98 6D 54 40 28 6E 0A 6C 73 22 5B |;..F}.mT@(n.ls"[|
11:59:16 00000B10 CB 80 C6 A9 D0 D8 54 99 07 24 1D E4 1D B3 A8 3A |......T..$.....:|
11:59:16 00000B20 96 A7 79 1D 80 94 97 CD 54 35 80 BA 6F B7 5F 27 |..y.....T5..o._'\''|
11:59:16 00000B30 59 17 69 76 8B 7C 2D A6 88 9D 35 E3 8F 30 F8 C8 |Y.iv.|-...5..0..|
11:59:16 00000B40 6E 87 63 87 9B 96 66 E2 D6 7C 72 5B 95 E5 3E C0 |n.c...f..|r[..>.|
11:59:16 00000B50 2B 64 5C 1D 3C 27 42 4E CA 78 E7 41 7D 0D DB 4A |+d..<'\''BN.x.A}..J|
11:59:16 00000B60 DF A4 89 38 08 E0 69 26 36 2F F3 86 3F 16 6A 5F |...8..i&6/..?.j_|
11:59:16 00000B70 93 02 03 01 00 01 A3 82 02 13 30 82 02 0F 30 0C |..........0...0.|
11:59:16 00000B80 06 03 55 1D 13 01 01 FF 04 02 30 00 30 1F 06 03 |..U.......0.0...|
11:59:16 00000B90 55 1D 23 04 18 30 16 80 14 57 17 ED A2 CF DC 7C |U.#..0...W.....||
11:59:16 00000BA0 98 A1 10 E0 FC BE 87 2D 2C F2 E3 17 54 30 40 06 |.......-,...T0@.|
11:59:16 00000BB0 08 2B 06 01 05 05 07 01 01 04 34 30 32 30 30 06 |.+........40200.|
11:59:16 00000BC0 08 2B 06 01 05 05 07 30 01 86 24 68 74 74 70 3A |.+.....0..$http:|
11:59:16 00000BD0 2F 2F 6F 63 73 70 2E 61 70 70 6C 65 2E 63 6F 6D |//ocsp.apple.com|
11:59:16 00000BE0 2F 6F 63 73 70 30 33 2D 64 65 76 69 64 30 36 30 |/ocsp03-devid060|
11:59:16 00000BF0 82 01 1D 06 03 55 1D 20 04 82 01 14 30 82 01 10 |.....U. ....0...|
11:59:16 00000C00 30 82 01 0C 06 09 2A 86 48 86 F7 63 64 05 01 30 |0.....*.H..cd..0|
11:59:16 00000C10 81 FE 30 81 C3 06 08 2B 06 01 05 05 07 02 02 30 |..0....+.......0|
11:59:16 00000C20 81 B6 0C 81 B3 52 65 6C 69 61 6E 63 65 20 6F 6E |.....Reliance on|
11:59:16 00000C30 20 74 68 69 73 20 63 65 72 74 69 66 69 63 61 74 | this certificat|
11:59:16 00000C40 65 20 62 79 20 61 6E 79 20 70 61 72 74 79 20 61 |e by any party a|
11:59:16 00000C50 73 73 75 6D 65 73 20 61 63 63 65 70 74 61 6E 63 |ssumes acceptanc|
11:59:16 00000C60 65 20 6F 66 20 74 68 65 20 74 68 65 6E 20 61 70 |e of the then ap|
11:59:16 00000C70 70 6C 69 63 61 62 6C 65 20 73 74 61 6E 64 61 72 |plicable standar|
11:59:16 00000C80 64 20 74 65 72 6D 73 20 61 6E 64 20 63 6F 6E 64 |d terms and cond|
11:59:16 00000C90 69 74 69 6F 6E 73 20 6F 66 20 75 73 65 2C 20 63 |itions of use, c|
11:59:16 00000CA0 65 72 74 69 66 69 63 61 74 65 20 70 6F 6C 69 63 |ertificate polic|
11:59:16 00000CB0 79 20 61 6E 64 20 63 65 72 74 69 66 69 63 61 74 |y and certificat|
11:59:16 00000CC0 69 6F 6E 20 70 72 61 63 74 69 63 65 20 73 74 61 |ion practice sta|
11:59:16 00000CD0 74 65 6D 65 6E 74 73 2E 30 36 06 08 2B 06 01 05 |tements.06..+...|
11:59:16 00000CE0 05 07 02 01 16 2A 68 74 74 70 3A 2F 2F 77 77 77 |.....*[http://www|](http://www|[0m)
11:59:16 00000CF0 2E 61 70 70 6C 65 2E 63 6F 6D 2F 63 65 72 74 69 |.apple.com/certi|
11:59:16 00000D00 66 69 63 61 74 65 61 75 74 68 6F 72 69 74 79 2F |ficateauthority/|
11:59:16 00000D10 30 16 06 03 55 1D 25 01 01 FF 04 0C 30 0A 06 08 |0...U.%.....0...|
11:59:16 00000D20 2B 06 01 05 05 07 03 03 30 1D 06 03 55 1D 0E 04 |+.......0...U...|
11:59:16 00000D30 16 04 14 EC CC 94 AB 43 B2 C1 B2 C9 CF 84 C2 C0 |.......C........|
11:59:16 00000D40 CB 92 4A E4 B0 CF AC 30 0E 06 03 55 1D 0F 01 01 |..J....0...U....|
11:59:16 00000D50 FF 04 04 03 02 07 80 30 1F 06 0A 2A 86 48 86 F7 |.......0...*.H..|
11:59:16 00000D60 63 64 06 01 21 04 11 0C 0F 32 30 31 39 30 37 30 |cd..!....2019070|
11:59:16 00000D70 31 30 30 30 30 30 30 5A 30 13 06 0A 2A 86 48 86 |1000000Z0...*.H.|
11:59:16 00000D80 F7 63 64 06 01 0D 01 01 FF 04 02 05 00 30 0D 06 |.cd..........0..|
11:59:16 00000D90 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 |.*.H............|
11:59:16 00000DA0 00 2E C9 1D 41 9D 58 7B 30 32 DD 24 AF 2C 92 B1 |....A.X{02.$.,..|
11:59:16 00000DB0 76 5C 42 3D 74 4C 1B FA 94 6D 8A 27 9A 74 96 45 |v.B=tL...m.'\''.t.E|
11:59:16 00000DC0 AD 37 83 3B 5E 86 CE CE 40 FC 0A 7A C6 68 8B 6A |.7.;^[email protected]|
11:59:16 00000DD0 9F 7C 4F 08 D6 37 26 B6 16 11 9C CC BF 3B 7D F9 |.|O..7&......;}.|
11:59:16 00000DE0 52 61 E8 3A B0 E6 A2 64 4C 4C A0 B0 7A 15 92 11 |Ra.:...dLL..z...|
11:59:16 00000DF0 8E D0 5F 0A 03 9D 05 C7 7F 78 87 AA 99 B2 41 03 |.._......x....A.|
11:59:16 00000E00 23 8D AD 0F 8D 58 F3 4A 5A C9 C9 9C FF 6E 06 F9 |#....X.JZ....n..|
11:59:16 00000E10 77 E4 B6 C3 AB E8 EB 05 2A BF B8 CD 81 74 E9 24 |w.......*....t.$|
11:59:16 00000E20 7C EB 0F 7A 8C F8 FF 0A 1E 89 EC 8C 01 6E BA FE ||..z.........n..|
11:59:16 00000E30 50 C2 52 90 61 F6 04 D3 EC D4 B3 A9 CF 23 DD 66 |P.R.a........#.f|
11:59:16 00000E40 82 A7 DD 4B 6E D3 AD F5 47 9A A3 09 71 67 9E 1E |...Kn...G...qg..|
11:59:16 00000E50 D6 83 11 83 AF 8A 8C 90 AA A3 12 88 74 0F EE DD |............t...|
11:59:16 00000E60 CE 77 81 57 05 39 B2 C9 6C 0C AC 1B 24 C9 F8 B4 |.w.W.9..l...$...|
11:59:16 00000E70 1B 62 50 D9 0A 40 F0 14 28 8B 5D B5 9D A9 35 35 |.bP..@..(.]...55|
11:59:16 00000E80 88 14 74 00 EC 31 42 A9 81 8B 14 6D 9E 91 78 D0 |..t..1B....m..x.|
11:59:16 00000E90 C2 73 92 4A 88 56 55 80 44 DD 72 C3 52 73 B8 FC |.s.J.VU.D.r.Rs..|
11:59:16 00000EA0 F2 31 82 14 AD 30 82 14 A9 02 01 01 30 81 85 30 |.1...0......0..0|
11:59:16 00000EB0 79 31 2D 30 2B 06 03 55 04 03 0C 24 44 65 76 65 |y1-0+..U...$Deve|
11:59:16 00000EC0 6C 6F 70 65 72 20 49 44 20 43 65 72 74 69 66 69 |loper ID Certifi|
11:59:16 00000ED0 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 |cation Authority|
11:59:16 00000EE0 31 26 30 24 06 03 55 04 0B 0C 1D 41 70 70 6C 65 |1&0$..U....Apple|
11:59:16 00000EF0 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 | Certification A|
11:59:16 00000F00 75 74 68 6F 72 69 74 79 31 13 30 11 06 03 55 04 |uthority1.0...U.|
11:59:16 00000F10 0A 0C 0A 41 70 70 6C 65 20 49 6E 63 2E 31 0B 30 |...Apple Inc.1.0|
11:59:16 00000F20 09 06 03 55 04 06 13 02 55 53 02 08 28 F7 C2 01 |...U....US..(...|
11:59:16 00000F30 6A 72 C2 78 30 0D 06 09 60 86 48 01 65 03 04 02 |jr.x0...`.H.e...|
11:59:16 00000F40 01 05 00 A0 82 02 25 30 18 06 09 2A 86 48 86 F7 |......%0...*.H..|
11:59:16 00000F50 0D 01 09 03 31 0B 06 09 2A 86 48 86 F7 0D 01 07 |....1...*.H.....|
11:59:16 00000F60 01 30 1C 06 09 2A 86 48 86 F7 0D 01 09 05 31 0F |.0...*.H......1.|
11:59:16 00000F70 17 0D 32 32 31 32 32 33 31 30 35 36 34 39 5A 30 |..221223105649Z0|
11:59:16 00000F80 2F 06 09 2A 86 48 86 F7 0D 01 09 04 31 22 04 20 |/..*.H......1". |
11:59:16 00000F90 1D 65 3A 73 B4 D8 E4 5E F6 39 D0 68 63 ED 66 45 |.e:s...^.9.hc.fE|
11:59:16 00000FA0 BB 0C 68 AD B1 F3 D9 0B FB 86 33 63 EA CD FA E8 |..h.......3c....|
11:59:16 00000FB0 30 5B 06 09 2A 86 48 86 F7 63 64 09 02 31 4E 30 |0[..*.H..cd..1N0|
11:59:16 00000FC0 2D 06 09 60 86 48 01 65 03 04 02 01 04 20 A7 D9 |-..`.H.e..... ..|
11:59:16 00000FD0 94 F7 48 E2 5A 6C D3 0E B2 B0 4B F8 6B 8B CB 6A |..H.Zl....K.k..j|
11:59:16 00000FE0 35 4C B6 7C B2 EB C2 2D 09 09 E5 04 4C 91 30 1D |5L.|...-....L.0.|
11:59:16 00000FF0 06 05 2B 0E 03 02 1A 04 14 86 6B E1 9C B1 89 C3 |..+.......k.....|
11:59:16 00001000 30 2E EF 65 FE 8F FC 57 3E 83 87 90 BA 30 82 01 |0..e...W>....0..|
11:59:16 00001010 5B 06 09 2A 86 48 86 F7 63 64 09 01 31 82 01 4C |[..*.H..cd..1..L|
11:59:16 00001020 04 82 01 48 3C 3F 78 6D 6C 20 76 65 72 73 69 6F |...H<?xml versio|
11:59:16 00001030 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 |n="1.0" encoding|
11:59:16 00001040 3D 22 55 54 46 2D 38 22 3F 3E 0A 3C 21 44 4F 43 |="UTF-8"?>.<!DOC|
11:59:16 00001050 54 59 50 45 20 70 6C 69 73 74 20 50 55 42 4C 49 |TYPE plist PUBLI|
11:59:16 00001060 43 20 22 2D 2F 2F 41 70 70 6C 65 2F 2F 44 54 44 |C "-//Apple//DTD|
11:59:16 00001070 20 50 4C 49 53 54 20 31 2E 30 2F 2F 45 4E 22 20 | PLIST 1.0//EN" |
11:59:16 00001080 22 68 74 74 70 3A 2F 2F 77 77 77 2E 61 70 70 6C |"[http://www.appl|](http://www.appl|[0m)
11:59:16 00001090 65 2E 63 6F 6D 2F 44 54 44 73 2F 50 72 6F 70 65 |e.com/DTDs/Prope|
11:59:16 000010A0 72 74 79 4C 69 73 74 2D 31 2E 30 2E 64 74 64 22 |rtyList-1.0.dtd"|
11:59:16 000010B0 3E 0A 3C 70 6C 69 73 74 20 76 65 72 73 69 6F 6E |>.<plist version|
11:59:16 000010C0 3D 22 31 2E 30 22 3E 0A 3C 64 69 63 74 3E 0A 09 |="1.0">.<dict>..|
11:59:16 000010D0 3C 6B 65 79 3E 63 64 68 61 73 68 65 73 3C 2F 6B |<key>cdhashes</k|
11:59:16 000010E0 65 79 3E 0A 09 3C 61 72 72 61 79 3E 0A 09 09 3C |ey>..<array>...<|
11:59:16 000010F0 64 61 74 61 3E 0A 09 09 68 6D 76 68 6E 4C 47 4A |data>...hmvhnLGJ|
11:59:16 00001100 77 7A 41 75 37 32 58 2B 6A 2F 78 58 50 6F 4F 48 |wzAu72X+j/xXPoOH|
11:59:16 00001110 6B 4C 6F 3D 0A 09 09 3C 2F 64 61 74 61 3E 0A 09 |kLo=...</data>..|
11:59:16 00001120 09 3C 64 61 74 61 3E 0A 09 09 70 39 6D 55 39 30 |.<data>...p9mU90|
11:59:16 00001130 6A 69 57 6D 7A 54 44 72 4B 77 53 2F 68 72 69 38 |jiWmzTDrKwS/hri8|
11:59:16 00001140 74 71 4E 55 77 3D 0A 09 09 3C 2F 64 61 74 61 3E |tqNUw=...</data>|
11:59:16 00001150 0A 09 3C 2F 61 72 72 61 79 3E 0A 3C 2F 64 69 63 |..</array>.</dic|
11:59:16 00001160 74 3E 0A 3C 2F 70 6C 69 73 74 3E 0A 30 0D 06 09 |t>.</plist>.0...|
11:59:16 00001170 2A 86 48 86 F7 0D 01 01 01 05 00 04 82 01 00 3D |*.H............=|
11:59:16 00001180 6F 44 F0 A5 70 84 75 6D 94 93 51 5E B3 6C 76 01 |oD..p.um..Q^.lv.|
11:59:16 00001190 7E 45 63 89 54 70 BE B1 48 C4 54 B9 AD 67 8E 2D |~Ec.Tp..H.T..g.-|
11:59:16 000011A0 62 76 0E CC A6 6C AF 2A AB D8 A0 A1 E8 D7 30 F4 |bv...l.*......0.|
11:59:16 000011B0 E3 76 6D AD 60 1A 33 8D E5 2D 40 19 B3 3E F1 53 |.vm.`.3..-@..>.S|
11:59:16 000011C0 AC 9A 20 6E 07 16 76 A5 4C 96 CC 8E E1 82 FB 50 |.. n..v.L......P|
11:59:16 000011D0 85 DA 05 C9 A5 AE AC 8A 10 20 0F 15 DD 05 C0 5B |......... .....[|
11:59:16 000011E0 F1 9B 93 58 CB BC 23 C0 A1 22 94 40 3B F5 06 F6 |...X..#..".@;...|
11:59:16 000011F0 4D 9E 26 A7 F1 ED 1A A9 EC 02 7E 6E 39 46 14 05 |M.&.......~n9F..|
11:59:16 00001200 DD 00 2F 3B E8 8A A8 B0 17 A5 00 1A 4F 98 FF 36 |../;........O..6|
11:59:16 00001210 A1 8A 99 51 F9 3D 5A 99 A4 B2 DB CD 60 9D F1 B0 |...Q.=Z.....`...|
11:59:16 00001220 38 C3 D9 E5 13 8E A4 76 8C CC 32 FA AD 36 BD 4A |8......v..2..6.J|
11:59:16 00001230 5E 59 9D 39 0F D5 94 55 0C 27 CA EF 51 83 DF 83 |^Y.9...U.'\''..Q...|
11:59:16 00001240 33 D9 AF 6F B8 0F A3 B5 14 40 5E 44 4D 19 25 E5 |3..o.....@^DM.%.|
11:59:16 00001250 BE BF CB 96 12 22 DF F9 DD 41 E1 DD 21 B3 8B 21 |....."...A..!..!|
11:59:16 00001260 BB AA E9 DE D9 FC 2E A3 68 86 A0 32 4D 6F D6 EE |........h..2Mo..|
11:59:16 00001270 81 AA 21 1F F1 D9 CF AA 41 6C 81 D0 A8 EA A4 A1 |..!.....Al......|
11:59:16 00001280 82 10 CF 30 82 10 CB 06 0B 2A 86 48 86 F7 0D 01 |...0.....*.H....|
11:59:16 00001290 09 10 02 0E 31 82 10 BA 30 82 10 B6 06 09 2A 86 |....1...0.....*.|
11:59:16 000012A0 48 86 F7 0D 01 07 02 A0 82 10 A7 30 82 10 A3 02 |H..........0....|
11:59:16 000012B0 01 03 31 0B 30 09 06 05 2B 0E 03 02 1A 05 00 30 |..1.0...+......0|
11:59:16 000012C0 7A 06 0B 2A 86 48 86 F7 0D 01 09 10 01 04 A0 6B |z..*.H.........k|
11:59:16 000012D0 04 69 30 67 02 01 01 06 05 2A 03 04 05 06 30 31 |.i0g.....*....01|
11:59:16 000012E0 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 |0...`.H.e.......|
11:59:16 000012F0 20 87 83 2D 4C AD AD D9 6E C1 9E 29 70 CB 5C 0F | ..-L...n..)p...|
11:59:16 00001300 CE 89 00 1F 00 96 CA 23 BB 4D 3F 03 DB 55 F9 54 |.......#.M?..U.T|
11:59:16 00001310 98 02 08 1E B3 AD 75 C3 4A 20 29 18 0F 32 30 32 |......u.J )..202|
11:59:16 00001320 32 31 32 32 33 31 30 35 36 34 39 5A 30 03 02 01 |21223105649Z0...|
11:59:16 00001330 01 02 08 49 8E 9C 33 87 3E 26 BD A0 82 0D D0 30 |...I..3.>&.....0|
11:59:16 00001340 82 05 02 30 82 03 EA A0 03 02 01 02 02 08 66 3E |...0..........f>|
11:59:16 00001350 74 CB C8 21 6B FD 30 0D 06 09 2A 86 48 86 F7 0D |t..!k.0...*.H...|
11:59:16 00001360 01 01 0B 05 00 30 7C 31 30 30 2E 06 03 55 04 03 |.....0|100...U..|
11:59:16 00001370 0C 27 41 70 70 6C 65 20 54 69 6D 65 73 74 61 6D |.'\''Apple Timestam|
11:59:16 00001380 70 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 |p Certification |
11:59:16 00001390 41 75 74 68 6F 72 69 74 79 31 26 30 24 06 03 55 |Authority1&0$..U|
11:59:16 000013A0 04 0B 0C 1D 41 70 70 6C 65 20 43 65 72 74 69 66 |....Apple Certif|
11:59:16 000013B0 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 |ication Authorit|
11:59:16 000013C0 79 31 13 30 11 06 03 55 04 0A 0C 0A 41 70 70 6C |y1.0...U....Appl|
11:59:16 000013D0 65 20 49 6E 63 2E 31 0B 30 09 06 03 55 04 06 13 |e Inc.1.0...U...|
11:59:16 000013E0 02 55 53 30 1E 17 0D 32 32 31 32 30 31 32 32 34 |.US0...221201224|
11:59:16 000013F0 35 30 34 5A 17 0D 32 33 30 31 31 32 32 32 34 35 |504Z..2301122245|
11:59:16 00001400 30 33 5A 30 41 31 1D 30 1B 06 03 55 04 03 0C 14 |03Z0A1.0...U....|
11:59:16 00001410 54 69 6D 65 73 74 61 6D 70 20 53 69 67 6E 65 72 |Timestamp Signer|
11:59:16 00001420 20 4D 41 32 31 13 30 11 06 03 55 04 0A 0C 0A 41 | MA21.0...U....A|
11:59:16 00001430 70 70 6C 65 20 49 6E 63 2E 31 0B 30 09 06 03 55 |pple Inc.1.0...U|
11:59:16 00001440 04 06 13 02 55 53 30 82 01 22 30 0D 06 09 2A 86 |....US0.."0...*.|
11:59:16 00001450 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 |H.............0.|
11:59:16 00001460 01 0A 02 82 01 01 00 98 6C 3B 9A A4 F9 64 87 03 |........l;...d..|
11:59:16 00001470 A0 A3 DF 9B 0B D1 04 48 F8 3F BB E2 DC 1C 02 6A |.......H.?.....j|
11:59:16 00001480 02 36 AB 10 82 66 FE 58 43 F6 5B 09 16 22 41 9B |.6...f.XC.[.."A.|
11:59:16 00001490 A2 5E 31 4A AF EB 54 62 32 FB 2A 04 EB 4F 0E 9D |.^1J..Tb2.*..O..|
11:59:16 000014A0 91 A7 9A 51 0C 3D D1 8B C0 6C DF 63 3F F1 35 12 |...Q.=...l.c?.5.|
11:59:16 000014B0 45 E1 56 BF 04 44 82 4C F6 8E 86 00 98 F1 5F 74 |E.V..D.L......_t|
11:59:16 000014C0 12 03 DF 97 5B F6 67 71 70 2C AB 86 92 43 25 DE |....[.gqp,...C%.|
11:59:16 000014D0 EC A8 9D E4 D5 29 61 68 E3 BB 56 11 83 05 38 84 |.....)ah..V...8.|
11:59:16 000014E0 E4 7A BE 81 4F 6F B3 23 7B 30 A3 32 1A 03 60 4B |.z..Oo.#{0.2..`K|
11:59:16 000014F0 77 39 B6 DE 0E 44 A7 10 44 BF 14 E1 87 74 56 6C |w9...D..D....tVl|
11:59:16 00001500 C5 10 F3 E8 2C B8 9A 9B F9 80 3B D8 03 D3 EA 0A |....,.....;.....|
11:59:16 00001510 A0 11 C3 12 4D EB 5E F0 32 F7 59 7F 53 7A 88 14 |....M.^.2.Y.Sz..|
11:59:16 00001520 48 52 08 42 F9 7A BB 57 5A EA 9D CF 05 A0 83 CC |HR.B.z.WZ.......|
11:59:16 00001530 EB 40 7E 5C 11 E9 D2 05 56 A1 D2 21 FB 18 D7 1D |.@~.....V..!....|
11:59:16 00001540 FF 15 B4 3C 9E 3B B9 19 FF 05 F3 C4 0A A3 52 A0 |...<.;........R.|
11:59:16 00001550 86 73 72 4E 84 D5 91 92 7A 3F 6B CC D5 BC D2 67 |.srN....z?k....g|
11:59:16 00001560 77 03 70 25 F2 A1 91 02 03 01 00 01 A3 82 01 C1 |w.p%............|
11:59:16 00001570 30 82 01 BD 30 0C 06 03 55 1D 13 01 01 FF 04 02 |0...0...U.......|
11:59:16 00001580 30 00 30 1F 06 03 55 1D 23 04 18 30 16 80 14 34 |0.0...U.#..0...4|
11:59:16 00001590 CD 25 4E CD DE 37 85 38 A1 58 26 F8 F9 E2 29 DE |.%N..7.8.X&...).|
11:59:16 000015A0 F2 1C 93 30 82 01 0E 06 03 55 1D 20 04 82 01 05 |...0.....U. ....|
11:59:16 000015B0 30 82 01 01 30 81 FE 06 09 2A 86 48 86 F7 63 64 |0...0....*.H..cd|
11:59:16 000015C0 05 01 30 81 F0 30 28 06 08 2B 06 01 05 05 07 02 |..0..0(..+......|
11:59:16 000015D0 01 16 1C 68 74 74 70 3A 2F 2F 77 77 77 2E 61 70 |...[http://www.ap|](http://www.ap|[0m)
11:59:16 000015E0 70 6C 65 2E 63 6F 6D 2F 61 70 70 6C 65 63 61 30 |ple.com/appleca0|
11:59:16 000015F0 81 C3 06 08 2B 06 01 05 05 07 02 02 30 81 B6 0C |....+.......0...|
11:59:16 00001600 81 B3 52 65 6C 69 61 6E 63 65 20 6F 6E 20 74 68 |..Reliance on th|
11:59:16 00001610 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 62 |is certificate b|
11:59:16 00001620 79 20 61 6E 79 20 70 61 72 74 79 20 61 73 73 75 |y any party assu|
11:59:16 00001630 6D 65 73 20 61 63 63 65 70 74 61 6E 63 65 20 6F |mes acceptance o|
11:59:16 00001640 66 20 74 68 65 20 74 68 65 6E 20 61 70 70 6C 69 |f the then appli|
11:59:16 00001650 63 61 62 6C 65 20 73 74 61 6E 64 61 72 64 20 74 |cable standard t|
11:59:16 00001660 65 72 6D 73 20 61 6E 64 20 63 6F 6E 64 69 74 69 |erms and conditi|
11:59:16 00001670 6F 6E 73 20 6F 66 20 75 73 65 2C 20 63 65 72 74 |ons of use, cert|
11:59:16 00001680 69 66 69 63 61 74 65 20 70 6F 6C 69 63 79 20 61 |ificate policy a|
11:59:16 00001690 6E 64 20 63 65 72 74 69 66 69 63 61 74 69 6F 6E |nd certification|
11:59:16 000016A0 20 70 72 61 63 74 69 63 65 20 73 74 61 74 65 6D | practice statem|
11:59:16 000016B0 65 6E 74 73 2E 30 16 06 03 55 1D 25 01 01 FF 04 |ents.0...U.%....|
11:59:16 000016C0 0C 30 0A 06 08 2B 06 01 05 05 07 03 08 30 33 06 |.0...+.......03.|
11:59:16 000016D0 03 55 1D 1F 04 2C 30 2A 30 28 A0 26 A0 24 86 22 |.U...,0*0(.&.$."|
11:59:16 000016E0 68 74 74 70 3A 2F 2F 63 72 6C 2E 61 70 70 6C 65 |[http://crl.apple|](http://crl.apple|[0m)
11:59:16 000016F0 2E 63 6F 6D 2F 74 69 6D 65 73 74 61 6D 70 2E 63 |.com/timestamp.c|
11:59:16 00001700 72 6C 30 1D 06 03 55 1D 0E 04 16 04 14 18 0D 7B |rl0...U........{|
11:59:16 00001710 3B 7A ED 3F 9B 34 B4 33 91 C5 2A 72 CB 9C 7F 4A |;z.?.4.3..*r...J|
11:59:16 00001720 A4 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 07 |.0...U..........|
11:59:16 00001730 80 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 |.0...*.H........|
11:59:16 00001740 03 82 01 01 00 55 4F EB 04 3C 0B E4 85 D4 69 6B |.....UO..<....ik|
11:59:16 00001750 E4 F5 ED 2E 01 E3 AD 1F D0 01 CA 5D 7F 58 52 55 |...........].XRU|
11:59:16 00001760 5F B3 CF FC C0 81 5F 4E 62 2C CF FC AE 7F FB 36 |_....._Nb,.....6|
11:59:16 00001770 4B 3F C0 0A B7 E8 4E 22 AF 8F DE 8D BC 7B 1A AD |K?....N".....{..|
11:59:16 00001780 06 65 D8 6F FE AA C3 AC B2 D1 03 76 95 6C B4 BF |.e.o.......v.l..|
11:59:16 00001790 CC B7 27 11 10 BF D1 23 52 C2 2F A0 4E B5 21 62 |..'\''....#R./.N.!b|
11:59:16 000017A0 C2 7D 1A 6A 22 B4 77 1D E7 31 4B 5E 90 CC 3B CC |.}.j".w..1K^..;.|
11:59:16 000017B0 39 49 22 32 7E C9 AC B3 D0 A0 23 5E 08 A1 6F 8B |9I"2~.....#^..o.|
11:59:16 000017C0 0B 43 16 33 64 45 E1 33 D0 CF 8F D5 9F 2B EF 7E |.C.3dE.3.....+.~|
11:59:16 000017D0 57 1E 95 C7 78 FE 92 B3 88 F2 3D 43 3A 4D E2 9D |W...x.....=C:M..|
11:59:16 000017E0 63 BB F6 C6 4B E2 64 2A 5F 59 0A 29 44 A1 ED 87 |c...K.d*_Y.)D...|
11:59:16 000017F0 E8 6B A9 4F B4 F2 DB 47 1D B2 B3 B1 F9 D2 D1 70 |.k.O...G.......p|
11:59:16 00001800 DB 77 E5 8D 5B 4E EC 84 A2 B2 2E E2 C4 0B E8 57 |.w..[N.........W|
11:59:16 00001810 C7 68 49 A9 30 05 4F F2 B9 90 5E F7 67 A6 78 BA |.hI.0.O...^.g.x.|
11:59:16 00001820 55 A6 DA 7D BC 14 9D CC DB B1 73 25 20 5B 09 B8 |U..}......s% [..|
11:59:16 00001830 2E 5C 51 60 58 D7 49 1B 7B E1 1B 9D 0E 51 6A 60 |..Q`X.I.{....Qj`|
11:59:16 00001840 34 11 0C E6 A1 30 82 04 07 30 82 02 EF A0 03 02 |4....0...0......|
11:59:16 00001850 01 02 02 08 7D 4C 57 63 9F F3 F0 B7 30 0D 06 09 |....}LWc....0...|
11:59:16 00001860 2A 86 48 86 F7 0D 01 01 0B 05 00 30 62 31 0B 30 |*.H........0b1.0|
11:59:16 00001870 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 |...U....US1.0...|
11:59:16 00001880 55 04 0A 13 0A 41 70 70 6C 65 20 49 6E 63 2E 31 |U....Apple Inc.1|
11:59:16 00001890 26 30 24 06 03 55 04 0B 13 1D 41 70 70 6C 65 20 |&0$..U....Apple |
11:59:16 000018A0 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 |Certification Au|
11:59:16 000018B0 74 68 6F 72 69 74 79 31 16 30 14 06 03 55 04 03 |thority1.0...U..|
11:59:16 000018C0 13 0D 41 70 70 6C 65 20 52 6F 6F 74 20 43 41 30 |..Apple Root CA0|
11:59:16 000018D0 1E 17 0D 31 32 30 34 30 35 31 32 30 32 34 34 5A |...120405120244Z|
11:59:16 000018E0 17 0D 32 37 30 34 30 35 31 32 30 32 34 34 5A 30 |..270405120244Z0|
11:59:16 000018F0 7C 31 30 30 2E 06 03 55 04 03 0C 27 41 70 70 6C ||100...U...'\''Appl|
11:59:16 00001900 65 20 54 69 6D 65 73 74 61 6D 70 20 43 65 72 74 |e Timestamp Cert|
11:59:16 00001910 69 66 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 |ification Author|
11:59:16 00001920 69 74 79 31 26 30 24 06 03 55 04 0B 0C 1D 41 70 |ity1&0$..U....Ap|
11:59:16 00001930 70 6C 65 20 43 65 72 74 69 66 69 63 61 74 69 6F |ple Certificatio|
11:59:16 00001940 6E 20 41 75 74 68 6F 72 69 74 79 31 13 30 11 06 |n Authority1.0..|
11:59:16 00001950 03 55 04 0A 0C 0A 41 70 70 6C 65 20 49 6E 63 2E |.U....Apple Inc.|
11:59:16 00001960 31 0B 30 09 06 03 55 04 06 13 02 55 53 30 82 01 |1.0...U....US0..|
11:59:16 00001970 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 |"0...*.H........|
11:59:16 00001980 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 D3 77 |.....0.........w|
11:59:16 00001990 18 A1 F7 99 10 67 5C D2 2E 9E B8 8F 23 67 3E FC |.....g......#g>.|
11:59:16 000019A0 42 E2 09 7D 0A 8A B8 18 FC 73 40 2F BD C4 D8 50 |B..}.....s@/...P|
11:59:16 000019B0 C5 27 C8 FE B8 34 70 A0 0D 13 3C BD 08 4E 9A 93 |.'\''...4p...<..N..|
11:59:16 000019C0 6F 39 37 DA 9E 65 F5 B4 63 F4 90 C8 49 6D 5D 20 |o97..e..c...Im] |
11:59:16 000019D0 D3 39 FD 09 BA F4 3A F3 CE 4A 69 64 05 99 46 E0 |.9....:..Jid..F.|
11:59:16 000019E0 DA 35 C4 65 18 1E C6 16 A3 12 61 B4 2E F5 F0 89 |.5.e......a.....|
11:59:16 000019F0 0D 8C DC 3D F6 06 CF 6F 86 25 4C 09 C2 1B C8 0E |...=...o.%L.....|
11:59:16 00001A00 78 88 8D C1 22 B8 BA 21 13 9B CA EE 8A 9E DD 7B |x..."..!.......{|
11:59:16 00001A10 5B FF A3 E9 D1 A3 81 7E FE FF E6 8C 49 E4 3B 0A |[......~....I.;.|
11:59:16 00001A20 F9 10 A6 72 33 BB 2C C4 4A 5A 72 0A 39 50 74 DD |...r3.,.JZr.9Pt.|
11:59:16 00001A30 28 6E 79 5F 7E A7 A8 14 CF 56 B3 56 6C A5 E9 F0 |(ny_~....V.Vl...|
11:59:16 00001A40 C4 AE F9 EA 20 8E 18 C7 28 74 E2 08 4D 89 26 42 |.... ...(t..M.&B|
11:59:16 00001A50 79 5E F6 60 E3 45 58 A1 FB 51 49 5E 92 4A 4D B9 |y^.`.EX..QI^.JM.|
11:59:16 00001A60 EF D4 73 B5 DA 04 7B E3 52 9F CB A3 19 5D AC 6B |..s...{.R....].k|
11:59:16 00001A70 98 6C 9E E2 EC 74 2D 44 3E E0 61 3E 07 45 7E 34 |.l...t-D>.a>.E~4|
11:59:16 00001A80 75 26 98 40 9B 75 9E C8 30 ED 4B BF 77 8F 02 03 |u&[email protected]...|
11:59:16 00001A90 01 00 01 A3 81 A6 30 81 A3 30 1D 06 03 55 1D 0E |......0..0...U..|
11:59:16 00001AA0 04 16 04 14 34 CD 25 4E CD DE 37 85 38 A1 58 26 |....4.%N..7.8.X&|
11:59:16 00001AB0 F8 F9 E2 29 DE F2 1C 93 30 0F 06 03 55 1D 13 01 |...)....0...U...|
11:59:16 00001AC0 01 FF 04 05 30 03 01 01 FF 30 1F 06 03 55 1D 23 |....0....0...U.#|
11:59:16 00001AD0 04 18 30 16 80 14 2B D0 69 47 94 76 09 FE F4 6B |..0...+.iG.v...k|
11:59:16 00001AE0 8D 2E 40 A6 F7 47 4D 7F 08 5E 30 2E 06 03 55 1D |[email protected]..^0...U.|
11:59:16 00001AF0 1F 04 27 30 25 30 23 A0 21 A0 1F 86 1D 68 74 74 |..'\''0%0#.!....htt|
11:59:16 00001B00 70 3A 2F 2F 63 72 6C 2E 61 70 70 6C 65 2E 63 6F |p://crl.apple.co|
11:59:16 00001B10 6D 2F 72 6F 6F 74 2E 63 72 6C 30 0E 06 03 55 1D |m/root.crl0...U.|
11:59:16 00001B20 0F 01 01 FF 04 04 03 02 01 86 30 10 06 0A 2A 86 |..........0...*.|
11:59:16 00001B30 48 86 F7 63 64 06 02 09 04 02 05 00 30 0D 06 09 |H..cd.......0...|
11:59:16 00001B40 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 |*.H.............|
11:59:16 00001B50 36 D2 F5 DE 71 53 07 C9 23 D8 78 9B 65 BC F3 D5 |6...qS..#.x.e...|
11:59:16 00001B60 5B E9 B8 7F 1B 23 C7 A2 CF B4 A9 28 E9 F8 DD 70 |[....#.....(...p|
11:59:16 00001B70 88 21 39 F3 DB 33 9C C3 72 43 D6 3D 42 51 97 BA |.!9..3..rC.=BQ..|
11:59:16 00001B80 AD 1D 8E 92 D2 75 8B C3 5D 9C F5 CB 8C DC 6A 6A |.....u..].....jj|
11:59:16 00001B90 3A DD EB 54 7D ED 14 6B F3 D6 3E 93 C8 6D 7A 54 |:..T}..k..>..mzT|
11:59:16 00001BA0 5F F2 43 8E 10 D0 76 5C 9B 00 0C 1D 4E CA 3C CD |_.C...v.....N.<.|
11:59:16 00001BB0 FA E6 F7 C2 3E 72 B7 B8 DE E8 34 AA 15 A0 AE 5C |....>r....4.....|
11:59:16 00001BC0 67 A8 0C AC 9B 1E 65 B3 E3 0F 30 42 34 E9 AE D3 |g.....e...0B4...|
11:59:16 00001BD0 01 D3 A7 DD 42 73 75 7C 51 43 85 9A 60 10 DC AE |....Bsu|QC..`...|
11:59:16 00001BE0 27 D2 6B 67 C9 33 45 6F C9 98 1E A0 9A 7F 4D 11 |'\''.kg.3Eo......M.|
11:59:16 00001BF0 93 E1 69 FF EC 4B 45 F3 4E CA 22 0E 57 D7 22 07 |..i..KE.N.".W.".|
11:59:16 00001C00 E5 22 B4 87 E9 9C D3 45 CB 6E 3F E5 8E B8 FC 46 |.".....E.n?....F|
11:59:16 00001C10 D5 5C C9 B0 AB 05 3A 6D 37 28 A3 A8 46 65 6F 55 |......:m7(..FeoU|
11:59:16 00001C20 A1 68 88 EA 52 3E C9 F4 D4 E6 FA 3F A4 E4 26 80 |.h..R>.....?..&.|
11:59:16 00001C30 B5 3A 6B D6 C3 E5 F9 32 81 C8 32 A2 48 E1 8E 06 |.:k....2..2.H...|
11:59:16 00001C40 A3 19 E4 B3 CB 3B 4B DF E0 CC 0E B2 AF 98 D1 83 |.....;K.........|
11:59:16 00001C50 30 82 04 BB 30 82 03 A3 A0 03 02 01 02 02 01 02 |0...0...........|
11:59:16 00001C60 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 |0...*.H........0|
11:59:16 00001C70 62 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 |b1.0...U....US1.|
11:59:16 00001C80 30 11 06 03 55 04 0A 13 0A 41 70 70 6C 65 20 49 |0...U....Apple I|
11:59:16 00001C90 6E 63 2E 31 26 30 24 06 03 55 04 0B 13 1D 41 70 |nc.1&0$..U....Ap|
11:59:16 00001CA0 70 6C 65 20 43 65 72 74 69 66 69 63 61 74 69 6F |ple Certificatio|
11:59:16 00001CB0 6E 20 41 75 74 68 6F 72 69 74 79 31 16 30 14 06 |n Authority1.0..|
11:59:16 00001CC0 03 55 04 03 13 0D 41 70 70 6C 65 20 52 6F 6F 74 |.U....Apple Root|
11:59:16 00001CD0 20 43 41 30 1E 17 0D 30 36 30 34 32 35 32 31 34 | CA0...060425214|
11:59:16 00001CE0 30 33 36 5A 17 0D 33 35 30 32 30 39 32 31 34 30 |036Z..3502092140|
11:59:16 00001CF0 33 36 5A 30 62 31 0B 30 09 06 03 55 04 06 13 02 |36Z0b1.0...U....|
11:59:16 00001D00 55 53 31 13 30 11 06 03 55 04 0A 13 0A 41 70 70 |US1.0...U....App|
11:59:16 00001D10 6C 65 20 49 6E 63 2E 31 26 30 24 06 03 55 04 0B |le Inc.1&0$..U..|
11:59:16 00001D20 13 1D 41 70 70 6C 65 20 43 65 72 74 69 66 69 63 |..Apple Certific|
11:59:16 00001D30 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 |ation Authority1|
11:59:16 00001D40 16 30 14 06 03 55 04 03 13 0D 41 70 70 6C 65 20 |.0...U....Apple |
11:59:16 00001D50 52 6F 6F 74 20 43 41 30 82 01 22 30 0D 06 09 2A |Root CA0.."0...*|
11:59:16 00001D60 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 |.H.............0|
11:59:16 00001D70 82 01 0A 02 82 01 01 00 E4 91 A9 09 1F 91 DB 1E |................|
11:59:16 00001D80 47 50 EB 05 ED 5E 79 84 2D EB 36 A2 57 4C 55 EC |GP...^y.-.6.WLU.|
11:59:16 00001D90 8B 19 89 DE F9 4B 6C F5 07 AB 22 30 02 E8 18 3E |.....Kl..."0...>|
11:59:16 00001DA0 F8 50 09 D3 7F 41 A8 98 F9 D1 CA 66 9C 24 6B 11 |.P...A.....f.$k.|
11:59:16 00001DB0 D0 A3 BB E4 1B 2A C3 1F 95 9E 7A 0C A4 47 8B 5B |.....*....z..G.[|
11:59:16 00001DC0 D4 16 37 33 CB C4 0F 4D CE 14 69 D1 C9 19 72 F5 |..73...M..i...r.|
11:59:16 00001DD0 5D 0E D5 7F 5F 9B F2 25 03 BA 55 8F 4D 5D 0D F1 |]..._..%..U.M]..|
11:59:16 00001DE0 64 35 23 15 4B 15 59 1D B3 94 F7 F6 9C 9E CF 50 |d5#.K.Y........P|
11:59:16 00001DF0 BA C1 58 50 67 8F 08 B4 20 F7 CB AC 2C 20 6F 70 |..XPg... ..., op|
11:59:16 00001E00 B6 3F 01 30 8C B7 43 CF 0F 9D 3D F3 2B 49 28 1A |.?.0..C...=.+I(.|
11:59:16 00001E10 C8 FE CE B5 B9 0E D9 5E 1C D6 CB 3D B5 3A AD F4 |.......^...=.:..|
11:59:16 00001E20 0F 0E 00 92 0B B1 21 16 2E 74 D5 3C 0D DB 62 16 |......!..t.<..b.|
11:59:16 00001E30 AB A3 71 92 47 53 55 C1 AF 2F 41 B3 F8 FB E3 70 |..q.GSU../A....p|
11:59:16 00001E40 CD E6 A3 4C 45 7E 1F 4C 6B 50 96 41 89 C4 74 62 |...LE~.LkP.A..tb|
11:59:16 00001E50 0B 10 83 41 87 33 8A 81 B1 30 58 EC 5A 04 32 8C |...A.3...0X.Z.2.|
11:59:16 00001E60 68 B3 8F 1D DE 65 73 FF 67 5E 65 BC 49 D8 76 9F |h....es.g^e.I.v.|
11:59:16 00001E70 33 14 65 A1 77 94 C9 2D 02 03 01 00 01 A3 82 01 |3.e.w..-........|
11:59:16 00001E80 7A 30 82 01 76 30 0E 06 03 55 1D 0F 01 01 FF 04 |z0..v0...U......|
11:59:16 00001E90 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 |.....0...U......|
11:59:16 00001EA0 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 |.0....0...U.....|
11:59:16 00001EB0 14 2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 F7 |.+.iG.v...k..@..|
11:59:16 00001EC0 47 4D 7F 08 5E 30 1F 06 03 55 1D 23 04 18 30 16 |GM..^0...U.#..0.|
11:59:16 00001ED0 80 14 2B D0 69 47 94 76 09 FE F4 6B 8D 2E 40 A6 |..+.iG.v...k..@.|
11:59:16 00001EE0 F7 47 4D 7F 08 5E 30 82 01 11 06 03 55 1D 20 04 |.GM..^0.....U. .|
11:59:16 00001EF0 82 01 08 30 82 01 04 30 82 01 00 06 09 2A 86 48 |...0...0.....*.H|
11:59:16 00001F00 86 F7 63 64 05 01 30 81 F2 30 2A 06 08 2B 06 01 |..cd..0..0*..+..|
11:59:16 00001F10 05 05 07 02 01 16 1E 68 74 74 70 73 3A 2F 2F 77 |.......[https://w|](https://w|[0m)
11:59:16 00001F20 77 77 2E 61 70 70 6C 65 2E 63 6F 6D 2F 61 70 70 |ww.apple.com/app|
11:59:16 00001F30 6C 65 63 61 2F 30 81 C3 06 08 2B 06 01 05 05 07 |leca/0....+.....|
11:59:16 00001F40 02 02 30 81 B6 1A 81 B3 52 65 6C 69 61 6E 63 65 |..0.....Reliance|
11:59:16 00001F50 20 6F 6E 20 74 68 69 73 20 63 65 72 74 69 66 69 | on this certifi|
11:59:16 00001F60 63 61 74 65 20 62 79 20 61 6E 79 20 70 61 72 74 |cate by any part|
11:59:16 00001F70 79 20 61 73 73 75 6D 65 73 20 61 63 63 65 70 74 |y assumes accept|
11:59:16 00001F80 61 6E 63 65 20 6F 66 20 74 68 65 20 74 68 65 6E |ance of the then|
11:59:16 00001F90 20 61 70 70 6C 69 63 61 62 6C 65 20 73 74 61 6E | applicable stan|
11:59:16 00001FA0 64 61 72 64 20 74 65 72 6D 73 20 61 6E 64 20 63 |dard terms and c|
11:59:16 00001FB0 6F 6E 64 69 74 69 6F 6E 73 20 6F 66 20 75 73 65 |onditions of use|
11:59:16 00001FC0 2C 20 63 65 72 74 69 66 69 63 61 74 65 20 70 6F |, certificate po|
11:59:16 00001FD0 6C 69 63 79 20 61 6E 64 20 63 65 72 74 69 66 69 |licy and certifi|
11:59:16 00001FE0 63 61 74 69 6F 6E 20 70 72 61 63 74 69 63 65 20 |cation practice |
11:59:16 00001FF0 73 74 61 74 65 6D 65 6E 74 73 2E 30 0D 06 09 2A |statements.0...*|
11:59:16 00002000 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 5C |.H..............|
11:59:16 00002010 36 99 4C 2D 78 B7 ED 8C 9B DC F3 77 9B F2 76 D2 |6.L-x......w..v.|
11:59:16 00002020 77 30 4F C1 1F 85 83 85 1B 99 3D 47 37 F2 A9 9B |w0O.......=G7...|
11:59:16 00002030 40 8E 2C D4 B1 90 12 D8 BE F4 73 9B EE D2 64 0F |@.,.......s...d.|
11:59:16 00002040 CB 79 4F 34 D8 A2 3E F9 78 FF 6B C8 07 EC 7D 39 |.yO4..>.x.k...}9|
11:59:16 00002050 83 8B 53 20 D3 38 C4 B1 BF 9A 4F 0A 6B FF 2B FC |..S .8....O.k.+.|
11:59:16 00002060 59 A7 05 09 7C 17 40 56 11 1E 74 D3 B7 8B 23 3B |Y...|[email protected]...#;|
11:59:16 00002070 47 A3 D5 6F 24 E2 EB D1 B7 70 DF 0F 45 E1 27 CA |G..o$....p..E.'\''.|
11:59:16 00002080 F1 6D 78 ED E7 B5 17 17 A8 DC 7E 22 35 CA 25 D5 |.mx.......~"5.%.|
11:59:16 00002090 D9 0F D6 6B D4 A2 24 23 11 F7 A1 AC 8F 73 81 60 |...k..$#.....s.`|
11:59:16 000020A0 C6 1B 5B 09 2F 92 B2 F8 44 48 F0 60 38 9E 15 F5 |..[./...DH.`8...|
11:59:16 000020B0 3D 26 67 20 8A 33 6A F7 0D 82 CF DE EB A3 2F F9 |=&g .3j......./.|
11:59:16 000020C0 53 6A 5B 64 C0 63 33 77 F7 3A 07 2C 56 EB DA 0F |Sj[d.c3w.:.,V...|
11:59:16 000020D0 21 0E DA BA 73 19 4F B5 D9 36 7F C1 87 55 D9 A7 |!...s.O..6...U..|
11:59:16 000020E0 99 B9 32 42 FB D8 D5 71 9E 7E A1 52 B7 1B BD 93 |..2B...q.~.R....|
11:59:16 000020F0 42 24 12 2A C7 0F 1D B6 4D 9C 5E 63 C8 4B 80 17 |B$.*....M.^c.K..|
11:59:16 00002100 50 AA 8A D5 DA E4 FC D0 09 07 37 B0 75 75 21 31 |P.........7.uu!1|
11:59:16 00002110 82 02 3F 30 82 02 3B 02 01 01 30 81 88 30 7C 31 |..?0..;...0..0|1|
11:59:16 00002120 30 30 2E 06 03 55 04 03 0C 27 41 70 70 6C 65 20 |00...U...'\''Apple |
11:59:16 00002130 54 69 6D 65 73 74 61 6D 70 20 43 65 72 74 69 66 |Timestamp Certif|
11:59:16 00002140 69 63 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 |ication Authorit|
11:59:16 00002150 79 31 26 30 24 06 03 55 04 0B 0C 1D 41 70 70 6C |y1&0$..U....Appl|
11:59:16 00002160 65 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 |e Certification |
11:59:16 00002170 41 75 74 68 6F 72 69 74 79 31 13 30 11 06 03 55 |Authority1.0...U|
11:59:16 00002180 04 0A 0C 0A 41 70 70 6C 65 20 49 6E 63 2E 31 0B |....Apple Inc.1.|
11:59:16 00002190 30 09 06 03 55 04 06 13 02 55 53 02 08 66 3E 74 |0...U....US..f>t|
11:59:16 000021A0 CB C8 21 6B FD 30 09 06 05 2B 0E 03 02 1A 05 00 |..!k.0...+......|
11:59:16 000021B0 A0 81 8C 30 1A 06 09 2A 86 48 86 F7 0D 01 09 03 |...0...*.H......|
11:59:16 000021C0 31 0D 06 0B 2A 86 48 86 F7 0D 01 09 10 01 04 30 |1...*.H........0|
11:59:16 000021D0 1C 06 09 2A 86 48 86 F7 0D 01 09 05 31 0F 17 0D |...*.H......1...|
11:59:16 000021E0 32 32 31 32 32 33 31 30 35 36 34 39 5A 30 23 06 |221223105649Z0#.|
11:59:16 000021F0 09 2A 86 48 86 F7 0D 01 09 04 31 16 04 14 29 C7 |.*.H......1...).|
11:59:16 00002200 20 91 71 D5 5D 13 21 7D 30 0E 45 FC 2A 65 FC EA | .q.].!}0.E.*e..|
11:59:16 00002210 42 3F 30 2B 06 0B 2A 86 48 86 F7 0D 01 09 10 02 |B?0+..*.H.......|
11:59:16 00002220 0C 31 1C 30 1A 30 18 30 16 04 14 84 1D 4F 1D 30 |.1.0.0.0.....O.0|
11:59:16 00002230 92 50 40 76 B4 F1 77 59 38 96 FC E9 56 D9 77 30 |[email protected]|
11:59:16 00002240 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 04 82 |...*.H..........|
11:59:16 00002250 01 00 58 8B 00 3F 27 03 72 BF B9 79 61 15 19 10 |..X..?'\''.r..ya...|
11:59:16 00002260 AB 4A 75 F5 BD 61 18 4E E7 BE 45 59 59 09 3B EE |.Ju..a.N..EYY.;.|
11:59:16 00002270 63 53 1E FA 25 29 89 5E 73 86 D8 16 00 0C 3B DA |cS..%).^s.....;.|
11:59:16 00002280 B0 B6 C3 7C E7 84 B5 32 E2 88 1B B9 94 AC D1 B5 |...|...2........|
11:59:16 00002290 EB 72 70 B5 DE EF 4D E1 4A CD B6 92 A6 84 D2 64 |.rp...M.J......d|
11:59:16 000022A0 15 24 F3 44 31 6F 31 4C AD 1B 75 E8 36 78 AD 09 |.$.D1o1L..u.6x..|
11:59:16 000022B0 B8 6D 89 D7 BB A2 6C B5 3B 5C 04 24 30 DA 0C 01 |.m....l.;..$0...|
11:59:16 000022C0 9E F3 5B 02 04 C8 E0 85 42 AB 7F 51 3D BE CD 19 |..[.....B..Q=...|
11:59:16 000022D0 6E 4B CC 52 7F 85 44 3C 7F 28 C9 B0 CD 4C E7 AE |nK.R..D<.(...L..|
11:59:16 000022E0 1D 4A B1 08 39 4F 65 7B C3 91 A5 ED B0 3F 47 70 |.J..9Oe{.....?Gp|
11:59:16 000022F0 39 98 31 A3 C8 8F 47 91 6D 63 90 F3 9B 29 BA C2 |9.1...G.mc...)..|
11:59:16 00002300 F9 A7 8D E9 69 C6 CF 07 F0 33 75 66 01 6B BB 79 |....i....3uf.k.y|
11:59:16 00002310 37 87 CF 9D D4 D9 C8 3D 4D 0C 91 50 25 A9 01 B2 |7......=M..P%...|
11:59:16 00002320 98 1E 33 96 49 22 26 CB 02 4C 94 E2 11 78 D5 79 |..3.I"&..L...x.y|
11:59:16 00002330 6D 84 9D 90 75 43 02 A0 AA 4B 53 26 83 97 C6 DB |m...uC...KS&....|
11:59:16 00002340 63 F7 EE 52 79 1E 31 03 4C 42 DE F4 5C 55 71 D4 |c..Ry.1.LB...Uq.|
11:59:16 00002350 F2 15 00 00 00 00 00 00 |........|
11:59:16 00002358'
As seen in this article some tools, as ditto or tar more effectively preserve the extended attributes, including the signing, in non-Mach-o scripts and files. The problem is the only program that actually does something to the file is packagesbuild, which bundles the package.
In a new found tutorial there are some minor changes, permissions for the script are 0744 and not 0755 and the optional argument to codesign --identifier, which gives the name of the identifier if the script is signed. To make the package it uses munkipkg instead of packagesbuild, and that is probably where the signing error lies.
Proposed solution
An issue has been done, #2006 to change the tool with which macOS packages are built, but as it will probably take a long time, some other solution must be found. It has not been tested yet, but a possible solution could be compressing with tar the script after signing it and decompressing it in the post-install script, as, according to this article, tar preserves the extended attributes of the files/
Update
Added code to compress and decompress the Login Item using tar in branch https://github.com/wazuh/wazuh-jenkins/tree/1917-macos-package-generation-fixes-jenkins . The package builder has been left running creating a package with the new code: https://ci.wazuh.info/view/Packages/job/Packages_builder_macos/8483.
Back in progress due to closing https://github.com/wazuh/wazuh-packages/issues/1962
Update
After some tests, it has been proved that tar preserves the extended attributes where the sign of the script is. The compressing and decompressing of the file still need to be done correctly.
sh-3.2# ls /Library/StartupItems/WAZUH/
StartupParameters.plist Wazuh.tar
sh-3.2# tar xvf /Library/StartupItems/WAZUH/Wazuh.tar --cd /Library/StartupItems/WAZUH/
x Library/StartupItems/WAZUH/Wazuh
sh-3.2# codesign -dv --verbose=4 /Library/StartupItems/WAZUH/Library/StartupItems/WAZUH/Wazuh
Executable=/Library/StartupItems/WAZUH/Library/StartupItems/WAZUH/Wazuh
Identifier=com.wazuh.example
Format=generic
CodeDirectory v=20200 size=273 flags=0x10000(runtime) hashes=1+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=79e60e39763f6058b461d87ee286ab0e19ecc29c
CandidateCDHashFull sha1=79e60e39763f6058b461d87ee286ab0e19ecc29c
CandidateCDHash sha256=92bb8fd39447b9f0fea216c3616c74f9d845c8b5
CandidateCDHashFull sha256=92bb8fd39447b9f0fea216c3616c74f9d845c8b5a720e17c3766e6a6082e8235
Hash choices=sha1,sha256
CMSDigest=988680ab0b5c326478a13710c8ae48e95f3ca590e63353f27608b3c992096df9
CMSDigestType=2
Page size=none
Launch Constraints:
None
CDHash=92bb8fd39447b9f0fea216c3616c74f9d845c8b5
Signature size=9049
Authority=Developer ID Application: Wazuh Inc (KLZK8P68R5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jan 13, 2023 at 4:08:24 PM
Info.plist=not bound
TeamIdentifier=KLZK8P68R5
Sealed Resources=none
Internal requirements count=1 size=180
sh-3.2#
With the last changes, script Wazuh in /Library/StartupItems/WAZUH has managed to be signed ,as can be seen in this log:
ec2-user@ip-172-31-43-176 ~ % installer -pkg wazuh-agent-4.5.0-1917.pkg -target /
installer: Must be run as root to install this package.
ec2-user@ip-172-31-43-176 ~ % sudo installer -pkg wazuh-agent-4.5.0-1917.pkg -target /
installer: Package name is Wazuh Agent
installer: Installing at base path /
installer: The install was successful.
ec2-user@ip-172-31-43-176 ~ % /Library/Ossec/bin/wazuh-control start
zsh: permission denied: /Library/Ossec/bin/wazuh-control
ec2-user@ip-172-31-43-176 ~ % sudo /Library/Ossec/bin/wazuh-control start
2023/01/16 16:06:38 wazuh-agentd: ERROR: (4112): Invalid server address found: 'MANAGER_IP'
2023/01/16 16:06:38 wazuh-agentd: CRITICAL: (1215): No client configured. Exiting.
wazuh-agentd: Configuration error. Exiting
ec2-user@ip-172-31-43-176 ~ % sudo defaults write /var/db/launchd.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist
ec2-user@ip-172-31-43-176 ~ % sudo su
sh-3.2# /usr/bin/dscl . -passwd /Users/ec2-user
New Password:
sh-3.2# ls /Library/StartupItems/WAZUH/
StartupParameters.plist Wazuh Wazuh.tar
sh-3.2# xattr -l /Library/StartupItems/WAZUH/
sh-3.2# xattr -l /Library/StartupItems/WAZUH/Wazuh
com.apple.cs.CodeDirectory: ��
com.apple.cs.CodeEntitlements: ��qq
com.apple.cs.CodeRequirements: ��
com.apple.cs.CodeRequirements-1: ��
��0�10pl`�He.CodeSignature: 0� *�H��
sh-3.2# codesign -dv -v /Library/StartupItems/WAZUH/Wazuh
Executable=/Library/StartupItems/WAZUH/Wazuh
Identifier=com.wazuh.example
Format=generic
CodeDirectory v=20200 size=273 flags=0x10000(runtime) hashes=1+5 location=embedded
Signature size=9049
Authority=Developer ID Application: Wazuh Inc (KLZK8P68R5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jan 16, 2023 at 2:27:47 PM
Info.plist=not bound
TeamIdentifier=KLZK8P68R5
Sealed Resources=none
Internal requirements count=1 size=180
When checking the settings to for the Login Item, it still appears as coming from an Unidentifed developer and when checking why it can be seen the script to which the Launch Item points is some launcher.sh, which isn`t installed, and has appeared at the installation with no mention to it:
sh-3.2# cat /Library/LaunchDaemons/com.wazuh.agent.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.wazuh.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/StartupItems/WAZUH/launcher.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
This version of com.wazuh.agent.plist doesn't appear either on the source code or the packages repository and is the only stopper for the fix at this moment.
On the other hand, the code for the program used to bundle the package has finally been found, it is https://github.com/packagesdev/packages, and it has an open issue on the fact that extended attributes are not preserved. A new commentary has been written there.
To try and test if the solution of signing the script will actually work, com.wazuh.agent.plist has been changed after installation to point to the actual script in /Library/StartupItems/WAZUH, but, even after a restart, the settings don't change and the name of the Startup Item shown is launcher.sh.
sh-3.2# cat /Library/LaunchDaemons/com.wazuh.agent.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.wazuh.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/StartupItems/WAZUH/Wazuh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
sh-3.2# codesign -dv -verbose=4 /Library/StartupItems/WAZUH/Wazuh
/Library/StartupItems/WAZUH/Wazuh: operation inapplicable or not supported for this type of code
sh-3.2# codesign -dv -v /Library/StartupItems/WAZUH/Wazuh
Executable=/Library/StartupItems/WAZUH/Wazuh
Identifier=com.wazuh.example
Format=generic
CodeDirectory v=20200 size=273 flags=0x10000(runtime) hashes=1+5 location=embedded
Signature size=9049
Authority=Developer ID Application: Wazuh Inc (KLZK8P68R5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jan 16, 2023 at 2:27:47 PM
Info.plist=not bound
TeamIdentifier=KLZK8P68R5
Sealed Resources=none
Internal requirements count=1 size=180
sh-3.2#
The part where com.wazuh.agent.plist was overwritten has been found to be script darwin-init.sh in the source code. After removing the call to it (everything it does overlaps the new way of creating the Login Items), some errors have been appearing and more debugging has been needed. A correct build has finally finished, tomorrow the testing will be done.
The test has been done with the package created yesterday and the installation finishes correctly. The Startup Item is correctly signed, but the Launch daemon isn't, as it hasn't been compressed and decompressed. The Login Item still shows Unidentified developer, which may be because of the unsigned Launch Daemon.
sh-3.2# codesign -dv -v /Library/StartupItems/WAZUH/Wazuh
Executable=/Library/StartupItems/WAZUH/Wazuh
Identifier=com.wazuh.example
Format=generic
CodeDirectory v=20200 size=273 flags=0x10000(runtime) hashes=1+5 location=embedded
Signature size=9049
Authority=Developer ID Application: Wazuh Inc (KLZK8P68R5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jan 17, 2023 at 5:18:49 PM
Info.plist=not bound
TeamIdentifier=KLZK8P68R5
Sealed Resources=none
Internal requirements count=2 size=228
sh-3.2#
sh-3.2# codesign -dv -v /Library/LaunchDaemons/com.wazuh.agent.plist
/Library/LaunchDaemons/com.wazuh.agent.plist: code object is not signed at all
sh-3.2#
The issue is still on hold because of https://github.com/wazuh/wazuh-jenkins/issues/4652, as no tests can be done yet on the MacMini
Update
Finally, with the latest changes, both files used for the Login Item, /Library/StartupItems/WAZUH/Wazuh and /Library/LaunchDaemons/com.wazuh.agent.plist have been signed, but it has been tested this does not solve the issue of the Login Item appearing as coming from an Unidentified Developer.
sh-3.2# codesign -dv /Library/LaunchDaemons/com.wazuh.agent.plist
Executable=/Library/LaunchDaemons/com.wazuh.agent.plist
Identifier=com.wazuh.example
Format=generic
CodeDirectory v=20200 size=273 flags=0x10000(runtime) hashes=1+5 location=embedded
Signature size=9049
Timestamp=Jan 19, 2023 at 11:32:44 AM
Info.plist=not bound
TeamIdentifier=KLZK8P68R5
Sealed Resources=none
Internal requirements count=1 size=180
sh-3.2# codesign -dv /Library/StartupItems/WAZUH/Wazuh
Executable=/Library/StartupItems/WAZUH/Wazuh
Identifier=com.wazuh.example
Format=generic
CodeDirectory v=20200 size=273 flags=0x10000(runtime) hashes=1+5 location=embedded
Signature size=9048
Timestamp=Jan 19, 2023 at 11:32:43 AM
Info.plist=not bound
TeamIdentifier=KLZK8P68R5
Sealed Resources=none
Internal requirements count=2 size=228
sh-3.2#
On hold waiting for an answer on the forums https://developer.apple.com/forums/thread/721918