• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Expiration of Developer ID Installer certificates
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Expiration of Developer ID Installer certificates

  • Subject: Re: Expiration of Developer ID Installer certificates
  • From: Rob Prentiss <email@hidden>
  • Date: Fri, 11 Aug 2017 12:59:03 -0700
Did you do a fresh download of the installer package?

Gatekeeper will only prevent you from opening an installer or app when the file
has just been downloaded, or otherwise has the `com.apple.quarantine` extended
attribute set. After you've opened the package once, the attribute value is
cleared, and gatekeeper don't check anymore.

Also, why the arguments on this?  Why not just re-sign the packages with a
valid (non-expired) certificate? Certificates expire for a reason.

—
Rob

On Aug 10, 2017, 1:02 PM -0700, Brian Kendall <email@hidden>, wrote:
> Prema et al,
>
> > On Aug 4, 2017, at 2:32 AM, Prema Kumar <email@hidden> wrote:
> >
> > Hi,
> > According to the following link new installations will not work.
> >
> > https://developer.apple.com/support/certificates/
> > Read the section "Developer ID Installer Certificate (Mac applications)”
>
> I've read the text, and the reason for my earlier email to this list (and I
> believe for Paul as well) is that even though this page reads:
>
> > • Developer ID Installer Certificate (Mac applications)
> > If your certificate expires, users can no longer launch installer packages
> > for your Mac applications that were signed with this certificate.
> > Previously installed apps will continue to run however new installations
> > will not be possible until you have re-signed your installer package with a
> > valid Developer ID Installer certificate. If your certificate has been
> > revoked, users will no longer be able to install applications that have
> > been signed with this certificate.
>
> ... that doesn't actually appear to be true! As I said in my previous email,
> I set the clock forward past my certificate's expiration date on both a macOS
> 10.11 and 10.12 system and was still able to run my installer. In 10.11 it
> even said the certificate was expired if I clicked the lock icon in
> Installer.app but otherwise I could run the installer.
>
> So clearly we have a situation where my results do not line up with Apple's
> documentation. So I'm wondering, what is the explanation for this? Do I
> actually need to resign all of my old installers, or will users continue to
> be able to use them?
>
> Regards,
> - Brian
>

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Expiration of Developer ID Installer certificates
      • From: Stephane Sudre <email@hidden>
References: 
 >Re: Expiration of Developer ID Installer certificates (From: Brian Kendall <email@hidden>)
 >Re: Expiration of Developer ID Installer certificates (From: Prema Kumar <email@hidden>)
 >Re: Expiration of Developer ID Installer certificates (From: Brian Kendall <email@hidden>)

  • Prev by Date: Re: Distribution package has incorrect download percentage
  • Next by Date: Re: Expiration of Developer ID Installer certificates
  • Previous by thread: Re: Expiration of Developer ID Installer certificates
  • Next by thread: Re: Expiration of Developer ID Installer certificates
  • Index(es):
    • Date
    • Thread