site_archiver@lists.apple.com Delivered-To: Installer-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YysUkd9gDFxHE+H0LaIdAsR4GESRbv5Xdr9Bkt0J5ak=; b=G91E0+LFvMsG+WkM0kYeuYT8hrD0En3//8waE4nA4wQ80lVVfStmGJBxhVGkZKDaH3 3eJmsEK5W97b37Mhc8J7hSgZFC6KpB+sPwa5ME6SLvABTzfal9UsEghH/f3JvZfmU0GS H/RFRAi/I+uchweeAByS3LsvCJONRpsmOb57a4VQXbzkmstSgmVHrJaYqLDiHjFyUgm5 KLqwsvVQT9fGA1mSPjiJPRSizUaAFzT02r1SUUHij/8xUDgsJpfMHAmfQt2AyVcq2uJT jFUhEVvD0dB0hm+mlM8DcUsddXxTpNynGUd4xTc0gpibvQpMDUs1zLk4PQBErMa2UhgS fIGA== On Sat, Aug 12, 2017 at 7:43 PM, Rob Prentiss <rob@prentiss.name> wrote:
Yes, but Installer doesn’t stop you from installing something with an expired signature. Gatekeeper does.
This is not what I've been observing so far. Here's what I've observed so far: - Gatekeeper does not prevent someone from installing a distribution with an expired certificate. - Installer.app can present an alert sheet that states that the certificate has expired when you open a distribution. Evidence #1: OS X 10.10.5 - Installer.app 6.1.0 (815) - A flat distribution with an expired certificate and the com.apple.quarantine extended attribute set. 1. Open the disk image 2. Open the distribution. => No Gatekeeper alert. The only way to notice that the certificate has expired is to click on the Installer.app document window Lock button (the one with a visual bug in OS X 10.10.5) Evidence #2: Mac OS X 10.7.6 - Installer.app 5.0.1 (538) The same flat distribution with the expired certificate and the com.apple.quarantine extended attribute set. 1. Open the disk image 2. Open the distribution. => An alert sheet is displayed for the Installer.app document window stating: "xxxxx was signed with a certificate that has expired. If you acquired this package recently, it may not be authentic. Do you want to continue with the installation anyway? [ Show Certificate ] [ Cancel ] [ Continue ]" To remove any doubt, this is not related to Gatekeeper quarantine flag: 1. __Remove__ the com.apple.quarantine extended attribute with xattr on the disk image. 2. Open the disk image. 3. Open the distribution. => The alert sheet is displayed for the Installer.app document window. Depending on the version of Installer.appm, it does behave differently when a distribution or package is signed with an expired certificate. I don't have access to 10.5, 10.6, 10.8 and 10.9 OS partitions at this time, so I can't check whether one of these OS X version exhibits a different behavior that the ones already reported. _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com