> There is no need for an online connection. There is some misunderstanding of what the certificate is. It has no online connection dependency. It is a developer certification that is extremely common on macOS apps. The cert only caused an issue because we let it expire. We now have strict processes in place to maintain the certification
The article also says that the expired certificate breaks auto updates. What kind of certificate is this exactly?
Without a signature, Gatekeeper will throw up a dialog saying "This app could contain malware" or something to that effect.
If you're using other libraries, such as the Sparkle Framework (a popular macOS Objective-C(?) library for updater logic), I believe you have to sign those as well.
That said, the autoupdater may have technically been a second .app bundled within the main one and trying to launch it resulted in a failure to recognise the certificate.
As far as I understand, certain compilers such as Go are signed themselves and technically fiddle with created binaries in an above-board way that they pass Apple's requirements, otherwise you would have to explicitly allow them to run every time.
Having signed some open-source apps myself though, I didn't realise that certificates could retroactively expire. I haven't tried but I assumed that you would just be unable to sign new versions.
If you compile hello-world.c into a binary then it will have a placeholder (ad-hoc) signature that was signed by an "empty" key that can never expire. The Go compiler isn't doing anything special. By default all binaries are signed this way unless they were compiled with the explicit intention of App Store distribution.
And the above does not apply to .app bundles.
The valid dates for code signing certificates apply, naturally, to signing. You can't sign an app anymore with an expired certificate, but if an old app was signed with a cert that was valid at the time of signing, then the app will continue functioning forever.
This issue was just a dumb screwup by Logitech. If apps stopped functioning when the signing cert expired, you'd see Mac apps dying all the time.
What does that even mean? What exactly are you saying is not true?
It's not at all helpful or informative to keep saying "does not apply," as if that meant anything by itself.
You walked by half listening to a conversation, stuck your head in the room and said something tangentially related but more confusing.
There are distribution and development certificates that can all be used for signing a binary. Different rules for each, and there's also auto-signed (com.apple.provenance). It's all documented on Apple's website if you want to read more about it. But I suspect you already know this and are just trying to pick a fight.
The crucial point is this: there are no builds that expire on macOS. Developer ID signed builds do not expire. Ad hoc signed builds do not expire. When the Developer ID code signing certificate expires, it cannot be used to sign new builds, but the old builds last forever. Build expiration is not a thing in any case.
So when spondryl asked, "Just to be clear, you're saying that .app bundles (and CLI tools) distributed outside of the App Store (and CLI tools) will continue to operate once the expiration date of the signing certificate has passed?" and you responded "No, sorry. That's not what I'm saying." that was actually confusing, not what I said.
The only reason the Logitech software died is that Logitech itself was doing some custom and badly designed validation above and beyond anything that macOS itself does. Your mention of App Store apps and CLI tools was itself a tangent and completely irrelevant to the issue.
I enjoyed my trip to Micro Center today to finally ditch Logitech after those buttons stopped working. Put up with Options for over a decade because at least it did the one thing I needed.
Looks like that would do the one thing I need, and I’m finding the grass to be just as brown with Razer Synapse is it is with LogiOptions.
Neywiny•4w ago
simulator5g•4w ago
Neywiny•4w ago
danpalmer•4w ago
Neywiny•4w ago
danpalmer•4w ago