Mac OS X App should be signed by a valid developer key

Farshid Ghods added a comment - 22/Nov/12 9:10 AM Chris, do you know what needs to change on the build machine to embed our developer key ?

J Chris Anderson added a comment - 22/Nov/12 9:34 AM I have no idea. I could start researching how to get a key from Apple but maybe after the weekend. :)

Farshid Ghods added a comment - 22/Nov/12 9:41 AM we can discuss this next week : ) . Thanks for reporting the issue Chris.

Steve Yen added a comment - 26/Nov/12 1:25 PM we'll want separate, related bugs (tasks) for other platforms, too (windows, linux)

Jens Alfke added a comment - 30/Nov/12 3:21 PM We need to get a developer ID from Apple; this will give us some kind of cert, and a local private key for signing. Then we need to figure out how to get that key and cert onto the build machine, in the Keychain of the account that runs the buildbot.

Farshid Ghods added a comment - 02/Jan/13 1:33 PM the instructions to build is available here : https://github.com/couchbase/couchdbx-app we need to add codesign as a build step there

Farshid Ghods added a comment - 22/Jan/13 2:29 PM Phil, do you have any update on this ticket. ?

Phil Labee added a comment - 22/Jan/13 8:31 PM I have signing cert installed on 10.17.21.150 (MacBuild). Change to Makefile: http://review.couchbase.org/#/c/24149/

Phil Labee added a comment - 23/Jan/13 7:20 PM need to change master.cfg and pass env.var. to package-mac

Phil Labee added a comment - 29/Jan/13 12:54 PM disregard previous. Have added signing to Xcode projects. see http://review.couchbase.org/#/c/24273/

Phil Labee added a comment - 31/Jan/13 9:39 AM To test this go to System Preferences / Security & Privacy, and on the General tab set "Allow applications downloaded from" to "Mac App Store and Identified Developers". Set this before running Couchbase Server.app the first time. Once an app has been allowed to run this setting is no longer checked for that app, and there doesn't seem to be a way to reset that. What is odd is that on my system, I allowed one unsigned build to run before restricting the app run setting, and then no other unsigned builds would be checked (and would all be allowed to run). Either there is a flaw in my testing methodology, or a serious weakness in this security setting: Just because one app called Couchbase Server was allowed to run should confer this privilege to other apps with the same name. A common malware tactic is to modify a trusted app and distribute it as update, and if the security setting keys off the app name it will do nothing to prevent that. I'm approving this change without having satisfactorily tested it.

Jens Alfke added a comment - 31/Jan/13 11:42 AM Strictly speaking it's not the app name but its bundle ID, i.e. "com.couchbase.CouchbaseServer" or whatever we use. > I allowed one unsigned build to run before restricting the app run setting, and then no other unsigned builds would be checked By OK'ing an unsigned app you're basically agreeing to toss security out the window, at least for that app. This feature is really just a workaround for older apps. By OK'ing the app you're not really saying "yes, I trust this build of this app" so much as "yes, I agree to run this app even though I don't trust it". > A common malware tactic is to modify a trusted app and distribute it as update If it's a trusted app it's hopefully been signed, so the user wouldn't have had to waive signature checking for it.

Jens Alfke added a comment - 31/Jan/13 11:45 AM Further thought: It might be a good idea to change the bundle ID in the new signed version of the app, because users of 2.0 with strict security settings have presumably already bypassed security on the unsigned version.

Jin Lim added a comment - 04/Feb/13 3:16 PM Per bug scrubs, keep this a blocker since customers ran into this issues (and originally reported it).

Phil Labee added a comment - 06/Feb/13 6:19 PM revert the change so that builds can complete. App is currently not being signed.

Farshid Ghods added a comment - 11/Feb/13 12:25 PM i suggest for 2.0.1 release we do this build manually.

Jin Lim added a comment - 11/Feb/13 2:35 PM As one-off fix, add the signature manually and automate the required steps later in 2.0.2 or beyond.

Jin Lim added a comment - 13/Feb/13 4:09 PM Please move this bug to 2.0.2 after populating the required signature manually. I am lowing the severity to critical for it isn't no longer a blocking issue.

Farshid Ghods added a comment - 15/Feb/13 5:18 PM Phil to upload the binary to latestbuilds , ( 2.0.1-101-rel.zip )

Phil Labee added a comment - 15/Feb/13 6:03 PM Please verify: http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip

Phil Labee added a comment - 15/Feb/13 6:06 PM uploaded: http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip I can rename it when uploading for release.

Farshid Ghods added a comment - 17/Feb/13 11:17 PM i still do get the error that it is from an identified developer.

Phil Labee added a comment - 18/Feb/13 11:19 AM operator error. I rebuilt the app, this time verifying that the codesign step occurred. Uploaded now file to same location: http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip

Phil Labee added a comment - 26/Feb/13 6:54 PM still need to perform manual workaround

Phil Labee added a comment - 04/Mar/13 3:06 PM release candidate has been uploaded to: http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-172-signed.zip

Wayne Siu added a comment - 03/Apr/13 1:55 PM - edited Phil, looks like version 172/185 is still getting the error. My Mac version is 10.8.2

Thuan Nguyen added a comment - 03/Apr/13 3:07 PM - edited Install couchbase server (build 2.0.1-172 community version) in my mac osx 10.7.4 , I only see the warning message

Wayne Siu added a comment - 03/Apr/13 7:58 PM Latest version (04.03.13) : http://builds.hq.northscale.net/latestbuilds/couchbase-server-community_x86_64_2.0.1-185-rel.zip

Maria McDuff added a comment - 03/Apr/13 8:22 PM works in 10.7 but not in 10.8. if we can get the fix for 10.8 by tomorrow, end of day, QE is willing to test for release on tuesday, april 9.

Phil Labee added a comment - 04/Apr/13 11:34 AM The mac builds are not being automatically signed, so build 185 is not signed. The original 172 is also not signed. Did you try      http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-172-signed.zip to see if that was signed correctly?

Wayne Siu added a comment - 04/Apr/13 2:02 PM Phil, Yes, we did try the 172-signed version. It works on 10.7 but not 10.8. Can you take a look?

Phil Labee added a comment - 04/Apr/13 4:09 PM I rebuilt 2.0.1-185 and uploaded a signed app to:      http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-185-rel.SIGNED.zip Test on a machine that has never had Couchbase Server installed, and has the security setting to only allow Appstore or signed apps. If you get the "Couchbase Server.app was downloaded from the internet" warning and you can click OK and install it, then this bug is fixed. The quarantining of files downloaded by a browser is part of the operating system and is not controlled by signing.

Wayne Siu added a comment - 04/Apr/13 6:08 PM - edited Tried the 185-signed version (see attached screen shot). Same error message.

Phil Labee added a comment - 04/Apr/13 7:20 PM This is not an error message related to this bug.

Maria McDuff added a comment - 14/May/13 1:18 PM per bug triage, we need to have mac 10.8 osx working since it is a supported platform (published in the website).

Wayne Siu added a comment - 29/May/13 9:04 PM Work Around: Step One Hold down the Control key and click the application icon. From the contextual menu choose Open. Step Two A popup will appear asking you to confirm this action. Click the Open button.

Anil Kumar added a comment - 31/May/13 12:13 PM we need to address signed key for both Windows and Mac deferring this to next release.