Couchbase

Couchbase http://www.couchbase.com/issues This file is an XML representation of an issue en-us

5.2.4

845

26-12-2012

[MB-7250] Mac OS X App should be signed by a valid developer key http://www.couchbase.com/issues/browse/MB-7250 Couchbase Server Currently launching the Mac OS X version tells you it's from an unidentified developer. You have to right click to launch the app. We can fix this. MB-7250

Mac OS X App should be signed by a valid developer key

Improvement Blocker In Progress Unresolved Public Phil Labee J Chris Anderson Thu, 22 Nov 2012 08:57:59 -0600 Thu, 16 May 2013 18:12:06 -0500 2.0-beta-2 2.0.2 2.0.2 build 0 6 Chris, do you know what needs to change on the build machine to embed our developer key ? I have no idea. I could start researching how to get a key from Apple but maybe after the weekend. :) we can discuss this next week : ) . Thanks for reporting the issue Chris. we'll want separate, related bugs (tasks) for other platforms, too (windows, linux) We need to get a developer ID from Apple; this will give us some kind of cert, and a local private key for signing. Then we need to figure out how to get that key and cert onto the build machine, in the Keychain of the account that runs the buildbot. the instructions to build is available here : <a href="https://github.com/couchbase/couchdbx-app">https://github.com/couchbase/couchdbx-app</a> we need to add codesign as a build step there Phil, do you have any update on this ticket. ? I have signing cert installed on 10.17.21.150 (MacBuild). Change to Makefile: <a href="http://review.couchbase.org/#/c/24149/">http://review.couchbase.org/#/c/24149/</a> need to change master.cfg and pass env.var. to package-mac disregard previous. Have added signing to Xcode projects. see <a href="http://review.couchbase.org/#/c/24273/">http://review.couchbase.org/#/c/24273/</a> To test this go to System Preferences / Security & Privacy, and on the General tab set "Allow applications downloaded from" to "Mac App Store and Identified Developers". Set this before running Couchbase Server.app the first time. Once an app has been allowed to run this setting is no longer checked for that app, and there doesn't seem to be a way to reset that. What is odd is that on my system, I allowed one unsigned build to run before restricting the app run setting, and then no other unsigned builds would be checked (and would all be allowed to run). Either there is a flaw in my testing methodology, or a serious weakness in this security setting: Just because one app called Couchbase Server was allowed to run should confer this privilege to other apps with the same name. A common malware tactic is to modify a trusted app and distribute it as update, and if the security setting keys off the app name it will do nothing to prevent that. I'm approving this change without having satisfactorily tested it. Strictly speaking it's not the app name but its bundle ID, i.e. "com.couchbase.CouchbaseServer" or whatever we use. > I allowed one unsigned build to run before restricting the app run setting, and then no other unsigned builds would be checked By OK'ing an unsigned app you're basically agreeing to toss security out the window, at least for that app. This feature is really just a workaround for older apps. By OK'ing the app you're not really saying "yes, I trust this build of this app" so much as "yes, I agree to run this app even though I don't trust it". > A common malware tactic is to modify a trusted app and distribute it as update If it's a trusted app it's hopefully been signed, so the user wouldn't have had to waive signature checking for it. Further thought: It might be a good idea to change the bundle ID in the new signed version of the app, because users of 2.0 with strict security settings have presumably already bypassed security on the unsigned version. Per bug scrubs, keep this a blocker since customers ran into this issues (and originally reported it). revert the change so that builds can complete. App is currently not being signed. i suggest for 2.0.1 release we do this build manually. As one-off fix, add the signature manually and automate the required steps later in 2.0.2 or beyond. Please move this bug to 2.0.2 after populating the required signature manually. I am lowing the severity to critical for it isn't no longer a blocking issue. Phil to upload the binary to latestbuilds , ( 2.0.1-101-rel.zip ) Please verify: <a href="http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip">http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip</a> uploaded: <a href="http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip">http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip</a> I can rename it when uploading for release. i still do get the error that it is from an identified developer. operator error. I rebuilt the app, this time verifying that the codesign step occurred. Uploaded now file to same location: <a href="http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip">http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-160-rel-signed.zip</a> still need to perform manual workaround release candidate has been uploaded to: <a href="http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-172-signed.zip">http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-172-signed.zip</a> Phil, looks like version 172/185 is still getting the error. My Mac version is 10.8.2 Install couchbase server (build 2.0.1-172 community version) in my mac osx 10.7.4 , I only see the warning message Latest version (04.03.13) : <a href="http://builds.hq.northscale.net/latestbuilds/couchbase-server-community_x86_64_2.0.1-185-rel.zip">http://builds.hq.northscale.net/latestbuilds/couchbase-server-community_x86_64_2.0.1-185-rel.zip</a> works in 10.7 but not in 10.8. if we can get the fix for 10.8 by tomorrow, end of day, QE is willing to test for release on tuesday, april 9. The mac builds are not being automatically signed, so build 185 is not signed. The original 172 is also not signed. Did you try     <a href="http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-172-signed.zip">http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-172-signed.zip</a> to see if that was signed correctly? Phil, Yes, we did try the 172-signed version. It works on 10.7 but not 10.8. Can you take a look? I rebuilt 2.0.1-185 and uploaded a signed app to:     <a href="http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-185-rel.SIGNED.zip">http://packages.northscale.com/latestbuilds/couchbase-server-community_x86_64_2.0.1-185-rel.SIGNED.zip</a> Test on a machine that has never had Couchbase Server installed, and has the security setting to only allow Appstore or signed apps. If you get the "Couchbase Server.app was downloaded from the internet" warning and you can click OK and install it, then this bug is fixed. The quarantining of files downloaded by a browser is part of the operating system and is not controlled by signing. Tried the 185-signed version (see attached screen shot). Same error message. This is not an error message related to this bug. per bug triage, we need to have mac 10.8 osx working since it is a supported platform (published in the website). Date of First Response Thu, 22 Nov 2012 09:10:32 -0600 Rank 93 Sprint 15 Sprint Priority 5.0 Sprint Status