Menu
▾
▴
Re: [Gimp-print-devel] Looking for testers
|
From: Steve L. <sle...@ya...> - 2020-12-10 18:40:08
|
Matt,
Thanks. We make a great team. As you found, I did not sign the package. Doing that gave me results that matched Michael's 5.3.3. I replaced the disk image in snapshots. If you would can find the time I'd appreciate anything more you can do to verify it.
Steve Letter You're never to old to learn something stupid. -- unknown
On Thursday, December 10, 2020, 08:34:43 AM EST, Matt Broughton <wal...@ma...> wrote:
> On Dec 9, 2020, at 9:57 PM, Matt Broughton <wal...@ma...> wrote:
>
> Try running
> spctl -a -vvv <path to disk image> and
> spctl -a -vvv -t execute <path to package>
>
> also
>
> codesign -dv <path to disk image> and
> codesign -dv <path to package>
>
> That should give you the answer or some indication.
>
> I'll try to look at things tomorrow.
>
> Matt
>
>
>> On Dec 9, 2020, at 9:13 PM, Steve Letter <sle...@ya...> wrote:
>>
>> My understanding, everything underneath gets notarized but that’s why I am asking for testers.
>>
>> Steve Letter
>> Sent from my Symbolics Lisp Machine using rmail.
I am showing that nothing has been notarized. I am a bit confused as to the responce of codesign that the package has not been signed. pkgutil shows that the installer at least has a valid signature
Last login: Thu Dec 10 07:07:00 on ttys000
Borodin:~ matt$ spctl -a -vvv /Users/matt/Downloads/gutenprint-5.3.4-2.dmg
/Users/matt/Downloads/gutenprint-5.3.4-2.dmg: rejected
source=no usable signature
Borodin:~ matt$ codesign -dv /Users/matt/Downloads/gutenprint-5.3.4-2.dmg
/Users/matt/Downloads/gutenprint-5.3.4-2.dmg: code object is not signed at all
Borodin:~ matt$
Borodin:~ matt$
Borodin:~ matt$ spctl -a -vvv /Volumes/gutenprint-5.3.4/gutenprint-5.3.4.pkg
/Volumes/gutenprint-5.3.4/gutenprint-5.3.4.pkg: rejected
source=no usable signature
Borodin:~ matt$
Borodin:~ matt$ codesign -dv /Volumes/gutenprint-5.3.4/gutenprint-5.3.4.pkg
/Volumes/gutenprint-5.3.4/gutenprint-5.3.4.pkg: code object is not signed at all
Borodin:~ matt$
Borodin:~ matt$ pkgutil --check-signature /Volumes/gutenprint-5.3.4/gutenprint-5.3.4.pkg
Package "gutenprint-5.3.4.pkg":
Status: signed by a certificate trusted by Mac OS X
Certificate Chain:
1. Developer ID Installer: Stephen Letter (63GMK36MRC)
SHA1 fingerprint: 8C 21 B8 23 C2 C7 3F C4 53 F5 A6 2E 98 AE 59 62 52 A3 A0 BF
-----------------------------------------------------------------------------
2. Developer ID Certification Authority
SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60
Borodin:~ matt$
Matt
>>
>>> On Dec 9, 2020, at 8:31 PM, Matt <wal...@ma...> wrote:
>>>
>>>
>>>> On Dec 9, 2020, at 1:49 PM, Steve Letter via Gimp-print-devel <gim...@li...> wrote:
>>>>
>>>> I have available for testing an allegedly notarized disk image of gutenprint-5.3.4. Where should I upload it to? It is the same build (but different date / time) as the one I uploaded the other day.
>>>>
>>>> Steve Letter
>>>
>>> I didn’t know you had to sign the disk image. I thought it was only the installer or any code. If the disk image image is notarized, does that also notarize the installer? Do you have the commands to check for notarization? I can always post them.
>>> Matt
>>
>
|
