Nightly builds not working on macOS High Sierra

• Oct 4, 2017 - 18:24
Reported version
2.2
Type
Functional
Severity
S4 - Minor
Status
closed
Project
MuseScore

Unlike MuseScore's official releases, nightly builds are not signed and so are treated as "untrusted" on macOS. In previous versions of macOS, users could run untrusted programs by right-clicking on them in the Applications folder, but this is no longer possible in macOS High Sierra.

Attempting to run a nightly build on macOS High Sierra results in this error:

file-damaged.png

There are two ways to proceed:

  1. manually add the application to a list of exceptions
    • sudo spctl --add /Applications/MuseScoreNightly.app
  2. completely disable the Gatekeeper developer verification utility
    • sudo spctl --master-disable

Executing the command in (1) gives the error "invalid API object reference", and attempting to run the nightly gives the same "application damaged" message as before.

Executing (2) gives no error, and the nightly is no longer flagged as damaged. However, it now fails to run with the attached problem report. The key lines appear to be:

Dyld Error Message:
  Library not loaded: [...]/QtDesigner
  Reason: no suitable image found.  Did find:
    [...]/QtDesigner: code signature invalid for '[...]/QtDesigner'

Note: nightlies that were installed before the update to High Sierra continue to run fine, and can even be uninstalled and re-installed using method (2). It seems either Gatekeeper recognises that the program was previously trusted and so should still be trusted, or something has changed in the recent nightlies that causes them to not be trusted anymore.

Attachment Size
problem-report.txt 1.97 KB

Comments

Oct 4, 2017 - 19:24

It's /Applications. Mac's have ~/Applications too, but it's rarely used; everything goes in the public Applications folder rather than the per-user Applications folder by default, like /usr/bin vs ~/bin on Linux.

Reply

Oct 17, 2017 - 16:09

I managed to reproduce the bug under High Sierra.
When checking the code signature, the response is:
$ codesign -vv QtDesigner
QtDesigner: CSSMERR_TP_CERT_EXPIRED
In architecture: x86_64

And these are the code signature details of the file:
$ codesign -dv --verbose=4 QtDesigner
Executable=/Applications/MuseScoreNightly.app/Contents/Frameworks/QtDesigner.framework/Versions/5/QtDesigner
Identifier=org.qt-project.QtDesigner
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=40441 flags=0x0(none) hashes=1258+3 location=embedded
OSPlatform=36
OSSDKVersion=657920
OSVersionMin=657152
Hash type=sha256 size=32
CandidateCDHash sha1=f0fa10891bfb213cf58d1d17200254cb6f4d5d71
CandidateCDHash sha256=0f2a0afb15f94172904acbf649f82a9d65b828bb
Hash choices=sha1,sha256
Page size=4096
CDHash=0f2a0afb15f94172904acbf649f82a9d65b828bb
Signature size=8893
Authority=(unavailable)
Info.plist=not bound
TeamIdentifier=6EPAF2X3PR
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=188

For comparison, here are the details for the same file of the build shared by shoogle with the link above:
$ codesign -vv QtDesigner
QtDesigner: valid on disk
QtDesigner: satisfies its Designated Requirement
and
$ codesign -dv --verbose=4 QtDesigner
Executable=/Applications/MuseScoreNightly_good.app/Contents/Frameworks/QtDesigner.framework/Versions/5/QtDesigner
Identifier=org.qt-project.QtDesigner
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=40441 flags=0x0(none) hashes=1258+3 location=embedded
OSPlatform=36
OSSDKVersion=657920
OSVersionMin=657152
Hash type=sha256 size=32
CandidateCDHash sha1=f0fa10891bfb213cf58d1d17200254cb6f4d5d71
CandidateCDHash sha256=0f2a0afb15f94172904acbf649f82a9d65b828bb
Hash choices=sha1,sha256
Page size=4096
CDHash=0f2a0afb15f94172904acbf649f82a9d65b828bb
Signature size=8892
Authority=Developer ID Application: MuseScore
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=21 Jul 2017 at 05:51:14
Info.plist entries=8
TeamIdentifier=6EPAF2X3PR
Sealed Resources version=2 rules=12 files=1
Internal requirements count=1 size=188

The parts in bold (or at least with a different font; I used the "<b>" tag, but the preview is not showing a bold font) are different in the two versions. It appears that also the signature size is different (8892 and 8893) from this output log.

Reply

Oct 18, 2017 - 12:30

I think I found what is causing the problem.
I tried to analyze the certificates with
codesign --display --extract-certificates /Application/MuseScoreNightly.app
(and visualizing with openssl x509 -inform DER -in codesign* -text)
and the new builds do not give any certificate output.
However, when analyzing the certificates from the old build from shoogle's link (i.e. the working one), there are three certificates and one of them, MuseScore Developer ID Application, expired on July 29th:
Issuer: CN=Developer ID Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US
Validity
Not Before: Jul 28 09:05:10 2012 GMT
Not After : Jul 29 09:05:10 2017 GMT
Subject: UID=6EPAF2X3PR, CN=Developer ID Application: MuseScore, OU=6EPAF2X3PR, O=MuseScore, C=BE
Apparently, all the executables created after the expiration of this certificate are not working (at least in High Sierra).

Reply

Oct 28, 2017 - 11:49

The latest master build should now work on High Sierra. I'm still on Sierra but they now used an updated certificate. Next build for 2.2 branch should also work. If anyone could confirm, it would be great!

Reply

Oct 28, 2017 - 16:19

Thanks! The nightly for 10b9111 installs and runs fine on High Sierra. It seems to crash quite often, but presumably this is for a different reason.

Side note: it would be nice to have the .app files for master and 2.2 nightlies named differently as I like to have both installed at once. They are currently both called "MuseScoreNightly.app", which causes conflicts. It's possible to rename them manually, but it would be nice if it was automatic.

Reply