LockRattler 3, LogLogger 5d, and signature silliness

The Good News is that I have now posted a new version of LockRattler, 3.0, which should (fingers crossed) be properly signed. This is available from the pages about LockRattler 2, and here: lockrattler32

(6 February 2017 – updated to version 3.2.)

I had hoped that this version would also run in El Capitan. However, that is more easily said than done, as the current version of Xcode (which supports Swift 3) does not include the SDK for El Capitan support. I seriously doubt whether it will ever be possible for this app in its present form to run under El Capitan.

The Bad News is that I have posted a new version of LogLogger, 5d, which should be properly signed. Although it is – and checking it using a tool such as Objective-See’s What’s Your Sign? will confirm this – it still fails Gatekeeper’s checks. When you have downloaded it, the first time that you run it you will (most probably) need to use Finder’s Open command. Once it has been run that once, as it is correctly signed, it should run fine thereafter.

LogLogger 5d – which is identical in what it does to version 5b – is available here: loglogger5d

The Strange Story

Apps should now have their code signed. The signature has two functions: one provides a check that everything in the app is present and correct, and has not been tampered with or corrupted. The other establishes that the developer who has signed the app has proper credentials with Apple, and is not some evil malware author somewhere.

LockRattler is a Swift app built with the latest version of Apple’s own developer toolkit Xcode. This provides full support for the automatic signing of apps, but as I have written elsewhere, getting that to work is often counter-intuitive. The settings system is intricate, and prone to failure even when you think that you have done all the right things.

I have no idea why, but somewhere in my building the release version of LockRattler 2, it appears that something mysterious in the signature became broken. I cannot understand how this happened, because, just as with this updated version 3, when I checked the app using What’s Your Sign?, it was reported as being validly signed. Both versions 2 and 3. Yet version 2 was failed by Gatekeeper (at least on some Macs), and could not be run the first time simply by double-clicking.

sillysign1

It is also quite hard to check whether there is a problem. Gatekeeper only checks apps which have been downloaded from the internet, the first time that they are run. When I build a new version of an app here, it is not downloaded, so Gatekeeper doesn’t check it. To get Gatekeeper to check it, as it would for you when you have downloaded it, I have to download it too.

sillysign2

Anyway, as far as I can tell here, LockRattler 3 should run fine. I have also reconfigured it so that it should run fine under both El Capitan and Sierra.

LogLogger is a different issue, as it is an AppleScript app built using Script Debugger. That superb development tool has a much simpler option which signs apps when you wish, which worked in the past when I was having problems getting Xcode to sign properly.

sillysign3

Using What’s Your Sign? shows that LogLogger 5d is validly signed, thanks to Script Debugger. But despite that, if you download it to your Mac, unZip it, and then double-click it to run the app, chances are that you will be told that it is from an unidentified developer, and can’t be run.

sillysign4

The way around this, of course, is to select the app icon in the Finder, and use the Finder’s Open command to run LogLogger the first time. You’ll then be presented with this dialog, in which you should click the Open button.

sillysign5

Once LogLogger has been run the first time on that Mac, Gatekeeper no longer checks it, although the signature is still checked when the app is launched. So you won’t have to go through the Finder Open process again.

So here’s my mystery: two apps, both checked out and validly signed, both signed using the same developer’s ID. One now runs fine through Gatekeeper’s checks, but the other doesn’t, claiming that the developer is “unidentified”. It looks like there’s something broken in Gatekeeper, doesn’t it?