Ticket #596 (closed usability: worksforme)
XQuartz-2.7.2 pkg has invalid signature on Mountain Lion GM
| Reported by: | gregneagle@… | Owned by: | jeremyhu@… |
|---|---|---|---|
| Priority: | Not Set | Milestone: | 2.7.3 |
| Component: | X11.pkg | Version: | 2.7.2 (xserver-1.12.2) |
| Keywords: | Cc: |
Description
Attempting to install XQuartz-2.7.2 on Mountain Lion GM gives this result:
# installer -pkg /Volumes/XQuartz-2.7.2/XQuartz.pkg -target /
installer: Package name is XQuartz 2.7.2 installer: Certificate used to sign package is not trusted. Use -allowUntrusted to override.
On Lion, pkgutil reports it has a valid signature:
# pkgutil --check-signature /Volumes/XQuartz-2.7.2/XQuartz.pkg Package "XQuartz.pkg":
Status: signed by a certificate trusted by Mac OS X Certificate Chain:
- Developer ID Installer: Apple Inc. - XQuartz
- Developer ID Certification Authority
- Apple Root CA
On Mountain Lion GM:
# pkgutil --check-signature /Volumes/XQuartz-2.7.2/XQuartz.pkg Package "XQuartz.pkg":
Status: invalid signature
This may actually be a Mountain Lion bug, but thought it best to report here as well.
Change History
comment:1 Changed 11 months ago by jeremyhu@…
- Status changed from new to closed
- Resolution set to worksforme
- Milestone set to 2.7.3
comment:2 Changed 11 months ago by gregneagle@…
Have not had issues with any other packages; just did a complete rebuild of a machine with Mountain Lion GM (released late yesterday) and installed ~150 packages without incident.
Very strange. Downloaded a new copy of the dmg from http://xquartz.macosforge.org/downloads/SL/XQuartz-2.7.2.dmg and tested on a second Mountain Lion machine with the same result:
"Status: invalid signature"
I'm not going to file a Radar until/unless I can reproduce this with another package.
comment:4 Changed 10 months ago by gregneagle@…
Filed Bug ID# 11970185 with Apple. This is definitely an Apple bug, but may not affect all signed packages; XQuartz-2.7.2.pkg was the first package I found that exhibited this issue.
Lion machine:
gneagle@moss:~ % sudo -s Password: root@moss:~ # su root sh-3.2# whoami root sh-3.2# sw_vers ProductName: Mac OS X ProductVersion: 10.7.4 BuildVersion: 11E53 sh-3.2# pkgutil --check-signature XQuartz.pkg Package "XQuartz.pkg":
Status: signed by a certificate trusted by Mac OS X Certificate Chain:
- Developer ID Installer: Apple Inc. - XQuartz
- Developer ID Certification Authority
- Apple Root CA
sh-3.2#
Mountain Lion machine:
gneagle@dredd:~ % sudo -s Password: root@dredd:~ # su root sh-3.2# whoami root sh-3.2# sw_vers ProductName: Mac OS X ProductVersion: 10.8 BuildVersion: 12A269 sh-3.2# pkgutil --check-signature XQuartz.pkg Package "XQuartz.pkg":
Status: invalid signature
sh-3.2#
Please file a radar at http://bugreport.apple.com and include your full system profile. Have you had trouble with any other packages?
It seems to be working fine here (on Mountain Lion):
$ pkgutil --check-signature /Volumes/XQuartz-2.7.2/XQuartz.pkg Package "XQuartz.pkg" Package "XQuartz.pkg": Status: signed by a certificate trusted by Mac OS X Certificate Chain: 1. Developer ID Installer: Apple Inc. - XQuartz SHA1 fingerprint: D7 16 0E A9 7B 4D 04 AB F9 E6 90 61 F3 69 87 5D 4D B5 C0 8A ----------------------------------------------------------------------------- 2. Developer ID Certification Authority SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86 ----------------------------------------------------------------------------- 3. Apple Root CA SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60I'm closing this. Please report the radar number, and I will CC myself on it.