Monday, April 16, 2012

RB App Checker Lite 1.0

Rainer Brockerhoff:

RB App Checker Lite helps users and developers to check code signatures and receipts for applications from any source. It will show certificates, requirements and entitlements, cross-check all this information for consistency, and check that the application’s resources have not been altered after signing.

The user interface has too many popovers for my taste, but it looks like a big improvement over using codesign in Terminal. It would be nice to see support for checking the Gatekeeper compatibility with older versions of Mac OS X.

5 Comments RSS · Twitter

Thanks for the mention, Michael.

The Gatekeeper compatibility check - if I understood what you mean - is hard to do. I think I would have to parse and analyze the requirements _and_ check them against several sets of root certificates, one for every past version of Mac OS X... a lot of work to obtain I suppose, since the oldest version I still have is 10.6.8.

Parsing and displaying the requirements in a better way is on my list for the next version, though.

@Rainer Yes, it would be a lot of work. However, if the alternative is for the user/developer to boot into different OS versions and exercise various keychain tests, there’s lots of potential time that your app could save. Most of us don’t understand this stuff very well, so it would be nice to have assurance from an expert.

@Michael, looking at the Fetch Softworks link, it appears that one of the problems (beyond eventual changes in the certificates themselves) is compatilibity with the compiled binary of the requirements.

Unfortunately the binary is compiled/decompiled by the security framework - if you look at the csreq source, it's just a thin shell for calls to the framework. The binary format is not published so I suppose there's no way to check if it's compatible, nor would there be a way to fix it, beyond compiling on 10.5.8.

Suggestions welcome...

@Rainer Thanks for looking into it.

[…] Previously: RB App Checker Lite 1.0. […]

Leave a Comment