Is VLC signed correctly?

macOS specific usage questions
jprokos
New Cone
New Cone
Posts: 7
Joined: 13 Dec 2015 16:43

Is VLC signed correctly?

Postby jprokos » 13 Dec 2015 21:05

I am having some strange behavior on El Capitan.

I get this result when checking it before it's been dropped into the Applications folder:

Code: Select all

Evaluating the application “VLC”. The application was signed by “Apple Root CA”, “Developer ID Application: VideoLAN”. Both the verified timestamp and the signing-time are: Apr 14, 2015, 3:08:40 PM. The object code format is “bundle with Mach-O thin (x86_64)”. The signature contains the Team ID “75GAHG3SZQ”. Both bundle and signing identifiers are “org.videolan.vlc”. The signature specifies explicit requirements.  The requirements specify the Team ID “75GAHG3SZQ”. This matches the Team ID contained in the signature. The signature specifies resource rules (v1).  The signature specifies resource rules (v2).  Requirements and resources validate correctly. The code signature has the UUID “0CB5E68D-EE00-BEED-6792-F2EB5F9749EC”. Executable code for x86_64 has the UUID “43B44830-0CE6-3A7F-89BA-FE86CDB6C3F4”. The code signature contains a snapshot of the application’s Info.plist.  Version 2.2.1 (2.2.1) The code signature contains 3 certificates.  Certificate “Apple Root CA”:  Your keychain contains this trusted root certificate. Will expire on Feb 9, 2035. Certificate “Developer ID Certification Authority”:  Will expire on Feb 1, 2027. Certificate “Developer ID Application: VideoLAN”:  Will expire on May 9, 2017. SHA1 fingerprint: “1332CE54080C2091AB8CEB4D64F164D283C33B16”. Team ID or Organizational Unit: “75GAHG3SZQ”. This matches the Team ID contained in the signature. The application is probably from an authorized Apple Developer. The application is not sandboxed. The application is quarantined.  ➤ One symbolic link is broken!   There are 3 embedded frameworks.  307 auxiliary executables have been found.  95 data files have executable permissions, but should not.   307 executables are signed by “Apple Root CA”, “Developer ID Application: VideoLAN”.  303 executable files have no executable permissions, but should.  
And I get this after VLC has been dropped into the Applications folder:

Code: Select all

Evaluating the application “VLC”. The application was signed by “Apple Root CA”, “Developer ID Application: VideoLAN”. Both the verified timestamp and the signing-time are: Apr 14, 2015, 3:08:40 PM. The object code format is “bundle with Mach-O thin (x86_64)”. The signature contains the Team ID “75GAHG3SZQ”. Both bundle and signing identifiers are “org.videolan.vlc”. The signature specifies explicit requirements.  The requirements specify the Team ID “75GAHG3SZQ”. This matches the Team ID contained in the signature. The signature specifies resource rules (v1).  The signature specifies resource rules (v2).  Caution: some resources were added after signing!   The code signature has the UUID “0CB5E68D-EE00-BEED-6792-F2EB5F9749EC”. Executable code for x86_64 has the UUID “43B44830-0CE6-3A7F-89BA-FE86CDB6C3F4”. The code signature contains a snapshot of the application’s Info.plist.  Version 2.2.1 (2.2.1) The code signature contains 3 certificates.  Certificate “Apple Root CA”:  Your keychain contains this trusted root certificate. Will expire on Feb 9, 2035. Certificate “Developer ID Certification Authority”:  Will expire on Feb 1, 2027. Certificate “Developer ID Application: VideoLAN”:  Will expire on May 9, 2017. SHA1 fingerprint: “1332CE54080C2091AB8CEB4D64F164D283C33B16”. Team ID or Organizational Unit: “75GAHG3SZQ”. This matches the Team ID contained in the signature. The application is probably from an authorized Apple Developer. The application is running with process ID 1447. The process has status flags set (valid). The process passes dynamic validation. The application is not sandboxed. ➤ One symbolic link is broken!   There are 3 embedded frameworks.  307 auxiliary executables have been found.  95 data files have executable permissions, but should not.   307 executables are signed by “Apple Root CA”, “Developer ID Application: VideoLAN”.  303 executable files have no executable permissions, but should.  

jprokos
New Cone
New Cone
Posts: 7
Joined: 13 Dec 2015 16:43

Re: Is VLC signed correctly?

Postby jprokos » 13 Dec 2015 21:08

I forgot to write that the second result shows a caution: When I look at the detailed view it says this:

Code: Select all

Error details: “-67054: a sealed resource is missing or invalid” { Resources added: Contents/MacOS/plugins/plugins.dat }
The information on this result says:
"Resources added after codesigning may not be a security risk, but may be due to a misplaced build step or in-place updaters."

fkuehne
Developer
Developer
Posts: 7265
Joined: 16 Mar 2004 19:37
VLC version: 0.4.6 - present
Operating System: Darwin
Location: Germany
Contact:

Re: Is VLC signed correctly?

Postby fkuehne » 19 Dec 2015 12:57

Yep, this is a problem in 2.2.1 and earlier. This is resolved in 2.2.2 and later (which will be out within days from now).

VLC includes a cache for all the plugins it includes (note: virtually any feature is a plugin) and that cache was regenerated on every run, which was both useless and broke the GateKeeper signature. This is fixed now.
VideoLAN
Felix Paul Kühne
Medic. VLC developer for appleOS since before you were born.
Blog: https://www.feepk.net


Return to “VLC media player for macOS Troubleshooting”

Who is online

Users browsing this forum: No registered users and 46 guests