0

We've a mono app that we sign and bundle into an app on OSX. Our app accesses the keychain for stored passwords, stored using the app name

This works fine, until we perform an upgrade. On upgrade we replace the .app contents with the (also signed) contents of the upgrade zip file.

However, when the app attempts to access the keychain before, we have NULLs returned in place of our stored passwords. We have found:

  • Running codesign -vvv against the upgraded app shows the signature is valid.
  • If we reboot the box, the app can access the keychain fine.
  • If the app is unsigned the upgrade and keychain access works fine.

So if there a step I'm missing in the signing / upgrade? Is there a service I can restart that would solve it?

Update:

  • after the update, the keychain call to retrieve credentials returns 'AuthFailed' after reboot we get 'Success'
penderi
  • 8,673
  • 5
  • 45
  • 62

1 Answers1

0

We finally managed to get the answer and, as ever with coding, once we fully understood the situation the cause was obvious.

Our auto-upgrade process replaces the contents of the OSX .app A .app 'file' is just an archive/directory so it's contents can be replaced in-situ by the auto-upgrade An assets that don't match those signed will cause a signing issue

SO, just ensure the contents of the .app file matches the signed version. We had a single app version that contained an old file no longer used. As it wasn't being deleted the contents didn't match the signature.

penderi
  • 8,673
  • 5
  • 45
  • 62