Thursday, March 28, 2024
spot_img

OS X 10.9.5 Gatekeeper Code Signing issues

Gatekeeper 10.9.5 being a tight-arse? Yep…

This issue won’t affect most people, but it has affected some. If you have applications you run that are code signed on a computer running a version of OS X earlier than 10.9.x you may find they no longer open.

This article on TAUW explains the issue in detail.

The standard work around is to go into the Gatekeeper settings and set it to allow opening of applications downloaded from anywhere. If you use that method, you may want to set it back to one of the other two options if you’re concerned about you or someone else (children, for instance) running apps not approved by Apple on your computer.

Com apple preference security r

Another option is to right-click (two-finger click) the application, and click “Open” in the context menu. Here’s a random example of what that menu looks like, when right-clicking or two-finger clicking on an application:

Right click example

 

But apparently there are cases when this may not work. I’ve seen, for instance, numerous reports of people receiving a message such as, “This patch seems to be corrupted. Please make sure you get your patchers from a trusted source. If you believe you did, try uncompressing it with Mac OS X’s Archive Utility.”

I can’t say it’s a message the makes much sense to me. What is a “patcher” and what has the Mac OS X Archive Utility got to do with it? Well, whatever the case, here’s a possible solution:

Fixing the “This patch seems to be corrupted” issue

The following link will give you a 10.9.4 version of the Code sign file that was replaced in 10.9.5.

Download this file, and make the following changes to your system.

1) Go to the /usr/bin/ folder (you’ll need to make sure Show Hidden items is activated in Finder’s View menu (if you don’t have that option, look up online how to turn on hidden files, or install XtraFinder). Or just use the Go menu in Finder, then Go to folder, and past in /usr/bin/

2) Locate the file called codesign

3) Rename it to codesign.1094  (just tack .1094 on the end of the file name)

You will need to enter you system password (the one you use to log into your computer with). You will need to do this at various stages in this process, so just go ahead a enter it each time.

4) Drag or copy/paste the downloaded codesign file into the /usr/bin/ folder.

The end result will look something like this: (ignore the codesign.je file—that was me testing another solution to this issue)

Codesign replacement

You should now be able to open your troublesome apps and patchers.

Security Warning

For the average Apple user, I don’t recommend leaving this 10.9.4 codesign file in place. Use it for what you need to get done, and then rename it to something like codesign.1094 and then take the 1095 off the original file you named codesign.1095 at the beginning of this process. Basically, put things back to how they were. There’s no problem leaving a copy of the codesign.1094 file in that /bin folder, in case you need it again.

Of course, if you feel comfortable foregoing Apple’s pre-cautious code-signing changes, then leave the 10.9.4 file there if that suits you better. I see no reason to though.

 

UPDATE: Translating a page I found in German, I gather the “patchers” referred to by the above-mentioned error message are “Special K” software patchers (to get around registration requirements, etc.). I can’t tell if there are legal “patchers” but since the OS X generated error message refers to “patchers” I can only assume they must be.

Recent Articles

spot_img

Related Stories

38 Comments

  1. I tried opening the Special K patch using this method above on mac 10.10 (yosemite)
    Unfortunately it did not work… it got around the “This patch seems to be corrupted” issue… but then it says eyePatch quit unexpectedly.

    So… not sure what the real issue is here.

    • I ran a test on 10.9.5 and it works. Well, at least with the patch I obtained for the test.
      But I can’t attest to whether it will work with all patchers, nor whether it will work on 10.10 as I am not presently using Yosemite.
      I suspect the code-signing and verification architecture in Yosemite may be sufficiently different from 10.9.5 that replacing the codesign file won’t work on that OS version.
      If it’s important enough to you, it might be worth installing OS X 10.9.5 on a Virtual Machine, and doing what you need on there. Or, perhaps even simpler, buy whatever software you are feeding the Special K to. 🙂

  2. There’s a much easier way using Pacifist and the original Mavericks install dvd:

    1- With Pacifist, open Mavericks original install dvd
    2- Search for folder “usr”
    3- Open usr > bin
    4- Locate file “codesign” and extract it to your mac desktop
    5- From the Finder menu: Go > Go to Folder > /usr/bin/
    6- Replace file “codesign” with the one you just extracted

    • Thanks for your input Marc. This is certain another option, although I’d hardly call it “much easier”. Most people don’t have Pacifist, or even know what it is. Many people don’t have a Mavericks DVD or ESD install file on hand. Therefore, I suspect the vast majority of people will find it much easier to just download the file I’ve posted on 4Shared. Of course, each to their own… and yes, for those people with Pacifist and a Mavericks install DVD or ESD file the option you’ve posted will work. Cheers…

  3. Please don’t email asking me to email you this codesign file. If you can’t figure out how to download it from 4shared, I can only suggest you get some help doing that.

    • Hi, i’ve downloaded the codedesign file. But the file is kinda document file , not unix file. Then i tried to play around the patch, it quit unexpectedly ! Can you help? Thank you

      • Actually, the file should be a “Unix Executable File”, not a document file. It has no name extension.
        I am not able to help any further. Whatever the “patch” is you are trying to run, perhaps it has issues. I really can’t say. Sorry, and good luck.

      • Hi Louis,
        You need to change the ownership and privileges of the file, using the excellent Batchmod (just Google it, it’s free). Locate the file, check the R, W and X under “owner” and press apply. Done.

        • Thank you Marc, i followed your instruction and it’s work. The document file become unix file after changing permission.
          Big thank to Jonathan, i resolved my problem with patcher in 10.9.5. Long live to best-mac-tips.com . Cheers

          • Glad it worked out for you Louis. Permissions issues was what came to mind, although I hadn’t the time to spell it out. Thanks Marc for your input. Batchmod sounds like a quite easy way to change permissions. I’ll check it out too.

  4. Hi All,

    not able to execute and patch my files on Macosx 10.10

    From a German website the working method:

    cd /usr/bin
    sudo mv codesign codesign.bak
    sudo nano codesign

    past the following content into it:

    ==

    #!/bin/sh
    
    echo "$@" >> /tmp/codesign.log
    exit 0

    ==
    Exit nano. Then in Terminal issue following command to change set the correct permissions.

    sudo chmod ugo+x codesign

    Now you will be able to patch anything you want.
    Remember to rollback as soon as you finish by renaming the fake codesign file to something easy to identify, and renaming the codesign.bak file to codesign.

    • Hi Simon,
      I also came across that solution when I first investigated this codesign problem. I tried that approach and had no success with it.
      If people get that to work on 10.9.5 or 10.10, please post a reply saying so. Perhaps it was just a mistake in how I went about it. Although I did attempt it three or four times. It should work, according to my understanding of it.
      Good luck.

      P.S. I’ll modify your post a little, so the terminal commands are clear.

      • Yes, just copy/paste each line into Terminal at the command prompt. Except for the three lines of code that are pasted into the nano editor, into the newly created codesign file.

    • Hi Mohamed. It is fine to delete the codesign.1094 file, if you don’t think you’ll be needing it again. It is serving no function when it has that name. Only codesign (without .1094 or any other name extension) is used by the OS.
      (P.S. FYI… As your other two messages don’t make much sense, and this latest message indicates you got it all sorted anyway, I won’t bother displaying them).

  5. Hi guys. I can’t understand how to “rollback as soon as you finish by renaming the fake codesign file to something easy to identify, and renaming the codesign.bak file to codesign.” Where is that file to rename or delete?

    • In the process of implementing this work-around, you are taking the original /usr/bin/codesign file and renaming it to /use/bin/codesign.bak if using Simon’s instructions, or if using my instructions you will have renamed it to codesign.1095

      If you were using Simon’s instructions (in Terminal) the following command is what renamed the original codesign file:

      sudo mv codesign codesign.bak

      So, to roll it back to it’s original name, use this command:

      sudo mv codesign.bak codesign

      and, by the way, if you don’t wish to be prompted about whether or not you wish to replace the existing (the fake) codesign file, add -f

      sudo mv -f codesign codesign.bak

      Good luck. AND make sure you get it right, because if you lose your codesign file your system will have massive issues until you get a replacement.

        • Hi Michael, Unless I have misunderstood you, actually that command has renamed the original file (codesign) to codesign.bak
          It does not replace the original, just renames it. So currently codesign.bak is your original. You simply rename it back to codesign and that’s that.

          • My intention was to do a roll back, so I had both codesign and codesign.bak. Running the command renamed codesign to codesign.bak, which replaced the old codesign.bak (my backup). I checked the contents.

            I guess the command should be sudo mv -f codesign.bak codesign instead of sudo mv -f codesign codesign.bak ?

            No worries, I grabbed the original file from recovery HD.

          • sudo mv -f codesign.bak codesign

            will rename codesign.bak to codesign

            sudo mv -f codesign codesign.bak

            will rename codesign to codesign.bak
            If you wish to create a backup of the original codesign file you would use the

            sudo mv -f codesign codesign.bak

            command. When you wish to reinstate the original (backed up) file, you would use

            sudo mv -f codesign.bak codesign
  6. For those who need it on spanish:

    Como correr “Special K” patches en Yosemite?

    1.- Abrir la app “Terminal” (Spotlight, escribir Terminal y dar enter)
    2.- En la Terminal, escribir y dar enter: (Estamos yendo al directorio)

    cd /usr/bin

    3.- Escribir: (Estamos renombrando codesign a codesign.bak, para tener un respaldo del archivo original)

    sudo mv codesign codesign.bak

    4.- Escribir y dar enter: (Estamos creando un nuevo archivo de texto con el nombre codesign)

    sudo nano codesign

    5.- Esto abrirá un un programa en Terminal para editar el archivo que estamos creando, dentro de el escribir: (Nota que existe una linea en blanco entre la primera linea y las otras dos)

    #!/bin/sh

    echo “$@” >> /tmp/codesign.log
 exit 0

    6.- Salir y guardar los cambios, apretar la tecla Ctrl y Q al mismo tiempo, y luego escribir “Y”. (Nota no cerrar la Terminal)
    4.- Escribir y dar enter: (Estamos cambiando los permisos del nuevo archivo creado)

    sudo chmod ugo+x codesign

    7.- Utilizar el PATCH de Special K
    8.- Regresar como estaba el archivo original, escribir en terminal: (Estamos sobre-escribiendo el archivo original, para dejar todo como estaba)

    sudo mv -f codesign codesign.bak

    9.- LISTO !!!

      • De nada, solo un detalle en el No 8.- el comando no es ese sino este: sudo mv -f codesign.bak codesign

        De cualquier modo, respalden primero el archivo codesign antes de cualquier cosa en un USB o algo.

        Espero que les sirva a los que hablamos español.

        • Hola, he intentado abrir un patch de special K y aun no he podido con todos los pasos que an puesto para hacerlo en Yosemite llevo horas intentando y lo único que me sale ahora es esta leyenda (eye patch se a cerrado inesperadamente) ayuda profavor! 🙁

          • Desafortunadamente este no es el lugar para el soporte técnico en la obtención de software de manera ilegal. Sólo puedo sugerir que usted compra el software que usted está tratando de remendar. Lo siento.

  7. It worked for me, but I had to change the permissions on the replacement file to root:wheel 755 (same as original codesign)

    back up code-sign executable just in case:

    sudo cp -p /usr/bin/codesign ~/Desktop/

    the -p flag will preserve attributes.

Leave a Reply to Andrey Valentsov Cancel reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox