OS X Gatekeeper warning when launching Capture One
Hi All,
I'm running Capture One Pro 8.3.3 on Yosemite 10.10.5. I thought I would post about my issue here in case someone else has encountered it or has already had a support case about it.
Every time I launch Capture One, I get a Gatekeeper warning stating "CrashReporter.app can't be opened because it is from an unidentified developer." I get the same behavior on my tethering system (also 10.10.5) which had C1 installed from the same download. I see that CrashReporter.app is indeed part of the 'Capture One.app' bundle in the Contents/Resources folder. Some basic Google searching also showed that CrashReporter.app appeared bundled with other applications besides Capture One.
Overall, I have no significant security concerns about this since CrashReporter.app seems to be legitimate. I would just like to get rid of the OS X Gatekeeper warning every time I open Capture One.
Has anyone else encountered this issue and/or contacted Phase One support about it?
Thanks,
I'm running Capture One Pro 8.3.3 on Yosemite 10.10.5. I thought I would post about my issue here in case someone else has encountered it or has already had a support case about it.
Every time I launch Capture One, I get a Gatekeeper warning stating "CrashReporter.app can't be opened because it is from an unidentified developer." I get the same behavior on my tethering system (also 10.10.5) which had C1 installed from the same download. I see that CrashReporter.app is indeed part of the 'Capture One.app' bundle in the Contents/Resources folder. Some basic Google searching also showed that CrashReporter.app appeared bundled with other applications besides Capture One.
Overall, I have no significant security concerns about this since CrashReporter.app seems to be legitimate. I would just like to get rid of the OS X Gatekeeper warning every time I open Capture One.
Has anyone else encountered this issue and/or contacted Phase One support about it?
Thanks,
0
-
I know this issue as I have seen this occasionally. As I work with a non-administrative account on my Mac, I often start the program once after each installation, update or upgrade from the administrative account. After that I login again with my non-admin account and all is fine.
If you work with an admin account and still have this issue I suggest you do a permissions repair.0 -
One thing that happens is that when a new software package is installed in OSX, every file installed (including files inside the bundles, gets the extended attribute "com.apple.quarantine". Now if a user runs that SW he gets a warning that "xxxxx.app can't be opened because it is from an unidentified developer"
One way to clear this condition is if the user that installed the SW locates the SW in the FInder, right clicks on the SW and selects open. Now the OS will ask something like "xxxxx.app is an application downloaded from the Internet, do you want to run it?", and if the user acknowledges that this is so, the "Apple Quarantine" extended attribute is removed from the files. But the user that owns the files (i.e the user that installed it) must do this, no other user can do this.
Another approach is to open Terminal as an administrator, and use the "xattr" command to remove all the "com.apple.quarantine" extended attributes.
In Terminal, "man xattr" will get you than manual for the xattr command. ("l" is list, "r" is recursive, and "d" is delete)
The command " xattr -l "/Applications/Capture One.app" " will list the extended attributes of the bundle
The command " xattr -lr "/Applications/Capture One.app" " will list the extended attributes of all the files in the bundle
The command " xattr -dr com.apple.quarantine "/Applications/Capture One.app" " will delete the extended attribute "com.apple.quarantine" of the bundle and all the files in it.
These commands assume that your Capture One app is located in the /Applications folder, if it is located in a subfolder or in a different folder, you must provide the full path to the Capture One app, as in " xattr -l "/Applications/CaptureOnePro/Capture One.app" "0 -
Thank you Eric, very educating. I apparently missed a few OS X classes during high school training. 😉 0 -
Thank you Eric and Paul for the information. I did, in fact, install C1 as an admin user but never launched it under this admin account. I only launched Capture One from my usual non-admin account. This is my usual practice on OS X. Install under admin account then launch->register/activate->use under non-admin account.
I have now logged into the admin account I used to install Capture One and launched it multiple times under this user. I still continue to receive the unidentified developer Gatekeeper warning on CrashRerporter.app under this admin user as well as subsequent launches under my usual non-admin account.
Eric, thank you for the detailed information on the extended attributes in OS X. My understanding, however, is that these would be related to the "...application downloaded from the Internet" message that you mentioned and possibly also the "verifying xxxx.app" messages. My understanding of Gatekeeper and the "unidentified developer" warning I'm receiving is that it would be related to issues with the digital certificate used for code signing xxxx.app or possibly a lack any code signing at all. Admittedly, my understanding was gained somewhat through "osmosis" over the years rather than any specific resource.0 -
Hi Billiam
I too install all my SW as admin, and then run as a user, currently at OSX 10.9.5
I acccept your point about the digital certificate for code signing; after checking I note that my Crashreporter app inside the Capture One.app bundle still has com.apple.quarantine set.
One thing to check is the setting in SystemPreferences:Security&Privacy ; there is an option to "Allow Apps" from "Mac App Store", OR "Mac App Store and identified developers" OR "Anywhere" - I have mine set to "Mac App Store and identified developers" (perhaps you already have checked)
There is an Apple Application note showing how you can override the security setting for an Application . Yosemite is the same.
You seem to have a problem only with Crashreporter.app but not with the Capture One.app; I think I have seen that in the past but I don't remember how I got through it.0 -
I have the same problem, If I decide I need to do a clean install of CO, I have to set the Security settings to "Anywhere", or I cannot run it. After the first time I run it, I can set the Security back to "App Store and Identified developers".
I am almost at the point where I don't think PhaseOne is a registered developer, otherwise there is no reason they could not sign the app. And might be the reason that they take so long to verify when new releases are out, to verify if there code runs or not. Their excuse is always that Apple changes stuff after Apple even releases the GM, which I think is BS.
But, then I look that PhaseOne has the iOS app for iPhone and IPads, that goes though the iOS app store, which must be signed, so why cannot they sign the CO app? Or is the iOS app, outsourced to another company that does have its head on straight.
Robert0 -
I would like to clarify the issue I am having for reference of all in this thread.
I am not having an issue running Capture One itself. The application runs fine once I acknowledge the Gatekeeper warning message and proceed. The Gatekeeper warning I receive when launching Capture One is specifically for 'CrashReporter.app' not 'Capture One.app'. CrashReporter.app seems to be included as part of the Capture One.app bundle.
The Capture one app itself seems to be digitally signed in a proper fashion. This can be viewed at the command line by running:
codesign --display -vv "/Applications/Capture One.app/"
What I am currently trying to find is how to "extract" a file from inside an app bundle. My thought is to do this for Contents/Resources/CrashReporter.app . I will then run the codesign command on it to see what its digital signature status is and likely open a case with Phase One with the resulting information. I am currently just concerned that I might ruin the integrity of my Capture One.app if I do anything other than view what's inside the app bundle.0 -
Biiliam, you don't need to do anything to extract the crashreporter.app from the bundle. Unix views the bundle as just another tree of directories.
From my machine
Mainlobe:~ ev$ codesign --display -vv "/Applications/CaptureOnePro/Capture One.app/Contents/Resources/CrashReporter.app"
/Applications/CaptureOnePro/Capture One.app/Contents/Resources/CrashReporter.app: code object is not signed at all0 -
Thanks again Eric. I get identical results to what you posted when I run codsign directly against "/Applications/Capture One.app/Contents/Resources/CrashReporter.app/".
I have opened a support case with Phase One about this issue. I will try to remember to update this thread when I receive any noteworthy information back from them.0 -
I have received a response from Phase One support. Unfortunately, it is far from satisfactory and I believe also outright incorrect. Additionally, support changed the status of my case to “problem solved†so I can no longer reply back to it.
My support case contained the background information I mentioned in this thread along with three specific questions for technical support. My questions and responses I received from technical support are below. The red text is my subsequent response to what I received from technical support. These subsequent responses of mine appear only in this forum thread since support appears to have left me no further means of correspondence.
Overall, this experience makes me significantly question the professionalism and validity of Phase One as a software vendor operating in the current age. My patronage of Phase One would probably cease if it were not for Capture One’s tethering abilities having no peer in the industry.
1) Is the behavior I am seeing normal/expected with Capture One 8.3.3 on Yosemite 10.10.5?
This behavior is normal with Gatekeeper and installing any app not registered with Apple in the App Store.
I do not believe this statement from Phase One support is correct. My understanding is that Apps do not have to be distributed from Apple’s App store to “pass†OS X Gatekeeper. My understanding is that Apps need to be digitally signed with a code signing certificate that is formally recognized by Apple via the chain of trust stemming from their own certification authority (CA). I believe this requirement is independent of app distribution via the App Store.
2) As detailed below, is the lack of a digital signature on CrashReporter.app the cause of this issue?
From my understanding, this is a simply a security setting in Gatekeeper causing this. Capture One cannot be downloaded from the Mac App Store because of our unique signing in our software and installer packages. Gatekeeper is designed to let the end-user know that to avoid installing any malware and other misbehaving apps downloaded rom the Internet. It is not due to a lack of a digital signature.
Again, I do not believe this to be correct based on my understanding mentioned above.
3) What is Phase One’s recommended course of action to resolve this issue?
Gatekeeper options are found in Apple menu > System Preferences… > Security & Privacy > General tab under the header "Allow applications downloaded from:"
When installing Capture One, if you want to get rid of the pop-up about an Unidentfied Signature, select Anywhere – which will allow applications to run regardless of their source on the Internet.
You can change it back after to Mac App Store and identified developers if you prefer.
So Phase One’s response to this issue is for their user to disable or turn-down a security setting in their operating system. I find this to be a disappointing and outright unprofessional response for any commercial software vendor.0 -
I agree that this a very disappointing answer at is transfers all the security risk to to user without prior notice.
I have noted this uncaring attitude before.
Strangely enough, I do not get the security warning that you get (although I note that you are running 10.10 and I am running 10.9)
One thing you could try is to open the Capture One bundle with Finder, navigate to the CrashReporter.app bundle, right click or control click on it and select Open, which should then give the unidentified developer prompt and allow you to disable security for CrashReporter, as noted here0 -
[quote="Billiam29" wrote:
3) What is Phase One’s recommended course of action to resolve this issue?
Gatekeeper options are found in Apple menu > System Preferences… > Security & Privacy > General tab under the header "Allow applications downloaded from:"
When installing Capture One, if you want to get rid of the pop-up about an Unidentfied Signature, select Anywhere – which will allow applications to run regardless of their source on the Internet.
You can change it back after to Mac App Store and identified developers if you prefer.
So Phase One’s response to this issue is for their user to disable or turn-down a security setting in their operating system. I find this to be a disappointing and outright unprofessional response for any commercial software vendor.
Billiam,
I would read reply that in the following way.
Since the Gatekeeper application seems to be checking for specific settings, mainly constrained to software downloaded from the Apple App Store which Capture One cannot be part of, you either live with the warnings and click through or set the application to accept the software as "trusted".
Windows has similar features.
Gatekeeper, it would seem, doe not have the flexibility to allow it to be told that a particular application is to be accepted during its check process. Correct? If it did presumably you would simply have set the appropriate acceptance flag.
So what the Support response seems to be saying is that your options are to simply live with the alert or temporarily set Gatekeeper to accept all applications form any source when installing Capture One and that will register Capture One as being OK and from a trusted source as far as you are concerned. The message will, presumably, stop appearing.
Then set Gatekeeper back to its protective mode : "You can change it back after to Mac App Store and identified developers if you prefer."
What have I missed?
Is that really so bad as a response?
It reads to me like a complete and known solution to the question of how to set an Application and its source to "Accepted" by the end user, irrespective of constraining the developer to only provide software through the App store. On that basis your question seems to have been fully answered. Thus the call could closed. (I would guess that not closing such a completed call would eventually lead to 99% of all calls perpetually open - a pointless approach to attempting to manage a software support operation. I write that from personal experience by the way.
If you truly think that is not the case and feel you have grounds for complaint I would have thought the thing to do would be to log another Support Case to discuss the matter.
Are you sure you have understood the reply as it was intended to be understood?
Grant0 -
Hi all,
just to add another point of view - I also run C1pro 8.3.3 on 10.10.5.
I allways install updates and run the application from my non administrative account.
Whenn installing the system prompts me for an administrator password when needed.
Gatekeeper ist set to accept apps from appstore and identified developers.
And I have never seen a warning.
So there must be a difference somewhere. A damaged file or something like this perhaps.
Has anyone tried redownloading and reinstalling with the newly downloaded file?
Regards,
Frank0 -
Hi All,
Thank you for your continued discussion on this matter.
Frank.O, the fact that you have not seen the Gatekeeper warning on a system with nearly identical circumstances to mine does perhaps warrant an attempt to re-download and re-install. That said, I do think I would probably need to perform the re-install while logged in as my daily non-admin account in order to replicate your conditions. However, since I would be re-installing under different circumstances than I performed my original installation, that in itself could introduce more complexity to solving the puzzle.
SFA, I do not think I am misinterpreting the context of the response I received from Phase One support. I continue to feel that they are not properly versed in what is causing the situation. There may not be an alternative for me other than to accept the Gatekeeper warnings with my current Capture One installation. I do, however, feel that this is an issue that Phase One needs to correct with future versions or distributions of Capture One.
The points below are what I envision a “perfect world†world response would have been from Phase One. These points assume, of course, that my understanding of the situation is correct.
a) We agree that the lack of a digital code signature on CrashReporter.app is the likely cause of the Gatekeeper warning you are receiving.
b) We can assure you that all files included with Capture One, including the 3rd party CrashReporter.app, are confirmed to have been obtained from their original source and are throughly scanned and confirmed to be free of malware.
c) We will seek to include an updated version of CrashReporter.app with a proper digital signature or another properly signed crash reporting solution in future distributions of Capture One.
Additionally, I would like to emphasize one point that you (SFA) alluded to and that Phase One support stated to me: that Capture One being distributed outside the App Store has something to do with this. I very much believe this is not true. I did further research on this and found an Apple developer article specifically about distributing apps outside of the App Store. This article seems to reinforce that my understanding of the situation is correct.
Distributing Apps Outside the Mac App Store (2nd paragraph)
NOTE: This article is filed under iOS but it specifically addresses Mac apps.
Here is an overall list of points that hopefully illustrates my position.
1) Phase One has chosen to include a 3rd party crash reporting application as part of its Capture One app bundle.
2) The chosen 3rd party application (CrashReporter.app) does not have any digital signature.
3) The lack of a digital signature on CrashReporter.app is causing Gatekeeper warnings when I launch Capture One.
4) Without a proper digital signature, users of Capture One on OS X have no way of knowing whether the 3rd party software Phase One includes inside of Capture One is genuine.
5) If Phase One’s systems were compromised, the perpetrator could replace CrashReporter.app with malware. Individuals that subsequently downloaded and installed Capture One would become infected if they followed Phase One’s suggested practice of lowering the security settings of OS X Gatekeeper.
6) The same as the previous item, but a perpetrator tricks people into downloading Capture One from a fake or unauthorized site. This could be somewhat harmful Phase One’s reputation even though their own systems remained intact.0 -
[quote="Billiam29" wrote:
Hi All,
Thank you for your continued discussion on this matter.
Frank.O, the fact that you have not seen the Gatekeeper warning on a system with nearly identical circumstances to mine does perhaps warrant an attempt to re-download and re-install. That said, I do think I would probably need to perform the re-install while logged in as my daily non-admin account in order to replicate your conditions. However, since I would be re-installing under different circumstances than I performed my original installation, that in itself could introduce more complexity to solving the puzzle.
SFA, I do not think I am misinterpreting the context of the response I received from Phase One support. I continue to feel that they are not properly versed in what is causing the situation. There may not be an alternative for me other than to accept the Gatekeeper warnings with my current Capture One installation. I do, however, feel that this is an issue that Phase One needs to correct with future versions or distributions of Capture One.
The points below are what I envision a “perfect world†world response would have been from Phase One. These points assume, of course, that my understanding of the situation is correct.
a) We agree that the lack of a digital code signature on CrashReporter.app is the likely cause of the Gatekeeper warning you are receiving.
b) We can assure you that all files included with Capture One, including the 3rd party CrashReporter.app, are confirmed to have been obtained from their original source and are throughly scanned and confirmed to be free of malware.
c) We will seek to include an updated version of CrashReporter.app with a proper digital signature or another properly signed crash reporting solution in future distributions of Capture One.
Additionally, I would like to emphasize one point that you (SFA) alluded to and that Phase One support stated to me: that Capture One being distributed outside the App Store has something to do with this. I very much believe this is not true. I did further research on this and found an Apple developer article specifically about distributing apps outside of the App Store. This article seems to reinforce that my understanding of the situation is correct.
Distributing Apps Outside the Mac App Store (2nd paragraph)
NOTE: This article is filed under iOS but it specifically addresses Mac apps.
Here is an overall list of points that hopefully illustrates my position.
1) Phase One has chosen to include a 3rd party crash reporting application as part of its Capture One app bundle.
2) The chosen 3rd party application (CrashReporter.app) does not have any digital signature.
3) The lack of a digital signature on CrashReporter.app is causing Gatekeeper warnings when I launch Capture One.
4) Without a proper digital signature, users of Capture One on OS X have no way of knowing whether the 3rd party software Phase One includes inside of Capture One is genuine.
5) If Phase One’s systems were compromised, the perpetrator could replace CrashReporter.app with malware. Individuals that subsequently downloaded and installed Capture One would become infected if they followed Phase One’s suggested practice of lowering the security settings of OS X Gatekeeper.
6) The same as the previous item, but a perpetrator tricks people into downloading Capture One from a fake or unauthorized site. This could be somewhat harmful Phase One’s reputation even though their own systems remained intact.
So I assume you have taken this up with Phase One and been offered an official response before posting your opinions again here?
What did they say?
Grant0 -
[quote="SFA" wrote:
So I assume you have taken this up with Phase One and been offered an official response before posting your opinions again here?
What did they say?
Grant
I'm confused on why you would ask if I've taken this up with Phase One before posting my opinions here. I apologize if you feel my last few posts to be excessive, redundant, or non-substantive complaints. That was not my intention. I was simply trying to further clarify and provide additional details on why I feel this is an issue that Phase One should resolve.
To specifically answer your question, I have not yet made a second attempt at contacting Phase One about this issue. I am reluctant to do so through tech support since they terminated my first attempt at correspondence based on what I feel is incorrect information while also leaving me no apparent means to further the existing conversation or help guide them toward the information that I feel to be correct on this matter. My hope is that I can find a direct email address to somebody at Phase One who is relevant to this this situation and provide them with the same information I have tried to convey here in this thread.0
Post ist für Kommentare geschlossen.
Kommentare
16 Kommentare