2016-03-08, 12:04
(2016-03-05, 10:09)Memphiz Wrote: The Problem was not due to changed Files in the app bundle Last time ...
Hi Memphiz,
Happy to defer to your greater knowledge.
I used the term ""app" directories" as I don't know the right terminology. I still think there may be files outside the app that are sometimes changing that Gatekeeper checks which then causes the software to appear as new (which then triggers the repeated firewall nag) ..
See https://developer.apple.com/library/mac/...1-TNTAG207
From above:
Quote:Beginning with OS X v10.10.4, Gatekeeper verifies libraries loaded from outside an application bundle.
If an app uses @rpath or an absolute path to link to a dynamic library outside of the app, the app will be rejected by Gatekeeper. This restriction applies to the app’s main executable and any other executable in the bundle, including libraries. This restriction applies even if the path does not exist (and normally causes the dynamic linker to fall back to a library inside the bundle).
If Gatekeeper rejects launching an app for this reason, the system log will note Fails dylib check, like this:
7/8/15 4:00:19.942 PM CoreServicesUIAgent[5940]: File /Applications/MyApp.app/Contents/MacOS/MyApp failed on loadCmd /foo/libLibrary.dylib
7/8/15 4:00:19.942 PM CoreServicesUIAgent[5940]: Fails dylib check
This means that MyApp.app links against /foo/libLibrary.dylib. /foo is not a standard location for libraries on OS X, so the linkage isn’t allowed.
Neither the codesign nor the spctl tool will show the error. The error will only appear in the system log.
This check is performed the first time the app is run. It does not apply to libraries the app loads itself using the dlopen function. It also does not apply to libraries loaded from paths where libraries are expected to reside, such as /System, /Library, and /usr/.
To see which libraries an app references, use the command otool -L MyApp.app/Contents/MacOS/MyApp.
To test Gatekeeper conformance, you must use OS X v10.9.5 or later. Follow these steps:
Download it from its website, or mail it to yourself, or send it to yourself using AirDrop or Message. This will quarantine the downloaded copy. This is necessary to trigger the Gatekeeper check as Gatekeeper only checks quarantined files the first time they're opened.
Hint: keep the downloaded .dmg around; it will stay quarantined and you can use it again and again to test.
Drag-install your app and launch it.
Observe the results.
Hint: Don't launch from inside the .dmg.
This command:
$ codesign --verify --deep --verbose=2 Foo.app
mimics what Gatekeeper does to check your app.
In terms of replicating - we need two or three people on same O/S later than or equal to 10.10.4 who test a vanilla clean install of Kodi with firewall .. I will try it in the next few days on El Cap.