Issue metadata
Sign in to add a comment
|
Mac# 59.0.3071.25 -- Observing Codesign error. |
||||||||||||||||||||||
Issue descriptionChrome Version: 59.0.3071.25 OS: Mac OS X 10.12.4 What steps will reproduce the problem? (1) Execute the script "python mac_codesign.py" (2) Observing the following error. msrchandra-macbookair2:python_tests msrchandra$ python mac_codesign.py 2017-04-24 22:43:07,435 ERROR FAIL: spctl --assess -vv 2017-04-24 22:43:07,435 ERROR Expected strings in output of "spctl --assess -vv": /Applications/Google Chrome.app: accepted source=Developer ID origin=Developer ID Application: Google Inc. 2017-04-24 22:43:07,435 ERROR Actual output of "spctl --assess -vv": /Applications/Google Chrome.app: accepted source=Developer ID origin=Developer ID Application: Google, Inc. (EQHXZ8M8AV) 2017-04-24 22:43:07,435 ERROR Code signing tests FAILED What is the expected result? All the signing tests should be Passed. What happens instead? Signing tests are getting failed. Note: Codesign is working fine on Current Market Dev# 59.0.3071.15. @cdavid -- Could you please look into the issue. Thank You.
,
Apr 25 2017
mmentovai@, is this due to code signing certificate for macOS?
,
Apr 25 2017
Based on the report, your script is expecting to see: /Applications/Google Chrome.app: accepted source=Developer ID origin=Developer ID Application: Google Inc. It’s instead seeing: /Applications/Google Chrome.app: accepted source=Developer ID origin=Developer ID Application: Google, Inc. (EQHXZ8M8AV) This is because we changed the certificate that we sign Chrome with. See bug 629906. The old certificate expires Thursday, we will not be switching back to it. The change in the “origin” field is beyond our control. The value of this field is the common name (CN) presented in the certificate. For Developer ID certificates like the one we sign Chrome with, CN is “Developer ID Application: ” followed by the developer’s name. These certificates are issued by Apple, and Apple alone controls the format of the CN. Shortly after our old certificate was issued, Apple began appending the team ID in parentheses after the organization name. Additionally, somewhere along the line, they changed our name from “Google Inc.” to “Google, Inc.” with a comma. Despite my best efforts, I was unable to get them to fix this. You can see the common name in the new certificate in bug 629906 comment 28. It’s Developer ID Application: Google, Inc. (EQHXZ8M8AV) This matches what your test script is finding. The test script’s expectations need to be updated to accept the new result from spctl --assess. I’m happy to make this update, but I don’t know where the script lives. Someone on the TE team can also make this change per this comment to accept the result that spctl is now giving. Removing ReleaseBlock, as this is solely a test expectation problem.
,
May 2 2017
Kicking back out because the requested feedback wasn’t provided. You can fix the script too, as I directed in comment 3.
,
May 3 2017
@Austin -- Could you please look into the issue as per Comment# 4 and provide us an update. Thank You.
,
May 3 2017
Sure i'll update our test script as per new certificate in bug 629906 comment 28.
,
May 3 2017
The test is updated and the change is landed. Please take the update script and run the test. Thanks
,
May 5 2017
Tested the issue on Mac OS X 10.12.4 using Chrome Dev# 60.0.3088.3 and found to be fixed. Adding TE-Verified labels accordingly. Thank You everyone for the fix provided.
,
Aug 13
Issue 872475 has been merged into this issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Apr 25 2017