AdguardTeam
Certficate/Notarization broken
On MacOS Catalina (not tested on other MacOS versions) the Adguard for Safari App, standalone build from the stable release channel on github cannot be launched, because the certification chain is broken. The OS rejects the app as being "not from a certified developer". In order to verify and exclude any problems with my system, I uploaded the 1.9.13 release build to virustotal, which also detects the app signature as invalid (report is at https://www.virustotal.com/gui/file/90b39157c503541c895d973ad1493171128e471aacd043943b68ca9c4b1fcfc3/detection).
Thank you for fixing this.
@B-X-M
Hello, thank you for the report. Try out the new 1.9.14 beta version where it's fixed already.
Sorry for the late reply.
The issue is not fixed. Please see the following report, app v 1.9.14 beta checked with MacOS built-in tools:
spctl -a -vv Adguard\ for\ Safari.app
Adguard for Safari.app: rejected
source=Unnotarized Developer ID
origin=Developer ID Application: Adguard Software Limited (TC3Q7MAJXF)
There's something wrong with the notarization/the developer account.
Now this is interesting, tried again on a fully updated BigSur install on a different machine, same result, app rejected.
@Oleg-Chashko Did you install from the AppStore? This binary seems to work. What is broken (at least over here ;)) is the binary from github releases, see terminal screenshot and screenshot of virustotal scan also flagging the signature as invalid (yellow marker added by me)
.
Hi @B-X-M
@Oleg-Chashko Did you install from the AppStore?
No, I installed from "github" (Standalone build, beta channel).
Report virustotal: app v.1.9.14 beta https://www.virustotal.com/gui/file/c290358460dd43803ba9c4d93f2613871bd1bd6345c77ed8cd0d237d68e74902/detection
P.S.: It feels like we are in different temporal universes. ;)
@B-X-M Report virustotal: app v.1.9.13 You got it wrong a little bit. You checked with Virustotal v.1.9.13. And it really isn't signed. And we're talking about v.1.9.14 Beta, the v.1.9.14 Beta is okay with the signature.
https://www.virustotal.com/gui/file/90b39157c503541c895d973ad1493171128e471aacd043943b68ca9c4b1fcfc3/detection
Ok, thanks for pointing me into the right direction. If you go to the latest beta release tag, the first standalone build link will still redirect to the broken release version 1.9.13. Only the second "beta" link refers to the actual beta build. My fault, sorry! I was trying to re-check the broken build all over.
Just a quick recap of the situation: There is a signature issue in the release build. The fix is in 1.9.14beta.
@Oleg-Chashko Is this correct? And thanks again for pointing that out.
Btw, what is the reason for the broken signature in older builds?
@B-X-M
Just a quick recap of the situation: There is a signature issue in the release build. The fix is in 1.9.14beta.
v.1.9.13 - Intel build - Signature Not OK v.1.9.14Beta - Universal build - Signature OK Yes, short and true. No need to apologize. I was glad to help you. :)
Btw,` what is the reason for the broken signature in older builds?
As I understand it, now there is a lot of work on v.1.9.14Beta. Transition to Universal build, for Intel CPUs and arm M1 CPUs. Perhaps there is no time for this. A lot of work with SafariConverterLib for Beta. The guys are really busy and trying to release the next beta version.
Sorry to come back to this issue. While 1.9.14Beta camewith a proper signature, the signature/notarization of the 1.19.19 package is broken again. Please fix the signing process as it keeps users from actually installing the github linked files. Screenshot from VT:
