Skip to content

Commit

Permalink
v2.1.0
Browse files Browse the repository at this point in the history 
Support for notarized packages
Improved handling of inaccessible files #19
  • Loading branch information
@objective-see
objective-see committed May 25, 2023
1 parent 3068a24 commit 4642311
Show file tree
Hide file tree
Showing 29 changed files with 322 additions and 99 deletions.
16 changes: 8 additions & 8 deletions Installer/Installer.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@
GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
MACOSX_DEPLOYMENT_TARGET = 10.10;
MACOSX_DEPLOYMENT_TARGET = 10.13;
MTL_ENABLE_DEBUG_INFO = YES;
ONLY_ACTIVE_ARCH = YES;
SDKROOT = macosx;
Expand Down Expand Up @@ -358,7 +358,7 @@
GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
GCC_WARN_UNUSED_FUNCTION = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
MACOSX_DEPLOYMENT_TARGET = 10.10;
MACOSX_DEPLOYMENT_TARGET = 10.13;
MTL_ENABLE_DEBUG_INFO = NO;
SDKROOT = macosx;
};
Expand All @@ -371,7 +371,7 @@
CODE_SIGN_ENTITLEMENTS = "Installer/WhatsYourSign Installer.entitlements";
CODE_SIGN_IDENTITY = "Developer ID Application";
COMBINE_HIDPI_IMAGES = YES;
CURRENT_PROJECT_VERSION = 2.0.1;
CURRENT_PROJECT_VERSION = 2.1.0;
DEVELOPMENT_TEAM = VBG97UB4TA;
ENABLE_HARDENED_RUNTIME = YES;
GCC_PREPROCESSOR_DEFINITIONS = (
Expand All @@ -382,8 +382,8 @@
GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO;
INFOPLIST_FILE = Installer/Info.plist;
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks";
MACOSX_DEPLOYMENT_TARGET = 10.10;
MARKETING_VERSION = 2.0.1;
MACOSX_DEPLOYMENT_TARGET = 10.13;
MARKETING_VERSION = 2.1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.WhatsYourSign";
PRODUCT_NAME = "WhatsYourSign Installer";
};
Expand All @@ -396,15 +396,15 @@
CODE_SIGN_ENTITLEMENTS = "Installer/WhatsYourSign Installer.entitlements";
CODE_SIGN_IDENTITY = "Developer ID Application";
COMBINE_HIDPI_IMAGES = YES;
CURRENT_PROJECT_VERSION = 2.0.1;
CURRENT_PROJECT_VERSION = 2.1.0;
DEVELOPMENT_TEAM = VBG97UB4TA;
ENABLE_HARDENED_RUNTIME = YES;
GCC_PREPROCESSOR_DEFINITIONS = "IS_INSTALLER_APP=1";
GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO;
INFOPLIST_FILE = Installer/Info.plist;
LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks";
MACOSX_DEPLOYMENT_TARGET = 10.10;
MARKETING_VERSION = 2.0.1;
MACOSX_DEPLOYMENT_TARGET = 10.13;
MARKETING_VERSION = 2.1.0;
PRODUCT_BUNDLE_IDENTIFIER = "com.objective-see.WhatsYourSign";
PRODUCT_NAME = "WhatsYourSign Installer";
};
Expand Down
Binary file removed Installer/Installer/Assets.xcassets/Friends1Password.imageset/darkMode.png
View file
Binary file not shown.
Binary file removed Installer/Installer/Assets.xcassets/Friends1Password.imageset/lightMode.png
View file
Binary file not shown.
Binary file modified Installer/Installer/Assets.xcassets/FriendsKandji.imageset/darkMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Installer/Installer/Assets.xcassets/FriendsKandji.imageset/lightMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
0 ...s/Friends1Password.imageset/Contents.json → ...sets/FriendsKolide.imageset/Contents.json
View file
File renamed without changes.
Binary file added Installer/Installer/Assets.xcassets/FriendsKolide.imageset/darkMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Installer/Installer/Assets.xcassets/FriendsKolide.imageset/lightMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
20 changes: 10 additions & 10 deletions Installer/Installer/Assets.xcassets/FriendsMosyle.imageset/Contents.json
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,33 @@
{
"images" : [
{
"idiom" : "mac",
"filename" : "darkMode.png"
"filename" : "darkMode.png",
"idiom" : "mac"
},
{
"idiom" : "mac",
"filename" : "lightMode.png",
"appearances" : [
{
"appearance" : "luminosity",
"value" : "light"
}
]
],
"filename" : "lightMode.png",
"idiom" : "mac"
},
{
"idiom" : "mac",
"filename" : "darkMode.png",
"appearances" : [
{
"appearance" : "luminosity",
"value" : "dark"
}
]
],
"filename" : "darkMode.png",
"idiom" : "mac"
}
],
"info" : {
"version" : 1,
"author" : "xcode"
"author" : "xcode",
"version" : 1
},
"properties" : {
"preserves-vector-representation" : true
Expand Down
Binary file modified Installer/Installer/Assets.xcassets/FriendsMosyle.imageset/darkMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
35 changes: 35 additions & 0 deletions Installer/Installer/Assets.xcassets/FriendsPANW.imageset/Contents.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
{
"images" : [
{
"filename" : "darkMode.png",
"idiom" : "mac"
},
{
"appearances" : [
{
"appearance" : "luminosity",
"value" : "light"
}
],
"filename" : "lightMode.png",
"idiom" : "mac"
},
{
"appearances" : [
{
"appearance" : "luminosity",
"value" : "dark"
}
],
"filename" : "darkMode.png",
"idiom" : "mac"
}
],
"info" : {
"author" : "xcode",
"version" : 1
},
"properties" : {
"preserves-vector-representation" : true
}
}
Binary file added Installer/Installer/Assets.xcassets/FriendsPANW.imageset/darkMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Installer/Installer/Assets.xcassets/FriendsPANW.imageset/lightMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
35 changes: 35 additions & 0 deletions Installer/Installer/Assets.xcassets/FriendsSophos.imageset/Contents.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
{
"images" : [
{
"filename" : "darkMode.png",
"idiom" : "mac"
},
{
"appearances" : [
{
"appearance" : "luminosity",
"value" : "light"
}
],
"filename" : "lightMode.png",
"idiom" : "mac"
},
{
"appearances" : [
{
"appearance" : "luminosity",
"value" : "dark"
}
],
"filename" : "darkMode.png",
"idiom" : "mac"
}
],
"info" : {
"author" : "xcode",
"version" : 1
},
"properties" : {
"preserves-vector-representation" : true
}
}
Binary file added Installer/Installer/Assets.xcassets/FriendsSophos.imageset/darkMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Installer/Installer/Assets.xcassets/FriendsSophos.imageset/lightMode.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
104 changes: 58 additions & 46 deletions Installer/Installer/ConfigureWindowController.xib
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions Installer/Installer/main.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ int main(int argc, const char * argv[])

//check if app should be run with permissions
// ->basically if user is not an admin, or was installed via admin
BOOL shouldPrompt4Perms()
BOOL shouldPrompt4Perms(void)
{
//flag
BOOL shouldPrompt = YES;
Expand Down Expand Up @@ -110,7 +110,7 @@ BOOL shouldPrompt4Perms()

//checks if user has admin privs
// ->based off http://stackoverflow.com/questions/30000443/asking-for-admin-privileges-for-only-standard-accounts
BOOL hasAdminPrivileges()
BOOL hasAdminPrivileges(void)
{
//flag
BOOL isAdmin = NO;
Expand Down
4 changes: 2 additions & 2 deletions Installer/Installer/patrons.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
Patrons (2^6+):
Jan Koum, Christian Blümlein, MikeyH
Jan Koum, Nick, Cane Juice, Christian Blümlein, M S, Shain Singh

Friends of Objective-See:
1Password, Jamf, Kandji, Mosyle, CleanMyMac X, SmugMug, Guardian Mobile Firewall, iVerify, Halo Privacy
Jamf, Mosyle, Kandji, CleanMyMac X, Kolide, Palo Alto Networks, Addigy, SmugMug, Guardian Mobile Firewall, iVerify, Halo Privacy
2 changes: 1 addition & 1 deletion Shared/consts.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@
#define KEY_ERROR_SHOULD_EXIT @"shouldExit"

//general error URL
#define FATAL_ERROR_URL @"https://objective-see.com/errors.html"
#define FATAL_ERROR_URL @"https://objective-see.org/errors.html"

//support us button tag
#define BUTTON_SUPPORT_US 100
Expand Down
2 changes: 1 addition & 1 deletion Shared/utilities.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ NSMutableDictionary* execTask(NSString* binaryPath, NSArray* arguments);
pid_t findProcess(NSString* processName);

//hash a file
// ->md5/sha1/sha256
// md5/sha1/sha256
NSDictionary* hashFile(NSString* filePath);

//restart Finder.app
Expand Down
6 changes: 3 additions & 3 deletions Shared/utilities.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

//get app's version
// ->extracted from Info.plist
NSString* getAppVersion()
NSString* getAppVersion(void)
{
//read and return 'CFBundleVersion' from bundle
return [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleVersion"];
Expand Down Expand Up @@ -664,7 +664,7 @@ pid_t findProcess(NSString* processName)
}

//restart Finder.app
void restartFinder()
void restartFinder(void)
{
//relaunch Finder
// ensures plugin gets loaded, etc
Expand All @@ -685,7 +685,7 @@ void restartFinder()

//check if (full) dark mode
// meaning, Mojave+ and dark mode enabled
BOOL isDarkMode()
BOOL isDarkMode(void)
{
//flag
BOOL darkMode = NO;
Expand Down
61 changes: 55 additions & 6 deletions WhatsYourSignExt/FinderSync/InfoWindowController.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,13 +149,21 @@ -(void)processCodeSigningInfo
}

//disk images/packages
// don't have more info about who signed it
// don't have much info about who signed it
if( (NSOrderedSame == [self.item.path.pathExtension caseInsensitiveCompare:@"dmg"]) ||
(NSOrderedSame == [self.item.path.pathExtension caseInsensitiveCompare:@"pkg"]) )
{

//set icon to default (signed)
csIcon = [NSImage imageNamed:@"signed"];

//notarized?
if(YES == [self.item.signingInfo[KEY_SIGNING_IS_NOTARIZED] boolValue])
{
//append to summary
[csSummary appendFormat:@" & notarized"];
}

//done
break;
}
Expand Down Expand Up @@ -252,6 +260,20 @@ -(void)processCodeSigningInfo
}

break;

//access denied
case kPOSIXErrorEACCES:

//set image
csIcon = [NSImage imageNamed:@"unknown"];

//append to summary
[csSummary appendFormat:@" could not be accessed"];

//details
csDetails = [@"" mutableCopy];

break;

//everything else
// other signing errors
Expand Down Expand Up @@ -294,7 +316,7 @@ -(void)processCodeSigningInfo
else
{
//set
self.hashes.stringValue = @"None";
self.hashes.stringValue = @"?";
}
}
//create clickable 'show hashes' label
Expand All @@ -310,8 +332,17 @@ -(void)processCodeSigningInfo
//no entitlements?
if(0 == [self.item.signingInfo[KEY_SIGNING_ENTITLEMENTS] count])
{
//set
self.entitlements.stringValue = @"None";
//couldn't access?
if(kPOSIXErrorEACCES == [self.item.signingInfo[KEY_SIGNATURE_STATUS] intValue])
{
self.entitlements.stringValue = @"?";
}
//none for real
else
{
//set
self.entitlements.stringValue = @"None";
}
}
//create clickable 'show entitlements' label
else
Expand All @@ -323,8 +354,26 @@ -(void)processCodeSigningInfo
[self.entitlements addGestureRecognizer:[[NSClickGestureRecognizer alloc] initWithTarget:self action:@selector(showEntitlements:)]];
}

//set signing statue
self.signingStatus.stringValue = (0 != csDetails.length) ? csDetails: @"None";
//have signing auths?
if(0 != csDetails.length)
{
//set
self.signingStatus.stringValue = csDetails;
}
//none
else
{
//set signing auths
if(kPOSIXErrorEACCES == [self.item.signingInfo[KEY_SIGNATURE_STATUS] intValue])
{
self.signingStatus.stringValue = @"?";
}
//none for real
else
{
self.signingStatus.stringValue = @"None";
}
}

return;
}
Expand Down
10 changes: 10 additions & 0 deletions WhatsYourSignExt/FinderSync/Item.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,16 @@ -(void)determineType
//array of parsed results
NSArray* parsedResults = nil;

//couldn't access?
if(YES != [NSFileManager.defaultManager isReadableFileAtPath:self.path])
{
//blank
localizedType = @"?";

//bail
goto bail;
}

//set directory flag
[NSFileManager.defaultManager fileExistsAtPath:self.path isDirectory:&isDirectory];

Expand Down
16 changes: 16 additions & 0 deletions WhatsYourSignExt/FinderSync/Packages.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,27 @@

@import Foundation;

#import "packageKit.h"

//type def for 'SecAssessmentTicketFlags'
typedef uint64_t SecAssessmentTicketFlags;
enum {
kSecAssessmentTicketFlagDefault = 0,
kSecAssessmentTicketFlagForceOnlineCheck = 1 << 0,
kSecAssessmentTicketFlagLegacyListCheck = 1 << 1,
};

//function def for 'SecAssessmentTicketLookup'
Boolean SecAssessmentTicketLookup(CFDataRef hash, SecCSDigestAlgorithm hashType, SecAssessmentTicketFlags flags, double *date, CFErrorRef *errors);

/* FUNCTIONS */

//process a pkg
NSMutableDictionary* checkPackage(NSString* package);

//check if pkg is notarized
BOOL isNotarized(PKArchiveSignature* signature);

//check if a file has a cert that has been revoked
// exec 'spctl --assess <path to file>' and looks for 'CSSMERR_TP_CERT_REVOKED'
BOOL isRevoked(NSString* path);
Expand Down
Loading

0 comments on commit 4642311

Please sign in to comment.