github-starred/MonitorControl
2
0
Fork 0
mirror of https://github.com/MonitorControl/MonitorControl.git synced 2026-05-15 14:15:55 -06:00
Code Issues 21 Projects Packages Wiki Activity Actions

[GH-ISSUE #1740] MonitorControl fails strict codesign verification #962

New issue
Closed
opened 2026-05-05 06:56:20 -06:00 by gitea-mirror · 1 comment
gitea-mirror commented 2026-05-05 06:56:20 -06:00
Owner
Copy link

Originally created by @jrmfong on GitHub (Mar 19, 2025).
Original GitHub issue: https://github.com/MonitorControl/MonitorControl/issues/1740

MonitorControl fails strict codesign verification which is one of the typical check of autopkg.

codesign --verify --verbose=4 --deep --strict
--require='anchor apple generic and identifier "app.monitorcontrol.MonitorControl" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "299YSU96J7")'
/Applications/MonitorControl.app

--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswift_Concurrency.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswift_Concurrency.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAppKit.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAppKit.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAVFoundation.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAVFoundation.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCore.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCore.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreAudio.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreAudio.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreData.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreData.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreFoundation.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreFoundation.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreGraphics.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreGraphics.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreImage.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreImage.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreMedia.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreMedia.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDarwin.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDarwin.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDispatch.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDispatch.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftFoundation.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftFoundation.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftIOKit.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftIOKit.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftMetal.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftMetal.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftObjectiveC.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftObjectiveC.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftos.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftos.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftQuartzCore.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftQuartzCore.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftsimd.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftsimd.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftXPC.dylib
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftXPC.dylib
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/.
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Autoupdate
--validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Autoupdate
--prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app
/Volumes/MonitorControl/MonitorControl.app: resource fork, Finder information, or similar detritus not allowed
In subcomponent: /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app
file with invalid attached data: Disallowed xattr com.apple.FinderInfo found on /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app

Steps to reproduce

  1. Download the latest dmg from GitHub.

  2. Open the dmg and drag the MonitorControl.app into /Applications

  3. Run the following command in terminal
    codesign --verify --verbose=4 --deep --strict
    --require='anchor apple generic and identifier "app.monitorcontrol.MonitorControl" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = "299YSU96J7")'
    /Applications/MonitorControl.app

  4. Generate the error log in the last few lines which are quoted below:
    --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app
    /Volumes/MonitorControl/MonitorControl.app: resource fork, Finder information, or similar detritus not allowed
    In subcomponent: /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app
    file with invalid attached data: Disallowed xattr com.apple.FinderInfo found on /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app

Expected behavior

MonitorControl.app should pass all strict codesign checks which is crucial to guard against security risk during patching.

Environment

macOS version: macOS 15.3.2
Mac model: MacBook Pro M1 2021
MonitorControl version: 4.3.3
Monitor(s): 2
Apple Silicon/M1 (yes or no): Yes

Originally created by @jrmfong on GitHub (Mar 19, 2025). Original GitHub issue: https://github.com/MonitorControl/MonitorControl/issues/1740 MonitorControl fails strict codesign verification which is one of the typical check of autopkg. codesign --verify --verbose=4 --deep --strict \ --require='anchor apple generic and identifier "app.monitorcontrol.MonitorControl" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "299YSU96J7")' \ /Applications/MonitorControl.app --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswift_Concurrency.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswift_Concurrency.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAppKit.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAppKit.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAVFoundation.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftAVFoundation.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCore.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCore.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreAudio.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreAudio.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreData.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreData.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreFoundation.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreFoundation.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreGraphics.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreGraphics.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreImage.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreImage.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreMedia.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftCoreMedia.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDarwin.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDarwin.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDispatch.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftDispatch.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftFoundation.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftFoundation.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftIOKit.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftIOKit.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftMetal.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftMetal.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftObjectiveC.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftObjectiveC.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftos.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftos.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftQuartzCore.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftQuartzCore.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftsimd.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftsimd.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftXPC.dylib --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/libswiftXPC.dylib --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/. --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Autoupdate --validated:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Autoupdate --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app /Volumes/MonitorControl/MonitorControl.app: resource fork, Finder information, or similar detritus not allowed In subcomponent: /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app file with invalid attached data: Disallowed xattr com.apple.FinderInfo found on /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app ### Steps to reproduce 1. Download the latest dmg from GitHub. 2. Open the dmg and drag the MonitorControl.app into /Applications 3. Run the following command in terminal codesign --verify --verbose=4 --deep --strict \ --require='anchor apple generic and identifier "app.monitorcontrol.MonitorControl" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "299YSU96J7")' \ /Applications/MonitorControl.app 4. Generate the error log in the last few lines which are quoted below: --prepared:/Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app /Volumes/MonitorControl/MonitorControl.app: resource fork, Finder information, or similar detritus not allowed In subcomponent: /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app file with invalid attached data: Disallowed xattr com.apple.FinderInfo found on /Volumes/MonitorControl/MonitorControl.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Updater.app ### Expected behavior MonitorControl.app should pass all strict codesign checks which is crucial to guard against security risk during patching. ### Environment macOS version: macOS 15.3.2 Mac model: MacBook Pro M1 2021 MonitorControl version: 4.3.3 Monitor(s): 2 Apple Silicon/M1 (yes or no): Yes
gitea-mirror commented 2026-05-05 06:56:27 -06:00
Author
Owner
Copy link

@waydabber commented on GitHub (Mar 20, 2025):

Hmm. Sparkle is a rather common macOS framework for in-app updates. I think you should treat that as an exception. But if there is a way to include Sparkle in a way that this does not happen, let me know!

https://sparkle-project.org

<!-- gh-comment-id:2739333183 --> @waydabber commented on GitHub (Mar 20, 2025): Hmm. Sparkle is a rather common macOS framework for in-app updates. I think you should treat that as an exception. But if there is a way to include Sparkle in a way that this does not happen, let me know! https://sparkle-project.org
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
develop
github-pages
v4.3.3
v4.3.2
v4.2.0
v4.1.0
v4.0.2
v4.0.1
v4.0.0
v4.0.0-rc1
v4.0.0-beta2
v4.0.0-beta1
v3.1.1
v3.1.0
v3.0.0
v3.0.0-rc2
v3.0.0-rc1
v3.0.0-beta8
v3.0.0-beta7
v3.0.0-beta6
v3.0.0-beta5
v3.0.0-beta4
v3.0.0-beta3
v3.0.0-beta2
v3.0.0-beta1
v2.1.0
v2.0.0
v1.7.1
v1.7.0
v1.6.0
v1.5.2
v1.5.0
v1.4.0
1.3.1
v1.3
v1.2.2
v1.3.0
v1.2.1
v1.2
v1.1
v1.0
Labels
Clear labels   
Status: Abandoned

   
arm64

   
beta

   
beta

   
bug

   
done

   
duplicate

   
enhancement

   
feedback needed from reporter

   
in progress

   
invalid

   
investigating

   
known Issue

   
monitor Issue

   
pull-request

Mirrored from GitHub Pull Request

  
translation

   
unable to reproduce

   
unreleased

   
x86
No labels
Status: Abandoned
arm64
beta
beta
bug
done
duplicate
enhancement
feedback needed from reporter
in progress
invalid
investigating
known Issue
monitor Issue
pull-request
translation
unable to reproduce
unreleased
x86
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/MonitorControl#962
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?