1Password 6.8.9 crashes on Catalina 10.15.4 with Termination Reason: Namespace CODESIGNING, Code 0x1

brass_ · April 2020

On a new install of Cataline 10.15.4, I download and install 1Password 6.8.9. It crashes before when I open it, no user interface appears. When checking the Console I see an error message which states the reason for crashing is "Namespace CODESIGNING, Code 0x1". I do not even get a chance to open a vault.

I have fully reinstalled the operating system and downloaded 1Password again; the error persists.

1password 6.8.9 runs successfully on my other Catalina system without issue; the only difference that system is an upgrade over several releases of MacOS.

1Password Version: 6.8.9
Extension Version: Not Provided
OS Version: MacOS 10.15.4
Sync Type: dropbox

brass_ · April 2020

Edit... I meant to say it crashes when I open it

Ben · April 2020

Hi @brass_

I'm sorry to hear about the trouble. Code signing errors are usually a result of the application having been modified. Do you have anything installed on this system that might be modifying installed apps? Or antivirus? In particular, do you have a software package called Sentinel One installed?

Ben

brass_ · April 2020

Hi Ben

Not to my knowledge, it's a clean install. All I have installed is Libre Office, visual studio code, VLC, brew, python3, chrome and Firefox.

Ben · April 2020

@brass_

I just spoke with one of our developers about this case and he suggested booting the Mac in Safe Mode (hold shift while booting) and try launching 1Password there. Then reboot again in normal mode and try launching. Apparently we've seen some cases where some underlying magic in the OS resolves this issue when doing this.

Please let me know if that helps. If the result is the same after booting back into normal mode please post the output of this command:
codesign -d -vvv /Applications/1Password*.app

Thanks.

Ben

brass_ · April 2020

Hi @Ben

Switching to safe mode did the trick! 1password 6 is now running in regular mode on Catalina perfectly. Thank you!

Could you ask the developer to explain why that worked?

Ben · April 2020

The answer was literally "some magic in the OS" — honestly we're as stumped about it as you. But I'm glad to hear that worked. :)

Ben

adrianraper · May 2020

I've just had the same code-signing thing, but with 1Password 7.5. I tried rebooting in safe mode, but no magic. So I downloaded the app again and installed and that did work. The font running in the app is not as clear as it should be, and the icon in the dock is a generic one, but perhaps these will clear on the next reboot.

adrianraper · May 2020

I meant to add this to the post...

➜ ~ codesign -d -vvv /Applications/1Password*.app
Executable=/Applications/1Password 7.app/Contents/MacOS/1Password 7
Identifier=com.agilebits.onepassword7
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=43910 flags=0x10000(runtime) hashes=1363+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=c01b95b3f3138c2f868bfe9b6772463fb4c4d989
CandidateCDHashFull sha256=c01b95b3f3138c2f868bfe9b6772463fb4c4d98939ea9de67480622558dbff92
Hash choices=sha256
CMSDigest=c01b95b3f3138c2f868bfe9b6772463fb4c4d98939ea9de67480622558dbff92
CMSDigestType=2
CDHash=c01b95b3f3138c2f868bfe9b6772463fb4c4d989
Signature size=8928
Authority=Developer ID Application: AgileBits Inc. (2BUA8C4S2C)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=6 May 2020 at 00:21:50
Info.plist=not bound
TeamIdentifier=2BUA8C4S2C
Runtime Version=10.15.0
Sealed Resources=none
Internal requirements count=1 size=220

➜ ~ open -a 1Password\ 7
LSOpenURLsWithRole() failed for the application /Applications/1Password 7.app with error -10810.

ag_ana · May 2020

@adrianraper:

The font running in the app is not as clear as it should be, and the icon in the dock is a generic one, but perhaps these will clear on the next reboot.

Can you please post a couple of screenshots of these things, so we can make sure what you are seeing?

adrianraper · May 2020

The dock icon has resolved itself. This is a screen shot of the 1password app with 1password website in the background for comparison
It is a retina display. This is not a big problem of course, I can still use the program.

ag_ana · May 2020

@adrianraper:

Thank you for the screenshot! Can you please try quitting 1Password completely (right-click on 1Password mini in the menu bar at the top right of your screen > Quit 1Password Completely), and then relaunch 1Password? Did things improve?

adrianraper · May 2020

Oh - perfect! Thank you.

ag_ana · May 2020

You are welcome @adrianraper! If you have any other questions, please feel free to reach out anytime.

Have a wonderful day :)

IamSigmund · September 2020

FYI, like adrianraper, the rebooting-in-safe-mode method didn't work for me either. I'm on Catalina 15.6 with 1Password 6.8.9. But also like adrianraper, just downloading the 6.8.9 installer and re-running it fixed the problem.

Ben · September 2020

Thanks for the data point, @IamSigmund. I'm glad to hear reinstalling resolved the issue for you.

Ben

IamSigmund · September 2020

👍

Ben · September 2020

:+1: :)

Ben

nme · November 2020

tl;dr: If you run "What's Your Sign?" it appears to fix the problem, albeit by chance.

I just ran into this issue after upgrading an older machine to High Sierra. In my case, it affected all apps downloaded from the Mac App Store. I just happen to launch 1Password first :chuffed:

Jumping into Safe Mode and poking at spctl and codesign tools from the terminal did pretty much nothing. From memory, I recall seeing error status CSSMERR_TP_CERT_REVOKED and later got the following output:

$ spctl --assess --verbose=4 /Applications/1Password.app/
/Applications/1Password.app/: accepted
source=Mac App Store

$ codesign --display --verbose=4 /Applications/1Password.app/
...
Authority=(unavailable)
Info.plist=not bound
...

The answer was literally "some magic in the OS" — honestly we're as stumped about it as you.

Seems true to me! Likely something deeply technical inside the gatekeeper or code signing verification process.

In my case, I stumbled upon a solution that appears to have fixed my problem immediately. Download and install "What's Your Sign?" by Objective-See, right click on any app from the Mac App Store (doesn't have to be 1Password), and click "Signing Info".

The first time you try this, it will complain that the app is revoked and won't have much info filled in. If you try this a second time, it will show you the signing authorities filled in. That's it! You can uninstall the app afterward. This app seems to poke Apple's security APIs in just the right way to make it start working again--something I could not do on my own from the terminal even after reading a bunch of documentation. Hooray! I had to repeat this process for each of my user accounts.

After having a quick look at the source for both What's Your Sign? and codesign, I realized:
1) There's a bunch of direct Security API stuff you can do that might not be apparent from the terminal, and
2) It's a second job to try and debug all this stuff! Better leave it to the pros.

In the end, I'm just glad it works. :smile:

ag_ana · November 2020

Thank you for all the information and for testing this @nme! And thank you also for sharing what worked for you with the community :)

And I agree, in the end I am also glad it works :)

psantora · November 2020

I'm also having this problem. I'm running the latest OS possible for my hardware - macOS High Sierra 10.13.6 (17G14042) and trying to launch 1Password 6.8.9 from the Mac App Store after a clean install of the OS.

I tried running "What's Your Sign?" as explained in the above post but that didn't help. The first time I checked there was no signing information (as expected from the above post) and the second time the signing information was populated (also as expected from the above post), but the app still wouldn't launch.

I then tried booting into safe mode and the app still won't launch (either in safe mode or after rebooting back into a normal login).

In terminal I get the following:
codesign -d -vvv /Applications/1Password*.app Executable=/Applications/1Password.app/Contents/MacOS/1Password Identifier=com.agilebits.onepassword-osx Format=app bundle with Mach-O thin (x86_64) CodeDirectory v=20200 size=29053 flags=0x200(kill) hashes=900+5 location=embedded Hash type=sha256 size=32 CandidateCDHash sha1=7c2e36f3e49714d88bb088648646d3af72126953 CandidateCDHash sha256=56fc1cea49b7926111e25a2b579db6b6ab5bd9f8 Hash choices=sha1,sha256 CDHash=56fc1cea49b7926111e25a2b579db6b6ab5bd9f8 Signature size=4605 Authority=Apple Mac OS Application Signing Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Info.plist entries=32 TeamIdentifier=2BUA8C4S2C Sealed Resources version=2 rules=13 files=2487 Internal requirements count=1 size=232

Deleting the app and reinstalling from the Mac App Store gives the same result to the codesign -d -vvv /Applications/1Password*.app command in Terminal.

Any idea on what I might be missing?

Thanks so much for the help!

psantora · November 2020

The comment I typed out about 30 min ago somehow disappeared, but hopefully it is just being reviewed. This is the crash report that gets generated after trying to launch the app:

Process:               1Password [810]
Path:                  /Applications/1Password.app/Contents/MacOS/1Password
Identifier:            com.agilebits.onepassword-osx
Version:               ???
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           1Password [810]
User ID:               502

Date/Time:             2020-11-16 11:52:20.036 -0500
OS Version:            Mac OS X 10.13.6 (17G14042)
Report Version:        12
Anonymous UUID:        68887768-6520-CBEA-0E6D-7E36A12BA1BF

Sleep/Wake UUID:       938C26ED-CA7E-4F87-84FC-F8A7732C3B31

Time Awake Since Boot: 2700 seconds
Time Since Wake:       1600 seconds

System Integrity Protection: enabled

Crashed Thread:        0

Exception Type:        EXC_CRASH (Code Signature Invalid)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace CODESIGNING, Code 0x1

kernel messages:

VM Regions Near 0 (cr2):
--> 
    __TEXT                 0000000107f16000-00000001081b4000 [ 2680K] r-x/rwx SM=COW  

Thread 0 Crashed:
0   ???                             0x000000010ba7619c _dyld_start + 0

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x0000000000000000  rcx: 0x0000000000000000  rdx: 0x0000000000000000
  rdi: 0x0000000000000000  rsi: 0x0000000000000000  rbp: 0x0000000000000000  rsp: 0x00007ffee7ce9c18
   r8: 0x0000000000000000   r9: 0x0000000000000000  r10: 0x0000000000000000  r11: 0x0000000000000000
  r12: 0x0000000000000000  r13: 0x0000000000000000  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x000000010ba7619c  rfl: 0x0000000000000200  cr2: 0x0000000000000000

Logical CPU:     0
Error Code:      0x00000000
Trap Number:     0


Binary Images:
       0x107f16000 -        0x1081b3fff +??? (0) <E40F2A4C-C1C3-3541-B521-75B07B751920> (null)
       0x10ba75000 -        0x10babfadf +??? (551.5) <CB9BFB56-4511-36F1-A546-891FF770C01C> (null)

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 1766
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=3352K resident=0K(0%) swapped_out_or_unallocated=3352K(100%)
Writable regions: Total=8408K written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=8408K(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
STACK GUARD                       56.0M        2 
Stack                             8192K        2 
__DATA                             940K        5 
__LINKEDIT                         372K        3 
__TEXT                            2980K        3 
shared memory                        8K        3 
===========                     =======  ======= 
TOTAL                             68.2M       12 

Model: MacBookAir4,1, BootROM 135.0.0.0.0, 2 processors, Intel Core i5, 1.6 GHz, 4 GB, SMC 1.74f4
Graphics: Intel HD Graphics 3000, Intel HD Graphics 3000, Built-In
Memory Module: BANK 0/DIMM0, 2 GB, DDR3, 1333 MHz, 0x80CE, 0x4D34373142353737334448302D4348392020
Memory Module: BANK 1/DIMM0, 2 GB, DDR3, 1333 MHz, 0x80CE, 0x4D34373142353737334448302D4348392020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xE9), Broadcom BCM43xx 1.0 (5.106.98.102.30)
Bluetooth: Version 6.0.7f22, 3 services, 27 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
Serial ATA Device: APPLE SSD TS128C, 121.33 GB
USB Device: USB 2.0 Bus
USB Device: FaceTime Camera (Built-in)
USB Device: Hub
USB Device: Apple Internal Keyboard / Trackpad
USB Device: BRCM20702 Hub
USB Device: Bluetooth USB Host Controller
USB Device: USB 2.0 Bus
USB Device: Hub
Thunderbolt Bus: MacBook Air, Apple Inc., 8.1

desalex · November 2020

There is a quick solution to sign any .app on macOS installing free codesign tool. Open Terminal App and execute the code to start the download and installation process of Xcode and the command line developer tools from the AppStore. Launch Xcode at least once to agree to the license.

xcode-select --install

To sign an .app file launch the Terminal and execute codesign with following parameters. You can easily drag and drop the .app from Finder to Terminal allowing you to paste the file located path. After the .app is signed you will have an option to run it as any other regular application.

codesign --force --deep --sign - /Applications/name.app

...Maybe you will need to use 'sudo' before the commands above

Good luck!!!

quickfire · November 2020

nme, it looks like I've done the same debugging as you.

I found another tool too at https://brockerhoff.net/RB/AppCheckerLite/ which for me was the one which made things all work just by checking the signing of an app. "What's my sign" did not appear to make it all work for me but this was the one which did, though the general story is the same.

For more context, the certificate that is claimed to be revoked is the one with the common name "Apple Mac OS Application Signing" that expires on 7 February 2023 with SHA1 fingerprint: “B93BDAAAF1A8846B34BA32332635CB2B84853DA8".

I found that out by:
1) Copying a broken appstore app to another mac
2) Dragging it onto RB App Checker Lite.
3) Dragging out the final cert.

4) I copied the cert back to the original Mac.
5) I dragged the cert into KeyChain Access -> System -> Certificates.
6) I saw the cert was revoked.
7) I marked the cert as trusted.

8) Rebooted just in case.
9) Ran the app with no luck.
10) Dragged the app onto a copy of RB App Checker Lite on the original Mac - saw it looked ok.
11) Ran it.

This made all other App Store apps including 1 Password work too, but not forever so I have to repeat step 10 every now and then.

Note: I think steps 1-4 could have been swapped with these steps all on the original Mac:
$ xcode-select --install
$ codesign --display --extract-certificates /Applications/1Password\ 7.app
$ mv codesigno signing-cert.cer $ open signing-cert.cer
$ open signing-cert.cer

quickfire · November 2020

nme, it looks like I've done the same debugging as you.

I found another tool too https://brockerhoff.net/RB/AppCheckerLite/ which for me was the one which made things all work just by checking the signing of an app. "What's my sign" did not appear to make it all work for me but this was the one which did, though the story is the same.

For more context, the certificate that is claimed to be revoked is the one with the common name "Apple Mac OS Application Signing" that expires on 7 February 2023 with SHA1 fingerprint: “B93BDAAAF1A8846B34BA32332635CB2B84853DA8".

I found that out by:
1) Copying a broken appstore app to another mac
2) Dragging it onto RB App Checker Lite.
3) Dragging out the final cert.

4) I copied the cert back to the original Mac.
5) I dragged the cert into KeyChain Access -> System -> Certificates.
6) I saw the cert was revoked.
7) I marked the cert as trusted.

8) Rebooted just in case.
9) Ran the app with no luck.
10) Dragged the app onto a copy of RB App Checker Lite on the original Mac - saw it looked ok.
11) Ran it.

This made all other App Store apps work too, but not forever so I have to repeat step 10 every now and then.

Note: I think steps 1-4 could have been swapped with these steps all on the original Mac:
$ xcode-select --install
$ codesign --display --extract-certificates /Applications/1Password\ 7.app
$ mv codesign0 signing-cert.cer $ open signing-cert.cer
$ open signing-cert.cer

quickfire · November 2020

psantora - Try clearing the cache of certificate revocation lists as described here https://support.globalsign.com/ssl/general-ssl/delete-crl-and-ocsp-cache

The reason the app is showing as unsigned is that this certificate below can somehow get recorded as being revoked on new 10.13.6 installs of which I have one too. The certificate is certainly not revoked as I checked the revocation list and also made an OCSP request to Apple to ask that and it came back fine.

Certificate “Apple Mac OS Application Signing”: 
    Will expire on 7 Feb 2023.
    SHA1 fingerprint: “B93BDAAAF1A8846B34BA32332635CB2B84853DA8”.
    Serial: 345231221407495159 (04CA81F77D5E33F7)

I'm trying cache clearing myself but do have a workaround if it does not work which is to make copies of the cert in question and install it into Keychain Access as fully trusted then drag an appstore app onto a tool called RB App Checker lite. This works like the way "What's your sign" worked for nme (that didn't work for me). It usually takes a few hows after using the work around for things to fail again so I won't know for sure if I've fixed things permanently or not with clearing the revocation cache.

quickfire · November 2020

nme, it looks like I've done the same debugging as you.

I found another tool too https://brockerhoff.net/RB/AppCheckerLite/ which for me was the one which made things all work just by checking the signing of an app. "What's my sign" did not appear to make it all work for me but this was the one which did, though the story is the same.

For more context, the certificate that is claimed to be revoked is the one with the common name "Apple Mac OS Application Signing" that expires on 7 February 2023 with SHA1 fingerprint: “B93BDAAAF1A8846B34BA32332635CB2B84853DA8".

I found that out by:
1) Copying a broken appstore app to another mac
2) Dragging it onto RB App Checker Lite.
3) Dragging out the final cert.

4) I copied the cert back to the original Mac.
5) I dragged the cert into KeyChain Access -> System -> Certificates.
6) I saw the cert was revoked.
7) I marked the cert as trusted.

8) Rebooted just in case.
9) Ran the app with no luck.
10) Dragged the app onto a copy of RB App Checker Lite on the original Mac - saw it looked ok.
11) Ran it.

This made all other App Store apps work too, but not forever so I have to repeat step 10 every now and then.

Note: I think steps 1-4 could have been swapped with these steps all on the original Mac:
$ xcode-select --install
$ codesign --display --extract-certificates /Applications/1Password\ 7.app
$ mv codesign0 signing-cert.cer $ open signing-cert.cer
$ open signing-cert.cer

quickfire · November 2020

EDIT: Removed duplicate post. Note my posts above are in reverse order from when I wrote them as one got stuck in moderation.

1Password 6.8.9 crashes on Catalina 10.15.4 with Termination Reason: Namespace CODESIGNING, Code 0x1

Comments