Code Signature fail in Safari/Firefox/Chrome—extension reinstalled—mini restarted [config'd Sophos]
After reading a bit, I've tried the various things that seemed to apply to my issue.
I haven't been able to get the code signature check to work since first install.
Wondering what the real issue is.
versions: OS: 10.9.4 App: 4.4.1 (441008) Extensions: 4.2.3.90 (Chrome), 4.2.3 (Safari & Firefox)
No 'protection' preventing local communication.
As noted in the subject. I've re-installed the extension, and I've restarted the mini app.
Seeing the codesign CLI notes in another post, I thought I'd give it a try.
Looks like Safari is hosed?? But the other 2 seem to pass; if I read this correctly.
$ codesign -dvvv /Applications/Safari.app/ Executable=/Applications/Safari.app/Contents/MacOS/Safari Identifier=com.apple.Safari Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20100 size=225 flags=0x0(none) hashes=3+5 location=embedded Hash type=sha1 size=20 CDHash=be538fdf23ab8806fb9f66251eb7f0ad3718de4b Signature size=4097 Authority=Software Signing Authority=Apple Code Signing Certification Authority Authority=Apple Root CA Info.plist entries=36 TeamIdentifier=not set Sealed Resources version=2 rules=16 files=397 Internal requirements count=2 size=112 $ codesign -vvv /Applications/Safari.app/ --validated:/Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment /Applications/Safari.app/: a sealed resource is missing or invalid file modified: /Applications/Safari.app/Contents/Resources/English.lproj/InfoPlist.strings file modified: /Applications/Safari.app/Contents/Resources/English.lproj/ServicesMenu.strings $ codesign -dvvv /Applications/Firefox.app/ Executable=/Applications/Firefox.app/Contents/MacOS/firefox Identifier=org.mozilla.firefox Format=bundle with Mach-O universal (i386 x86_64) CodeDirectory v=20100 size=228 flags=0x0(none) hashes=5+3 location=embedded Hash type=sha1 size=20 CDHash=15d0f5de1e12c1794d63e3222fa81bd5d1865f5b Signature size=4232 Authority=Developer ID Application: Mozilla Corporation Authority=Developer ID Certification Authority Authority=Apple Root CA Signed Time=Jun 5, 2014, 7:29:18 PM Info.plist entries=20 TeamIdentifier=not set Sealed Resources version=1 rules=13 files=105 Internal requirements count=2 size=356 $ codesign -vvv /Applications/Firefox.app/ /Applications/Firefox.app/: valid on disk /Applications/Firefox.app/: satisfies its Designated Requirement $ codesign -dvvv /Applications/Google\ Chrome.app/ Executable=/Applications/Google Chrome.app/Contents/MacOS/Google Chrome Identifier=com.google.Chrome Format=bundle with Mach-O thin (i386) CodeDirectory v=20100 size=186 flags=0x0(none) hashes=3+3 location=embedded Hash type=sha1 size=20 CDHash=0d155dfb78c654a46329dd69e137859dbbbc9899 Signature size=8508 Authority=Developer ID Application: Google Inc. Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Jul 15, 2014, 2:36:29 PM Info.plist entries=33 TeamIdentifier=not set Sealed Resources version=1 rules=9 files=221 Internal requirements count=1 size=132 $ codesign -vvv /Applications/Google\ Chrome.app/ /Applications/Google Chrome.app/: valid on disk /Applications/Google Chrome.app/: satisfies its Designated Requirement
Comments
-
As of 24 hours ago, I am seeing these errors on Chrome, Safari and Firefox. The message that appears is:
Browser Code Signature Validation
Cannot Fill Item in Web Browser
Web Browser is connected but its code signature could not be verified. Filling and other features are disabled until this configuration issue is resolved.
Is this a known problem related to Sophos?
0 -
Hi @MetroEast,
That codesign output looks okay to me so apparently there's something else causing the problem you're having. We'd like to get a better look "under the hood" to find out what it is and help you fix it …
Please send us a Diagnostics Report from your Mac, along with a link to this topic and your forum username, to support+forum@agilebits.com. A brief comment here mentioning that you've sent the report would also be helpful so we can keep an extra eye open for its arrival. :)
Thanks!
0 -
Hi @mscohen,
If you happen to have Sophos Antivirus software running, please take a look at @JasperP's post here for details about configuring Sophos:
Sophos has acknowledged it as a defect (in their software):
This has been logged as a defect, so we are aware of it and are investigating further.
And if that's not the case, please email us a Diagnostics Report just like I mentioned in my reply to @MetroEast and we'll help get your problem resolved, too. :)
Thanks!
0 -
Well... Mea Cupla!!
Now I get to reveal my ignorance with the software I have installed on my own computer. Wow.
Yes, I have Sophos (ridiculously obvious once I ran the Report, and reviewed it.)
The suggestion to config Sophos around the issue, works fine.One question:
Are there any security concerns regarding allowing 127.0.0.1 ???To repeat... I thought I did not have Sophos, and I do, and that was the issue.
Very embarrassing, yet predictable I suppose.My apologies for burning your time on this.
0 -
Hi @MetroEast,
I'm glad to hear that fixed it. :)
I'm not aware of any specific security issues with 127.0.0.1 (localhost) allowed. Some of our customers did contact Sophos, and told us that Sophos told them to whitelist the 127.0.0.x address. Also, in the link @sjk included above, Sophos support stated:
This has been logged as a defect, so we are aware of it and are investigating further.
The workaround that you have employed [whitelisting 127.0.0.1] is effective.Please let us know if you have any other questions.
0 -
Really appreciate your reiteration of those details here. I missed the comment from Sophos.
It's been a long week. In fact the last month was pretty full. The last fiscal year was pretty stuffed as well.
I think I'm trying to say, "I've been very busy." 8^)»Your time is much appreciated. (Can we amend the topic? "actually, yes Sophos.")
0 -
No worries, @MetroEast. Glad my response to @mscohen about Sophos turned out to be helpful for you!
(Can we amend the topic? "actually, yes Sophos.")
Done… sort of. :)
0
