Install Error (7.0.7) - "Code Signature Invalid"

SGinAZ

Hi,

Attempting to install 7.0.7 downloaded directly from the website today but it is failing. Error report (below) indicates a code signing error. On the latest version of OS X with current updates and a clean reboot.

Please advise.

Thanks!

****** Error Report ******

Process: 1Password 7 [1365]
Path: /Applications/1Password 7.app/Contents/MacOS/1Password 7
Identifier: com.agilebits.onepassword7
Version: ???
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: 1Password 7 [1365]
User ID:

Date/Time: 2018-07-20 15:56:43.785 -0700
OS Version: Mac OS X 10.13.6 (17G65)
Report Version: 12
Anonymous UUID:

Time Awake Since Boot: 1600 seconds

System Integrity Protection: enabled

Crashed Thread: 0

Exception Type: EXC_CRASH (Code Signature Invalid)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: Namespace CODESIGNING, Code 0x1

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

JadC

Hi @SGinAZ, are you running any sort of web protection software (e.g. software that can interfere with installations)? We have seen similar issues occur when using the software k9filter (Blue Coat K9 Web Protection).

If not, please try running this command in Terminal.app: codesign -d -vvvv /Applications/1Password\ 7.app. You should see output similar to this:

Executable=/Applications/1Password 7.app/Contents/MacOS/1Password 7
Identifier=com.agilebits.onepassword7
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=67494 flags=0x10000(runtime) hashes=2100+5 location=embedded
VersionPlatform=1
VersionMin=658438
VersionSDK=658944
Hash type=sha256 size=32
CandidateCDHash sha256=58e70912ff9980dd26e5ae5fa6af6ee1566c49ec
Hash choices=sha256
Page size=4096
CDHash=58e70912ff9980dd26e5ae5fa6af6ee1566c49ec
Signature size=8928
Authority=Developer ID Application: AgileBits Inc. (2BUA8C4S2C)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jul 23, 2018 at 12:45:47 AM
Info.plist entries=35
TeamIdentifier=2BUA8C4S2C
Runtime Version=10.14.0
Sealed Resources version=2 rules=13 files=3061
Internal requirements count=1 size=220

Verify that the following are the same: TeamIdentifier=2BUA8C4S2C, Authority=Apple Root CA, and Authority=Developer ID Application: AgileBits Inc. (2BUA8C4S2C).

Please let us know if the verification steps succeed so we can proceed from here.

ref: YZE-33243-952

SGinAZ

Thanks for your reply. I am running Blue Coat K9 on my system. I entered Supervisor mode in K9 to allow all access and the install generated the same error as before. I checked the values specified above and they match what you have posted.

Are there specific domains/URLs called by the install that URL filtering might be blocking (and available to whitelist)?

AGAlumB

@SGinAZ: The 1Password installer doesn't have network component. You'd only need a connection when using the in-app updater. And regardless none of that would have an effect on the macOS code signature check. However, one thing we see fairly regularly with "security" software is that it installs itself as a root certificate authority, which can wreak havoc with secure connections (rather, it breaks them). It's not impossible that a self-legitimized (for want of a better term) CA could break the code signature check.

Are you seeing output different than Jad and I when using codesign -d -vvvv /Applications/1Password\ 7.app?

If you run codesign -d --verify --verbose=3 /Applications/1Password\ 7.app, what are the last two lines you get in response?

SGinAZ

Here is output from the first command:

Executable=/Applications/1Password 7.app/Contents/MacOS/1Password 7
Identifier=com.agilebits.onepassword7
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=45210 flags=0x0(none) hashes=1405+5 location=embedded
VersionPlatform=1
VersionMin=658438
VersionSDK=658688
Hash type=sha256 size=32
CandidateCDHash sha256=0e2a03dc3763ee4b823a3b94b73fe50c2cb19246
Hash choices=sha256
Page size=4096
CDHash=0e2a03dc3763ee4b823a3b94b73fe50c2cb19246
Signature size=8866
Authority=Developer ID Application: AgileBits Inc. (2BUA8C4S2C)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jul 1, 2018 at 6:36:06 AM
Info.plist entries=35
TeamIdentifier=2BUA8C4S2C
Sealed Resources version=2 rules=13 files=3059
Internal requirements count=1 size=220

Last two lines from the second command output:

/Applications/1Password 7.app: valid on disk
/Applications/1Password 7.app: satisfies its Designated Requirement

AGAlumB

@SGinAZ: Jeez. That's identical to what I'm seeing. I just don't know why the check would fail only on your system when it works on everyone else's. The only difference you've mentioned is K9, but I don't know enough about that to say what impact that might have. There's got to be something causing this though. If you boot into safe mode, does it work properly there?

ref: YZE-33243-952

SGinAZ

Hi Guys. Sorry for the delay but I was unable to work on this yesterday. I booted into Safe mode this afternoon and the install completed successfully. Thanks for the assist and suggestion. Looks like I'm good to go. :)

AGAlumB

That's a relief! Thanks for the update. Glad to hear that helped. :)