Sign dmg on macOS with packager

[molnard]

This PR integrates the mac signing into our existing packager procedure.

Following facts adds complexity and somethings to keep in mind:

• Mac signing and notarization can only be made on macintosh.
• Creating MSI for windows installation can only be made on windows.
• Binaries for all platforms have to be compiled on the same OS to ensure deterministic build - preferably on windows.

After this PR packing procedure will change:

1. Run the packager.
2. Copy Wasabi-osx-1.1.1.1.zip from windows to macOS desktop.
3. Run the packager on macOS.
4. Copy the final dmg from mac to windows back to dist library.
5. Run the packager in DoSign mode.
6. Ready to upload release.

Fixes: #958
Fixes: #2696
Related: #726

[molnard]

My App works fine before codesign.
After codesign I cannot start the app. I go to the executable file and try to run directly and I get the following error:
Failed to create CoreCLR, HRESULT: 0x80004005

Details of the error:
export COREHOST_TRACE=1
https://gist.github.com/molnard/9c9227df804eea2773e70b4aca8a0588

UPDATE
Spent several hours without results, so I decided to try another mac. I used the same code, same source and it is generating a working app after signing. So I created another user profile on my mac and now it is working stable.

[molnard]

Guys here is something to test. USE ONLY FOR TESTING, and this is a temporary link!

https://github.com/molnard/WalletWasabi/releases/download/macsign/Wasabi-1.1.10.2.dmg

Please test it and let me know ur impressions!
@lontivero @danwalmsley @simonebovi

Test vectors:

• Gatekeeper should pass.
• Are there any dialogs still during the installation?
• Starting Wasabi for the first time right after the installation? Is it working or only for the second time?

DO NOT FORGET TO REINSTALL THE LATEST STABLE VERSION AFTER TESTING!

[ghost]

Hi @molnard,
weird behavior here.

No Gatekeeper or any other dialog/error message during the installation.

However, after the first right click to Wasabi.app -> Open, the app closes automatically after few seconds. The second time and onwards everything works fine though.

Hope this helps.

[molnard]

On @lontivero mac there is still a popup without the Open button. So I investigated and got this:
EDIT: I mistakenly wrote context:preliminary-signature => context:primary-signature
spctl -a -t open --context context:preliminary-signature -v Wasabi-1.1.10.2.dmg

Wasabi-1.1.10.2.dmg: accepted
source=Notarized Developer ID

codesign -dv --verbose=4 Wasabi-1.1.10.2.dmg

Executable=/Users/release/Desktop/Wasabi-1.1.10.2.dmg
Identifier=Wasabi-1
Format=disk image
CodeDirectory v=20200 size=296 flags=0x10000(runtime) hashes=1+6 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=3fbd3e3b3873d201ed9cb915d8336636f62f34d3
CandidateCDHashFull sha256=3fbd3e3b3873d201ed9cb915d8336636f62f34d35111e26e839fe39a612e5570
Hash choices=sha256
CMSDigest=3fbd3e3b3873d201ed9cb915d8336636f62f34d35111e26e839fe39a612e5570
CMSDigestType=2
Page size=none
CDHash=3fbd3e3b3873d201ed9cb915d8336636f62f34d3
Signature size=8977
Authority=Developer ID Application: zkSNACKs Ltd. (L233B2JQ68)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=2020. Jan 9. 15:40:01
Info.plist=not bound
TeamIdentifier=L233B2JQ68
Sealed Resources=none
Internal requirements count=1 size=168

https://developer.apple.com/library/archive/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG18

[lontivero]

Just for the record.

1. Download the .dmg file
2. Double-click on it
3. Get error message "Can’t be opened because Apple cannot check it for malicious software"
4. Close the error message.
5. Right-click on .dmg file, select Open in the context menu
6. The installer opens fine without error.
7. Search Wasabi in the Spotlight search and open it.
8. An small window appears saying "Verifying Wasabi"
9. A new popup windows appears with message "“Wasabi Wallet” is an app downloaded from the Internet. Are you sure you want to open it?"
10. Press Ok and wasabi opens just well.

[molnard]

According to our depenedency-policy (no dependencies) and @MitchellCash's suggestion tomorrow I will try to remove create-dmg dep and use mac's hdiutil.

[molnard]

Started the preparation of App Store deployment. I will do in a separate PR but what needs to be fixed for that in the APP should be done now.
I use the command:
xcrun altool --validate-app -f "Wasabi Wallet.zip" -t osx

• Do not use -deep option at signing. It is not recommended
• Use sandbox on executables. bitcoind, hwi, wassabee
• Remove the 4th version number
• The application bundle does not contain an icon in ICNS format, containing both a 512x512 and a 512x512@2x image.
• Remove [Minimum OS version] (https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html) causing: The Info.plist indicates an iOS app, but submitting a pkg or mpkg.
• Create pkg for App Store Distribution
• Use altool to upload to App Store
• Check general list of to do
• Remove create-dmg dependency

[lontivero]

Mostly questions.

[lontivero]

It could be convenient to check the ErrorCode before continuing.

[lontivero]

Here again I would check the ErrorCode. I know we are checking the standard output but if there is a problem it doesn't make sense to wait those 4 seconds.

[molnard]

@think222 I have sandboxed Wasabi. However now I get:

Do you have any idea how to solve this?

Process:               wassabee [4789]
Path:                  /Users/USER/Desktop/*/Wasabi Wallet.app/Contents/MacOS/wassabee
Identifier:            zksnacks.wasabiwallet
Version:               1.1.10 (1.1.10)
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           wassabee [4789]
User ID:               503

Date/Time:             2020-01-11 15:18:25.259 +0100
OS Version:            Mac OS X 10.15.2 (19C57)
Report Version:        12
Anonymous UUID:        C79F51FE-2AE6-9768-EC91-1F5E7F1D04DC

Sleep/Wake UUID:       BB9059D0-3639-4983-88B1-DB72F40089CF

Time Awake Since Boot: 8200 seconds
Time Since Wake:       6000 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Application Specific Information:
abort() called
rdar://problem/28724618 Couldn't create connection object
<rdar://problem/28724618> Process unable to create connection because the sandbox denied the right to lookup com.apple.coreservices.launchservicesd and so this process cannot talk to launchservicesd.
XPC_ERROR_CONNECTION_INVALID from launchservice
_RegisterApplication(), unable to get application ASN from launchservicesd, and this application requires an ASN, so aborting.  error=#-1.
 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff6993e7fa __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff69a00bc1 pthread_kill + 432
2   libsystem_c.dylib             	0x00007fff698c5a1c abort + 120

entitlements file for executables:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.cs.allow-jit</key>
	<true/>
	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
	<true/>
	<key>com.apple.security.cs.allow-dyld-environment-variables</key>
	<true/>
	<key>com.apple.security.cs.disable-library-validation</key>
	<true/>
	<key>com.apple.security.app-sandbox</key>
	<true/>
	<key>com.apple.security.application-groups</key>
	<array>
		<string>L233B2JQ68</string>
	</array>
	<key>com.apple.security.network.client</key>
	<true/>
	<key>com.apple.security.network.server</key>
	<true/>
	<key>com.apple.security.inherit</key>
	<true/>
</dict>
</plist>

[molnard]

I am using: Developer ID Application: zkSNACKs Ltd. (L233B2JQ68)

Maybe something to do with this: https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW29

[molnard]

Opened an issue about this here: https://forums.developer.apple.com/message/401928

[nopara73]

It doesn't let me see the forums without registration, which it doesn't let me do due to "unkown error", so try to keep us up to date.

[danwalmsley]

@molnard iv been informed by @kekekeks that latest OSX not only requires app bundle to be signed, but also notorised by Apple in order for them to run without issue, is this the missing step?

It involves sending the bundle to apple for them to check it.

[molnard]

Yes, I did that and it is working. I have also added the thing called sandbox which is also required. Wasabi signed and notarized properly without any issues BUT when try to run it I get this. I am sure it is related to sandboxing. Anyway thx I am open to any idea.

rdar://problem/28724618 Couldn't create connection object
<rdar://problem/28724618> Process unable to create connection because the sandbox denied the right to lookup com.apple.coreservices.launchservicesd and so this process cannot talk to launchservicesd.
XPC_ERROR_CONNECTION_INVALID from launchservice
_RegisterApplication(), unable to get application ASN from launchservicesd, and this application requires an ASN, so aborting.  error=#-1.

[molnard]

I am getting into a serious githell... :D

[nopara73]

It's ok, this PR will have to be broken down to <XXL PRs anyway. So you may want to start with that.