Code Signature fail in Safari/Firefox/Chrome—extension reinstalled—mini restarted [config'd Sophos]

MetroEast
MetroEast
Community Member
edited July 2014 in Mac

After reading a bit, I've tried the various things that seemed to apply to my issue.
I haven't been able to get the code signature check to work since first install.
Wondering what the real issue is.

versions:
OS:  10.9.4
App:  4.4.1 (441008)
Extensions:  4.2.3.90 (Chrome), 4.2.3 (Safari & Firefox)

No 'protection' preventing local communication.

As noted in the subject. I've re-installed the extension, and I've restarted the mini app.

Seeing the codesign CLI notes in another post, I thought I'd give it a try.
Looks like Safari is hosed?? But the other 2 seem to pass; if I read this correctly.

 $ codesign -dvvv /Applications/Safari.app/
Executable=/Applications/Safari.app/Contents/MacOS/Safari
Identifier=com.apple.Safari
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=225 flags=0x0(none) hashes=3+5 location=embedded
Hash type=sha1 size=20
CDHash=be538fdf23ab8806fb9f66251eb7f0ad3718de4b
Signature size=4097
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA
Info.plist entries=36
TeamIdentifier=not set
Sealed Resources version=2 rules=16 files=397
Internal requirements count=2 size=112

 $ codesign -vvv /Applications/Safari.app/
--validated:/Applications/Safari.app/Contents/MacOS/SafariForWebKitDevelopment
/Applications/Safari.app/: a sealed resource is missing or invalid
file modified: /Applications/Safari.app/Contents/Resources/English.lproj/InfoPlist.strings
file modified: /Applications/Safari.app/Contents/Resources/English.lproj/ServicesMenu.strings

 $ codesign -dvvv /Applications/Firefox.app/
Executable=/Applications/Firefox.app/Contents/MacOS/firefox
Identifier=org.mozilla.firefox
Format=bundle with Mach-O universal (i386 x86_64)
CodeDirectory v=20100 size=228 flags=0x0(none) hashes=5+3 location=embedded
Hash type=sha1 size=20
CDHash=15d0f5de1e12c1794d63e3222fa81bd5d1865f5b
Signature size=4232
Authority=Developer ID Application: Mozilla Corporation
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Signed Time=Jun 5, 2014, 7:29:18 PM
Info.plist entries=20
TeamIdentifier=not set
Sealed Resources version=1 rules=13 files=105
Internal requirements count=2 size=356

 $ codesign -vvv /Applications/Firefox.app/
/Applications/Firefox.app/: valid on disk
/Applications/Firefox.app/: satisfies its Designated Requirement

 $ codesign -dvvv /Applications/Google\ Chrome.app/
Executable=/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
Identifier=com.google.Chrome
Format=bundle with Mach-O thin (i386)
CodeDirectory v=20100 size=186 flags=0x0(none) hashes=3+3 location=embedded
Hash type=sha1 size=20
CDHash=0d155dfb78c654a46329dd69e137859dbbbc9899
Signature size=8508
Authority=Developer ID Application: Google Inc.
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jul 15, 2014, 2:36:29 PM
Info.plist entries=33
TeamIdentifier=not set
Sealed Resources version=1 rules=9 files=221
Internal requirements count=1 size=132

 $ codesign -vvv /Applications/Google\ Chrome.app/
/Applications/Google Chrome.app/: valid on disk
/Applications/Google Chrome.app/: satisfies its Designated Requirement

Comments

  • mscohen
    mscohen
    Community Member

    As of 24 hours ago, I am seeing these errors on Chrome, Safari and Firefox. The message that appears is:

    Browser Code Signature Validation

    Cannot Fill Item in Web Browser

    Web Browser is connected but its code signature could not be verified. Filling and other features are disabled until this configuration issue is resolved.

    Is this a known problem related to Sophos?

  • sjk
    sjk
    1Password Alumni

    Hi @MetroEast,

    That codesign output looks okay to me so apparently there's something else causing the problem you're having. We'd like to get a better look "under the hood" to find out what it is and help you fix it …

    Please send us a Diagnostics Report from your Mac, along with a link to this topic and your forum username, to support+forum@agilebits.com. A brief comment here mentioning that you've sent the report would also be helpful so we can keep an extra eye open for its arrival. :)

    Thanks!

  • sjk
    sjk
    1Password Alumni
    edited July 2014

    Hi @mscohen,

    If you happen to have Sophos Antivirus software running, please take a look at @JasperP's post here for details about configuring Sophos:

    Proven Solution (post #33)

    Sophos has acknowledged it as a defect (in their software):

    This has been logged as a defect, so we are aware of it and are investigating further.

    And if that's not the case, please email us a Diagnostics Report just like I mentioned in my reply to @MetroEast and we'll help get your problem resolved, too. :)

    Thanks!

  • MetroEast
    MetroEast
    Community Member
    edited July 2014

    Well... Mea Cupla!!

    Now I get to reveal my ignorance with the software I have installed on my own computer. Wow.

    Yes, I have Sophos (ridiculously obvious once I ran the Report, and reviewed it.)
    The suggestion to config Sophos around the issue, works fine.

    One question:
    Are there any security concerns regarding allowing 127.0.0.1 ???

    To repeat... I thought I did not have Sophos, and I do, and that was the issue.
    Very embarrassing, yet predictable I suppose.

    My apologies for burning your time on this.

  • Jasper
    edited July 2014

    Hi @MetroEast,

    I'm glad to hear that fixed it. :)

    I'm not aware of any specific security issues with 127.0.0.1 (localhost) allowed. Some of our customers did contact Sophos, and told us that Sophos told them to whitelist the 127.0.0.x address. Also, in the link @sjk included above, Sophos support stated:

    This has been logged as a defect, so we are aware of it and are investigating further.

    The workaround that you have employed [whitelisting 127.0.0.1] is effective.

    Please let us know if you have any other questions.

  • MetroEast
    MetroEast
    Community Member
    edited July 2014

    Really appreciate your reiteration of those details here. I missed the comment from Sophos.

    It's been a long week. In fact the last month was pretty full. The last fiscal year was pretty stuffed as well.
    I think I'm trying to say, "I've been very busy." 8^)»

    Your time is much appreciated. (Can we amend the topic? "actually, yes Sophos.")

  • sjk
    sjk
    1Password Alumni

    No worries, @MetroEast. Glad my response to @mscohen about Sophos turned out to be helpful for you!

    (Can we amend the topic? "actually, yes Sophos.")

    Done… sort of. :)

This discussion has been closed.