Ever get this firewall box every time you turn on your mac?
Apparently this is due to how the OS X firewall interacts with codesigning applications. If you click Allow for an unsigned application, the firewall signs the app for you there and then, (so nefarious people can’t then just swap out the application you gave permission for). However, since Mavericks, if the app bundle contains unsigned or incorrectly signed frameworks, the firewall’s codesign fails, and the firewall falls back to prompting you on every boot. Older apps containing frameworks with incorrect signing (or using an old codesign format) may start show this firewall problem. The solution is to wait for an app update to fix the codesigning. Or if you’re impatient, or the app isn’t receiving updates anymore, you can just sign the bundles yourself: In my example, the app itself was not signed, but one of the frameworks inside was signed with an ‘obsolete resource envelope’
codesign -vvvv /Applications/Bowtie.app /Applications/Bowtie.app/: code object is not signed at all codesign -vvvv /Applications/Bowtie.app/Contents/Frameworks/* /Applications/Bowtie.app/Contents/Frameworks/Growl.framework: resource envelope is obsolete
The fix is to sign all the frameworks inside, and then then the bundle itself. If the app contains other bundles, eg. helper applications or plugins, sign these too.
codesign -s - -f /Applications/Bowtie.app/Contents/Frameworks/* /Applications/Bowtie.app/Contents/Frameworks/Growl.framework: replacing existing signature codesign -s - -f /Applications/Bowtie.app/ /Applications/Bowtie.app/: replacing existing signature
Now the codesign is valid, and the firewall prompt will stop pestering us. Problem solved.
codesign -vvvv /Applications/Bowtie.app/ codesign -vvvv /Applications/Bowtie.app/ --prepared:/Applications/Bowtie.app/Contents/Frameworks/Growl.framework/Versions/Current/. --validated:/Applications/Bowtie.app/Contents/Frameworks/Growl.framework/Versions/Current/. --prepared:/Applications/Bowtie.app/Contents/Frameworks/Scribbler.framework/Versions/Current/. --validated:/Applications/Bowtie.app/Contents/Frameworks/Scribbler.framework/Versions/Current/. --prepared:/Applications/Bowtie.app/Contents/Frameworks/ShortcutRecorder.framework/Versions/Current/. --validated:/Applications/Bowtie.app/Contents/Frameworks/ShortcutRecorder.framework/Versions/Current/. --prepared:/Applications/Bowtie.app/Contents/Frameworks/Sparkle.framework/Versions/Current/. --validated:/Applications/Bowtie.app/Contents/Frameworks/Sparkle.framework/Versions/Current/. --prepared:/Applications/Bowtie.app/Contents/Frameworks/YAJL.framework/Versions/Current/. --validated:/Applications/Bowtie.app/Contents/Frameworks/YAJL.framework/Versions/Current/. /Applications/Bowtie.app/: valid on disk /Applications/Bowtie.app/: satisfies its Designated Requirement