Help

QuickAdd package signed, but doesn't pass Safari check

mgoralski
New Contributor II

Posted on ‎05-23-2016 08:38 AM

Safari includes the option to "Open 'safe' files after downloading" which one would assume includes signed QuickAdd.pkg files. Sadly not as when it tries to autorun my signed .pkg, it fails with the standard "Cannot open because this app is from an unidentified developer" - but works fine when opened from the Downloads folder in the Finder.

The big question is who else has seen this behavior? I've noticed it on several Macs at this point, but it seems to be limited to Safari on 10.11.4 and up from what I've seen. Very curious to hear what others are experiencing.

0 Kudos
4 REPLIES 4

iMatthewCM
Contributor II
Contributor II

Posted on ‎05-23-2016 09:26 AM

Hey mgoralski,

I had this issue with my own personal computer, and the following fixed it:

Navigate to: ~/Library/Preferences
Create a new document, or edit if already exists: com.apple.DownloadAssessment.plist

Put this stuff in there:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> 
 <key>LSRiskCategorySafe</key> 
<dict> 
 <key>LSRiskCategoryExtensions</key> 
<array> 
 <string>pkg</string> 
 </array> 
 </dict> 
 </dict> 
</plist>

I hope that helps :) Please be careful when altering system files like this, and always test :)

0 Kudos

mgoralski
New Contributor II

Posted on ‎05-24-2016 11:03 AM

Thanks for the reply. The fix makes sense, but we're still stuck with the problem of the enrollment package being flagged as insecure before the machine is enrolled. I daresay JAMF needs to change the way the .pkg is signed.

0 Kudos

iMatthewCM
Contributor II
Contributor II

Posted on ‎05-24-2016 11:41 AM

Totally understandable. I think the issue is more what Safari thinks is a "Safe" file, I'm not sure it has much to do with signed or unsigned. So what this does is say, "Hey Safari, this file format is cool. If you find something terrible in the file, block it, but otherwise, we're all good here."

0 Kudos

mgoralski
New Contributor II

Posted on ‎05-24-2016 01:17 PM

As we know all to well, these types of problem usually boil down to Apple -vs- 3rd Party Vendor. I'd like to know (wouldn't we all) whether this boils down to a problem with Safari or the JSS. I'm inclined to think Safari. Key to this is the difference between Safari's check of the .pkg and OS X's check. They obviously differ, but how?

0 Kudos