[SmartcardServices-Dev] Signed Installer posted for OS X El Capitan v10.11
Thomas Harning Jr.
harningt at gmail.com
Thu Oct 1 08:44:20 PDT 2015
Thanks. Is there any documentation available that shows where the new
tokend installations should go?
Does this installation location happen to work for older OSX versions, or
is the location only scanned by OSX 10.11? If this location is only for
newer versions of OSX, this complicates things for users that install an
application on 10.10 or earlier and come to OSX 10.11 to discover their
TokenD was obliterated.
Smart card development for OSX seems to be a particularly dark art. By
chance are there any samples of TokenD modules written using Apple's new
blessed token API - the asynchronous nature of the new API seems to be in
conflict with TokenD API specifications.
On Thu, Oct 1, 2015 at 11:17 AM Shawn A. Geddis <geddis at apple.com> wrote:
> Signed Installer posted for OS X El Capitan v10.11
> <https://smartcardservices.macosforge.org/post/signed-installer-posted-for-os-x-el-capitan-v1011/>
> 2015-10-01
>
> Installer posted for OS X El Capitan v10.11.
>
> This SmartCardServices Installer provides the Tokend bundles and
> cacloginconfig.plist for installation on your OS X El Capitan systems.
>
> Starting with today's (1 Oct 2015) release of the installer for OS X El
> Capitan v10.11, we are digitally signing the Installer and Tokend bundles
> for integrity assurance. The installer will be recognized and install
> properly with Gatekeeper set to default or higher and, on El Capitan, are
> installed in a new location "/ Library / Security / tokend" to work with
> System Integrity Protection (SIP) enabled.
>
> ____________________________________________________________________________________
>
> *NOTE:* Installer and Tokend bundles from this project are now digitally
> signed. Older installers (ie. for v10.10, v10.9, ...) will be re-posted,
> incremented to v2.1, and digitally signed. The installation location will
> remain as they were on the respective OS releases.
>
> ____________________________________________________________________________________
>
> You should verify the integrity of the Tokend(s) you have installed by
> verifying the digital signature using the following command in Terminal:
> $ codesign -dvvvv /Library/Security/tokend/<nameoftoken>.tokend
>
> for example:
> $ codesign -dvvvv /Library/Security/tokend/PIV.tokend
>
> Your results should be similar to the following:
>
> $ *codesign -dvvvv /Library/Security/tokend/PIV.tokend/*
>
> *Executable=/Library/Security/tokend/PIV.tokend/Contents/MacOS/PIV*
>
> *Identifier=org.macosforge.smartcardservices.tokend.piv*
>
> *Format=bundle with Mach-O thin (x86_64)*
>
> *CodeDirectory v=20200 size=1307 flags=0x0(none) hashes=57+3
> location=embedded*
>
> *Hash type=sha1 size=20*
>
> *CDHash=9211409073a5f9034a523b891918cbf8030a6b84*
>
> *Signature size=4349*
>
> *Authority=Mac Developer: Shawn Geddis (6NSF8PH78P)*
>
> *Authority=Apple Worldwide Developer Relations Certification Authority*
>
> *Authority=Apple Root CA*
>
> *Signed Time=Sep 29, 2015, 9:06:58 PM*
>
> *Info.plist entries=9*
>
> *TeamIdentifier=L2L8FX9AEK*
>
> *Sealed Resources version=2 rules=12 files=5*
>
> *Internal requirements count=1 size=92*
>
> To ensure you have the original installer posted here and not one that has
> been modified, please also verify the SHA-256 hash of the .zip you download
> against the hash posted for the corresponding installer from the installers
> download page.
>
> http://smartcardservices.macosforge.org/trac/wiki/installers/
> <https://smartcardservices.macosforge.org/trac/wiki/installers>
> ------------------------------
>
> Recall, we also post installers under a “Current” Static URL as well.
>
> *SmartCard Services "Current"* - Most recent Installer (i.e v2.1.0 for OS
> X El Capitan v10.11)
>
> http://smartcardservices.macosforge.org/files/installers/SCS-Current.zip
> <https://smartcardservices.macosforge.org/files/installers/SCS-Current.zip>
> ------------------------------
>
> The static URL for the most recent installer versions corresponding to
> each major release of OS X follows the format:
>
> *http://smartcardservices.macosforge.org/files/installers/SCS-XX.YY-Current.zip
> <http://smartcardservices.macosforge.org/files/installers/SCS-XX.YY-Current.zip>*
>
> *XX* - 10
>
> *YY* - Major Release (i.e '09' for OS X Mavericks v10.9)
>
> - "Current - OS X El Capitan v10.11
> <https://smartcardservices.macosforge.org/files/installers/SCS-10.11-Current.zip>
> ”
> - "Current - OS X Yosemite v10.10
> <https://smartcardservices.macosforge.org/files/installers/SCS-10.10-Current.zip>
> ”
> - "Current - OS X Mavericks v10.9
> <https://smartcardservices.macosforge.org/files/installers/SCS-10.09-Current.zip>
> ”
> - "Current - OS X Mountain Lion v10.8
> <https://smartcardservices.macosforge.org/files/installers/SCS-10.08-Current.zip>
> ”
> - "Current - OS X Lion v10.7
> <https://smartcardservices.macosforge.org/files/installers/SCS-10.07-Current.zip>
> ”
> - "Current - OS X Snow Leopard v10.6"
> <https://smartcardservices.macosforge.org/files/installers/SCS-10.06-Current.zip>
>
>
> - Shawn
> _____________________________________________________________________
> Shawn Geddis geddis at {Mac | Me | iCloud} dot com
> Security and Certifications Engineer, Apple geddis at {apple}
> dot com
>
> Smart Card Services Project/Dev Lead:
>
> Project Wiki: [SmartCardServices.MacOSFforge.Org]
> Mailing Lists: [Lists.MacOSForge.Org/mailman/listinfo
> <http://lists.macosforge.org/mailman/listinfo>]
> SCS Contact: [scs-cotact at macosforge.org]
> SCS Admin: [scs-admin at macosforge.org]
> _____________________________________________________________________
>
> _______________________________________________
> SmartcardServices-Dev mailing list
> SmartcardServices-Dev at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/smartcardservices-dev/attachments/20151001/38a10ebc/attachment-0001.html>
More information about the SmartcardServices-Dev
mailing list