Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
R 3.5.3 macOS binary not signed?
12 messages · Marc Schwartz, Peter Dalgaard, Dr Eberhard W Lisse +2 more
Try from the commandline sudo spctl --master-disable and then install the package el Sent from Dr Lisse's iPad mini 4
On 14 Mar 2019, 21:18 +0900, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org>, wrote:
Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Hi, I am aware of the workaround, both from the CLI and via System Preferences. The question is more about confirming that the binary is valid and from a source that is trusted, which is the point of digitally signing binaries as a trusted Apple developer. Thanks, Marc
On Mar 14, 2019, at 8:43 AM, Dr Eberhard W Lisse <el at lisse.na> wrote: Try from the commandline sudo spctl --master-disable and then install the package el Sent from Dr Lisse's iPad mini 4 On 14 Mar 2019, 21:18 +0900, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org>, wrote:
Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
[[alternative HTML version deleted]]
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Marc, thanks, I'm glad that at least someone pays attention and checks the signature ;). I'm surprised my machine didn't raise a flag - I did test the image locally from the master URL before releasing. I have now updated the package to be signed, it is identical content, just signed. You can get is from the Mac master server https://mac.R-project.org/bin/macosx now and other CRAN servers will sync in due time. Thanks, Simon
On Mar 14, 2019, at 8:18 AM, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org> wrote: Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Very, very, very bad idea - never ever do that unless you're really happy to infest your machine with nice viruses and ransomware. Cheers, Simon
On Mar 14, 2019, at 8:43 AM, Dr Eberhard W Lisse <el at lisse.NA> wrote: Try from the commandline sudo spctl --master-disable and then install the package el Sent from Dr Lisse's iPad mini 4 On 14 Mar 2019, 21:18 +0900, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org>, wrote:
Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
[[alternative HTML version deleted]]
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
[Resending - screenshot was too big] Actually, the OS does that even if we don't pay attention, so apparently people just haven't gotten around to upgrade and we haven't had new Mac users installing 3.5.3 yet. (To a first approximation, that is - some will of course know how to bypass the signature check). -pd
On 14 Mar 2019, at 14:36 , Simon Urbanek <simon.urbanek at R-project.org <mailto:simon.urbanek at R-project.org>> wrote: Marc, thanks, I'm glad that at least someone pays attention and checks the signature ;). I'm surprised my machine didn't raise a flag - I did test the image locally from the master URL before releasing. I have now updated the package to be signed, it is identical content, just signed. You can get is from the Mac master server https://mac.R-project.org/bin/macosx <https://mac.r-project.org/bin/macosx> now and other CRAN servers will sync in due time. Thanks, Simon
On Mar 14, 2019, at 8:18 AM, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org <mailto:r-sig-mac at r-project.org>> wrote: Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org <mailto:R-SIG-Mac at r-project.org> https://stat.ethz.ch/mailman/listinfo/r-sig-mac
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org <mailto:R-SIG-Mac at r-project.org> https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Peter Dalgaard, Professor, Center for Statistics, Copenhagen Business School Solbjerg Plads 3, 2000 Frederiksberg, Denmark Phone: (+45)38153501 Office: A 4.23 Email: pd.mes at cbs.dk <mailto:pd.mes at cbs.dk> Priv: PDalgd at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://stat.ethz.ch/pipermail/r-sig-mac/attachments/20190314/b6674a98/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: PastedGraphic-2.jpg Type: image/jpeg Size: 36987 bytes Desc: not available URL: <https://stat.ethz.ch/pipermail/r-sig-mac/attachments/20190314/b6674a98/attachment-0001.jpg>
The version from mac.R-project.org installs fine. CRAN master still has the unsigned version (recognizable by an MD5 hash starting with fff) at this point. -pd
On 14 Mar 2019, at 14:36 , Simon Urbanek <simon.urbanek at R-project.org> wrote: Marc, thanks, I'm glad that at least someone pays attention and checks the signature ;). I'm surprised my machine didn't raise a flag - I did test the image locally from the master URL before releasing. I have now updated the package to be signed, it is identical content, just signed. You can get is from the Mac master server https://mac.R-project.org/bin/macosx now and other CRAN servers will sync in due time. Thanks, Simon
On Mar 14, 2019, at 8:18 AM, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org> wrote: Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Peter Dalgaard, Professor, Center for Statistics, Copenhagen Business School Solbjerg Plads 3, 2000 Frederiksberg, Denmark Phone: (+45)38153501 Office: A 4.23 Email: pd.mes at cbs.dk Priv: PDalgd at gmail.com
Not Really. I have been loading R binaries for almost 10 years from CRAN, if not longer. If the SHA is ok, I don't care about Apple's Nanny mechanism. And, it still warns on the first run, whether you really want to run a program downloaded from the Internet. The correct statement wouldhave been, something like: "Be careful when you do that and only load binaries from reputable sources such as CRAN" I really, really, really do not understand, after almost 40 years of doing this (sendmail anyone?), why Apple wants to make an automated start of Postfix requiring the SIP to be disabled off of the Recovery Boot for a simple change of the launch control files. el
On 2019-03-14 22:37 , Simon Urbanek wrote:
Very, very, very bad idea - never ever do that unless you're really happy to infest your machine with nice viruses and ransomware. Cheers, Simon
On Mar 14, 2019, at 8:43 AM, Dr Eberhard W Lisse <el at lisse.NA> wrote: Try from the commandline sudo spctl --master-disable and then install the package el
Marc, the same is achieved by the hash published by CRAN. Though, of course, if the developers have a developer account, there is nothing wrong with using it and even less with reporting the lack of use of it :-)-O el
On 2019-03-14 21:49 , Marc Schwartz via R-SIG-Mac wrote:
Hi, I am aware of the workaround, both from the CLI and via System Preferences. The question is more about confirming that the binary is valid and from a source that is trusted, which is the point of digitally signing binaries as a trusted Apple developer. Thanks, Marc
[...]
Dr. Eberhard W. Lisse / Obstetrician & Gynaecologist (Saar) el at lisse.NA / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 / Bachbrecht, Namibia ;____/
My point of objection was the disabling all checks in a blanket manner. Since this forum is read by many people, not everyone may realize the very harmful implications of that single command. If you know what you're doing, that's fine, but then you also know that you can simply use Open and acknowledge that you want to install anyway which is much safer way that to disable all checks systemwide. Same goes with SIP - for 99.99% of users it protects them and for a very good reason. If you need to modify system files, you better know what you're doing and take all the responsibility. There is also a very good reason why you need to go to Recovery to do that - it wouldn't make any sense otherwise ;). Cheers, Simon
On Mar 14, 2019, at 10:19 AM, Dr Eberhard W Lisse <el at lisse.NA> wrote: Not Really. I have been loading R binaries for almost 10 years from CRAN, if not longer. If the SHA is ok, I don't care about Apple's Nanny mechanism. And, it still warns on the first run, whether you really want to run a program downloaded from the Internet. The correct statement wouldhave been, something like: "Be careful when you do that and only load binaries from reputable sources such as CRAN" I really, really, really do not understand, after almost 40 years of doing this (sendmail anyone?), why Apple wants to make an automated start of Postfix requiring the SIP to be disabled off of the Recovery Boot for a simple change of the launch control files. el On 2019-03-14 22:37 , Simon Urbanek wrote:
Very, very, very bad idea - never ever do that unless you're really happy to infest your machine with nice viruses and ransomware. Cheers, Simon
On Mar 14, 2019, at 8:43 AM, Dr Eberhard W Lisse <el at lisse.NA> wrote: Try from the commandline sudo spctl --master-disable and then install the package el
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
I agree more or less with both of you in this take! I really appreciate Apple effort for keep users safe and this is one the reasons I'm choosing Apple. However, one not always can install signed software and that doesn't mean you are directly at risk. You just have to know what are you doing. Luckily even if you disabling Gatekeeper <https://en.wikipedia.org/wiki/Gatekeeper_(macOS)> you still get a warning every time you install something out of App Store of some place that isn't in the safe list. Warnings are great, but prohibitions can go south quickly. I think we can all remember the problems some Windows system got in the past by warning and asking for the password too much. Users finally logged as root to avoid the nuance, thus making the system insecure.
On 14 Mar 2019, at 16:45, Simon Urbanek <simon.urbanek at R-project.org> wrote: My point of objection was the disabling all checks in a blanket manner. Since this forum is read by many people, not everyone may realize the very harmful implications of that single command. If you know what you're doing, that's fine, but then you also know that you can simply use Open and acknowledge that you want to install anyway which is much safer way that to disable all checks systemwide. Same goes with SIP - for 99.99% of users it protects them and for a very good reason. If you need to modify system files, you better know what you're doing and take all the responsibility. There is also a very good reason why you need to go to Recovery to do that - it wouldn't make any sense otherwise ;). Cheers, Simon
On Mar 14, 2019, at 10:19 AM, Dr Eberhard W Lisse <el at lisse.NA> wrote: Not Really. I have been loading R binaries for almost 10 years from CRAN, if not longer. If the SHA is ok, I don't care about Apple's Nanny mechanism. And, it still warns on the first run, whether you really want to run a program downloaded from the Internet. The correct statement wouldhave been, something like: "Be careful when you do that and only load binaries from reputable sources such as CRAN" I really, really, really do not understand, after almost 40 years of doing this (sendmail anyone?), why Apple wants to make an automated start of Postfix requiring the SIP to be disabled off of the Recovery Boot for a simple change of the launch control files. el On 2019-03-14 22:37 , Simon Urbanek wrote:
Very, very, very bad idea - never ever do that unless you're really happy to infest your machine with nice viruses and ransomware. Cheers, Simon
On Mar 14, 2019, at 8:43 AM, Dr Eberhard W Lisse <el at lisse.NA> wrote: Try from the commandline sudo spctl --master-disable and then install the package el
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac
Hi Simon, Thanks for following up. I presumed that this was a production issue of some nature, as you had established the pattern of digitally signing the binaries some time ago. Thanks again! Marc
On Mar 14, 2019, at 9:36 AM, Simon Urbanek <simon.urbanek at R-project.org> wrote: Marc, thanks, I'm glad that at least someone pays attention and checks the signature ;). I'm surprised my machine didn't raise a flag - I did test the image locally from the master URL before releasing. I have now updated the package to be signed, it is identical content, just signed. You can get is from the Mac master server https://mac.R-project.org/bin/macosx now and other CRAN servers will sync in due time. Thanks, Simon
On Mar 14, 2019, at 8:18 AM, Marc Schwartz via R-SIG-Mac <r-sig-mac at r-project.org> wrote: Hi, I just tried to install the R 3.5.3 macOS binary from CRAN. The SHA hash matches what is on CRAN, but I get an unknown developer message when I try to install. I get: pkgutil --check-signature R-3.5.3.pkg Package "R-3.5.3.pkg": Status: no signature I rechecked the 3.5.2 binary and do not have the issue there. Thanks, Marc Schwartz
_______________________________________________ R-SIG-Mac mailing list R-SIG-Mac at r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-mac