[R-SIG-Mac] R 4.2.1-arm64 pkg is signed and notarized but refuses to install

Calboli Federico (LUKE) |eder|co@c@|bo|| @end|ng |rom |uke@||
Fri Jul 1 08:15:26 CEST 2022 

Given the warning, I’d check the SHA of what you have downloaded does actually match the published one, just in case.

I had no problems with my installation, same exact specs as you describe. 

Cheers

F


> On 1. Jul 2022, at 4.51, Kieran Healy <kjhealy using gmail.com> wrote:
> 
> Hi Simon, 
> 
> Thanks for the quick reply. No custom profiles:
> 
>> Enrolled via DEP: No
>> MDM enrollment: No
> 
> I don’t *think* there’s anything especially unusual about my Mac. I should find some other signed and notarized pkg files to install just to see if they work ...
> 
> -- 
> Kieran Healy :: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkieranhealy.org%2F&data=05%7C01%7Cfederico.calboli%40luke.fi%7C0ae7c81c39364904e96008da5b0438d3%7C7c14dfa4c0fc47259f0476a443deb095%7C0%7C0%7C637922370942348615%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kgvvmrP9RsYdmEdpaQ%2Bq6Ud%2BaoHEMR1RAya3x2g%2BS9U%3D&reserved=0
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>> On Jun 30, 2022, at 9:31 PM, Simon Urbanek <simon.urbanek using R-project.org> wrote:
>> 
>> Kieran,
>> 
>> thanks, that is rather very odd. I don't have a macOS 12.4 box at hand at the moment so cannot check, but on both Big Sur and on Monterey 12.1 I get
>> 
>> $ spctl -a -vv -t install R-4.2.1-arm64.pkg
>> R-4.2.1-arm64.pkg: accepted
>> source=Notarized Developer ID
>> origin=Developer ID Installer: Simon Urbanek (VZLD955F6P)
>> 
>> Is your Mac enrolled in any custom profiles? (This is usually done to corporate machines which are centrally managed). You can check with
>> profiles status -type enrollment
>> Those can override allowed installations.
>> 
>> Cheers,
>> Simon
>> 
>> 
>> 
>>> On 1/07/2022, at 1:10 PM, Kieran Healy <kjhealy using gmail.com> wrote:
>>> 
>>> Hello all,
>>> 
>>> Not sure at what point along the complex signing/ notarization/ checking/
>>> installation process things fail, but on an M1 MacBook Pro running Monterey
>>> 12.4, with security options set to Allow Apps from the App Store and
>>> Identified Developers, I am finding that attempting to install
>>> R-4.2.1-arm64.pkg from CRAN fails with the GUI error:
>>> 
>>> “R-4.2.1-arm64.pkg” cannot be opened because it is from an unidentified
>>> developer. macOS cannot verify that this app is free from malware.
>>> 
>>> The SHA-1 is good and when I verify the package with pkgutil
>>> --check-signature, everything seems fine too:
>>> 
>>> Package "R-4.2.1-arm64.pkg":
>>>> Status: signed by a developer certificate issued by Apple for
>>>> distribution
>>>> Notarization: trusted by the Apple notary service
>>>> Signed with a trusted timestamp on: 2022-06-24 10:57:20 +0000
>>>> Certificate Chain:
>>>>  1. Developer ID Installer: Simon Urbanek (VZLD955F6P)
>>>>     Expires: 2027-02-01 22:12:15 +0000
>>>>     SHA256 Fingerprint:
>>>>         B5 E8 8C 9D 46 50 74 03 6E 27 98 AB 8B 38 08 89 84 CF 60 C3 90
>>>> C1
>>>>         8F 6F 5A 9F 0F D4 9B D8 89 FC
>>>> 
>>>> ------------------------------------------------------------------------
>>>>  2. Developer ID Certification Authority
>>>>     Expires: 2027-02-01 22:12:15 +0000
>>>>     SHA256 Fingerprint:
>>>>         7A FC 9D 01 A6 2F 03 A2 DE 96 37 93 6D 4A FE 68 09 0D 2D E1 8D
>>>> 03
>>>>         F2 9C 88 CF B0 B1 BA 63 58 7F
>>>> 
>>>> ------------------------------------------------------------------------
>>>>  3. Apple Root CA
>>>>     Expires: 2035-02-09 21:40:36 +0000
>>>>     SHA256 Fingerprint:
>>>>         B0 B1 73 0E CB C7 FF 45 05 14 2C 49 F1 29 5E 6E DA 6B CA ED 7E
>>>> 2C
>>>>         68 C5 BE 91 B5 A1 10 01 F0 24
>>> 
>>> 
>>> However, spctl refuses to proceed and gives an error:
>>> 
>>> spctl -a -vv -t install R-4.2.1-arm64.pkg
>>>> R-4.2.1-arm64.pkg: rejected
>>>> origin=Developer ID Installer: Simon Urbanek (VZLD955F6P)
>>> 
>>> 
>>> I can of course just tell mac os to go ahead anyway. But I thought I'd
>>> report it here just in case it was some more general wrinkle in 12.4 or
>>> hiccup in the toolchain somewhere.
>>> 
>>> Kieran
>>> 
>>> --
>>> Kieran Healy :: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkieranhealy.org%2F&data=05%7C01%7Cfederico.calboli%40luke.fi%7C0ae7c81c39364904e96008da5b0438d3%7C7c14dfa4c0fc47259f0476a443deb095%7C0%7C0%7C637922370942348615%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kgvvmrP9RsYdmEdpaQ%2Bq6Ud%2BaoHEMR1RAya3x2g%2BS9U%3D&reserved=0
>>> 
>>> 	[[alternative HTML version deleted]]
>>> 
>>> _______________________________________________
>>> R-SIG-Mac mailing list
>>> R-SIG-Mac using r-project.org
>>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-sig-mac&data=05%7C01%7Cfederico.calboli%40luke.fi%7C0ae7c81c39364904e96008da5b0438d3%7C7c14dfa4c0fc47259f0476a443deb095%7C0%7C0%7C637922370942348615%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0JDfqxhLbPKdIIXb5Ol6UZqy%2FWBY30740Q2yFf9zpV8%3D&reserved=0
>>> 
>> 
> 
> 
> 	[[alternative HTML version deleted]]
> 
> _______________________________________________
> R-SIG-Mac mailing list
> R-SIG-Mac using r-project.org
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-sig-mac&data=05%7C01%7Cfederico.calboli%40luke.fi%7C0ae7c81c39364904e96008da5b0438d3%7C7c14dfa4c0fc47259f0476a443deb095%7C0%7C0%7C637922370942348615%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0JDfqxhLbPKdIIXb5Ol6UZqy%2FWBY30740Q2yFf9zpV8%3D&reserved=0

More information about the R-SIG-Mac mailing list