f.lux v37.7, Sparkle error about DSA keys



  • Just started getting this error a few days ago. Very annoying to track down since it doesn't say anything about the application using it but after some trial n error I know it's f.lux. After I click OK, f.lux says it's on the latest version.

    Anyone else getting this? Is v37.7 the latest? Should I re-install?

    Sparkle Error


  • f.lux team

    This seems to happen when our updater thinks we have connected without using SSL, which should not ever happen. It may occur however when there is an error on our server (rate limiting, etc.) Thanks for the report.



  • It's been happening consistently once a day for about a week. That's why I brought it up.


  • f.lux team

    This post is deleted!

  • f.lux team

    I checked out the updater code, and this message actually happens when the "main bundle" (i.e. Flux.app) is thought not to be code signed. This is a failure in the signing certificate we get from Apple directly, not a DSA key (which we don't use).

    Per this article, the way to verify code signing is like this (Terminal):

    codesign -dv --verbose=4 /Path/To/Flux.app

    It's possible that your system clock is set very far from reality, or something in the OS is messed up.

    But this should basically "never" fail, so I guess I do recommend reinstalling.

    p.s. if you like to read code, the verifier here is failing:
    https://github.com/sparkle-project/Sparkle/blob/master/Sparkle/SUCodeSigningVerifier.m


  • f.lux team

    Also if you get a chance, check if there are any updates to the OS.
    In the last year there have been several security updates to macOS.

    But the best "test" is the codesign command above.



  • @herf said:

    codesign -dv --verbose=4 /Path/To/Flux.app

    Executable=/Applications/Flux.app/Contents/MacOS/Flux
    Identifier=org.herf.Flux
    Format=app bundle with Mach-O thin (x86_64)
    CodeDirectory v=20200 size=5709 flags=0x0(none) hashes=171+5 location=embedded
    Hash type=sha256 size=32
    CandidateCDHash sha1=0e887b904d989f50b744c86e913fe16eb230432d
    CandidateCDHash sha256=2ede3925734b15d2e5157ebee4fc74e4c80d33b0
    Hash choices=sha1,sha256
    CDHash=2ede3925734b15d2e5157ebee4fc74e4c80d33b0
    Signature size=8899
    Authority=Developer ID Application: Michael Herf
    Authority=Developer ID Certification Authority
    Authority=Apple Root CA
    Timestamp=Aug 15, 2016, 4:27:58 PM
    Info.plist entries=31
    TeamIdentifier=VZKSA7H9J9
    Sealed Resources version=2 rules=12 files=8
    Internal requirements count=1 size=208

    It's possible that your system clock is set very far from reality, or something in the OS is messed up.

    Clock is set by NTP. I did recently switch from 12-hour to 24-hour; that shouldn't affect things, should it?

    Also if you get a chance, check if there are any updates to the OS. In the last year there have been several security updates to macOS.

    On El Capitan but all current on patches/security updates.

    But this should basically "never" fail, so I guess I do recommend reinstalling.

    I'll give this a try and let you know.



  • Reinstall seems to have done the trick. Thanks!


Log in to reply
 

Looks like your connection to f.lux forum was lost, please wait while we try to reconnect.