You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
I've been reading an article by Howard Oakley (May 11, 2023) which talks about including Mac Help files within Applications.
It has been brought to my attention that the Help Bundle within this Application has not been signed.
Perhaps there a satisfactory reason for there being no signature or is this a cause for concern?
My thanks for advice on this matter.
[Re-Titled by Moderator]
Mac mini (M2 Pro, 2023)
subil48 wrote:
It has been brought to my attention that the Help Bundle within this Application has not been signed.
Help bundles do not need to be separately signed. They live in the Resources folder of the app bundle and are included in the app's overall signature.
You can verify this yourself using Apple's signature verification tool in Terminal:
/Applications $ spctl -a -vv EtreCheckPro.app
EtreCheckPro.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: Etresoft, Inc. (U87NE528LC)
Then modify one of the HTML files in the help bundle and try it again. If you modify the help bundle, then the verification will fail. If you undo your modification, the verification will succeed once again.
Perhaps there a satisfactory reason for there being no signature or is this a cause for concern?
Satisfactory reason? No. Not satisfactory. It's a bug in the Apparency app. I've already contacted the developer of Apparency and the response was not encouraging.
Apple help bundles are exceptionally difficult to implement. EtreCheckPro is one of the few non-Apple apps to use them. Apparency itself, like most 3rd party apps, just dumps the user to a website for help. But websites often don't get updated as apps change or get bought and sold. One of my favourite apps, Graphic, does this and now the help goes to a dead web link.
Graphic is still available in the Mac App Store. Check it with Apparency and see what you get. Then check any other Mac App Store app. Apparency has decided that virtually all Mac App Store apps have invalid signatures!
Luckily for me, I don't actually use Apple's help user interface due to bugs in Apple's implementation over the years. But by using a help bundle, EtreCheckPro's help gets incorporated into the system. I've got a new release of EtreCheckPro due next week when Apple releases information for the new M4 machines. All I have to do is remove a file from the help bundle. Apparency will no longer recognize it and will no longer accuse me of doing my signature incorrectly. I'll lose that incorporation into the system help, but few people would ever trigger that obscure feature anyway.
I've been reading an article by Howard Oakley (May 11, 2023) which talks about including Mac Help files within Applications.
This is a problem with social media influencers and popular apps like Suspicious Package and Apparency. They are called "influencers" for a reason. People don't know about obscure technical details like help packages and signatures. So then, when an "influencer" or popular developer gets it wrong, people don't realize it and blame the wrong person.
It really annoys me to have to change my app because some other developer screwed something up. But in the world of consumer apps, a developer has to be aware of who has influence and who doesn't.
While I may not have any influence, I do just happen to have an app that properly queries information about apps and displays it to the user. EtreCheckPro's own app display is one of its best features. I can pull that out and publish it on the Mac App Store as a stand-alone app. I can do the same for EtreCheckPro's Storage too as well. So hopefully, Apparency's bug will work out for me in the end.
subil48 wrote:
It has been brought to my attention that the Help Bundle within this Application has not been signed.
Help bundles do not need to be separately signed. They live in the Resources folder of the app bundle and are included in the app's overall signature.
You can verify this yourself using Apple's signature verification tool in Terminal:
/Applications $ spctl -a -vv EtreCheckPro.app
EtreCheckPro.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: Etresoft, Inc. (U87NE528LC)
Then modify one of the HTML files in the help bundle and try it again. If you modify the help bundle, then the verification will fail. If you undo your modification, the verification will succeed once again.
Perhaps there a satisfactory reason for there being no signature or is this a cause for concern?
Satisfactory reason? No. Not satisfactory. It's a bug in the Apparency app. I've already contacted the developer of Apparency and the response was not encouraging.
Apple help bundles are exceptionally difficult to implement. EtreCheckPro is one of the few non-Apple apps to use them. Apparency itself, like most 3rd party apps, just dumps the user to a website for help. But websites often don't get updated as apps change or get bought and sold. One of my favourite apps, Graphic, does this and now the help goes to a dead web link.
Graphic is still available in the Mac App Store. Check it with Apparency and see what you get. Then check any other Mac App Store app. Apparency has decided that virtually all Mac App Store apps have invalid signatures!
Luckily for me, I don't actually use Apple's help user interface due to bugs in Apple's implementation over the years. But by using a help bundle, EtreCheckPro's help gets incorporated into the system. I've got a new release of EtreCheckPro due next week when Apple releases information for the new M4 machines. All I have to do is remove a file from the help bundle. Apparency will no longer recognize it and will no longer accuse me of doing my signature incorrectly. I'll lose that incorporation into the system help, but few people would ever trigger that obscure feature anyway.
I've been reading an article by Howard Oakley (May 11, 2023) which talks about including Mac Help files within Applications.
This is a problem with social media influencers and popular apps like Suspicious Package and Apparency. They are called "influencers" for a reason. People don't know about obscure technical details like help packages and signatures. So then, when an "influencer" or popular developer gets it wrong, people don't realize it and blame the wrong person.
It really annoys me to have to change my app because some other developer screwed something up. But in the world of consumer apps, a developer has to be aware of who has influence and who doesn't.
While I may not have any influence, I do just happen to have an app that properly queries information about apps and displays it to the user. EtreCheckPro's own app display is one of its best features. I can pull that out and publish it on the Mac App Store as a stand-alone app. I can do the same for EtreCheckPro's Storage too as well. So hopefully, Apparency's bug will work out for me in the end.
Etresoft said ......
"I've got a new release of EtreCheckPro due next week when Apple releases information for the new M4 machines. All I have to do is remove a file from the help bundle. Apparency will no longer recognize it and will no longer accuse me of doing my signature incorrectly."
He was right! Here's what I see today when I checked!
Thank you for your comprehensive response, John.
Here's the response I've just received from the developer:
From: "Randy Sal****er (Mothers Ruin Software)" <support@mothersruin.com>
Subject: Re: Apparency
Date: 8 November 2024 at 14:49:11 GMT
"Please will you explain why I see a ‘red flag’ here?"
If you mean the “No signature” status, it’s because the Help bundle is not independently signed.
This is quite common for “de facto” components, but it is almost certainly part of the containing component’s code signature. If you select the parent component (the app in this case), and use Component > Show Bundle Resources, you will probably see this Help bundle and its individual files listed as valid. If so, the Help bundle is validly signed, just not individually so.
The only reason that Apparency identifies the Help bundle as a separate component — when you ask to show de facto ones — is that it is a macOS bundle. In the case of the Help bundle, this tends to be uninteresting.
Apparency could do better at how it presents such pure resources. But this situation isn’t something I’d be concerned about.
It appears that everything is in order!
I look forward to your new release next week.
It would be good to see stand-alone apps of yours in the Mac App Store too.
Thanks.
[Edited by Moderator]
etresoft wrote:
People don't know about obscure technical details like help packages and signatures. So then, when an "influencer" or popular developer gets it wrong, people don't realize it and blame the wrong person.
It really annoys me to have to change my app because some other developer screwed something up.
There's a good article today by HO - "A brief history of privacy protection on Macs".
[Edited by Moderator]
Why are macOS help bundles often unsigned