Permanent Eraser 2.6.2 came out at the end of December 2013, fixing some issues related to Gatekeeper and the latest version of OS X — Mavericks. 2013 almost became the first year since the inception of Permanent Eraser that the app was not updated at least once. Since 2003, Permanent Eraser has received at least one or two yearly updates, sometimes even more, depending upon the development schedule. Looking forward to 2014, work on Permanent Eraser 2.7 will begin.
What's new in Permanent Eraser 2.6.2
- Updated plug-in for Mavericks - On some Mavericks systems, the plug-in was not working. The plug-in has been updated and tested on all versions of OS X from 10.6 through 10.9.
- Fixed the code signing to work properly with Gatekeeper.
- Tested and verified for OS X 10.9 Mavericks.
One of the biggest fixes in Permanent Eraser 2.6.2 was to properly code sign the app so it would be identified by Gatekeeper as an app by a trusted source. The article Code Signing and Mavericks by Craig Hockenberry helped reveal some trouble areas to resolve. Even though Permanent Eraser 2.6.1 had been code signed, it was not validating properly with Gatekeeper. If I verified the code signature of the app, I saw the following results:
codesign --verify --verbose=4 Permanent\ Eraser\ 2.6.1.app Permanent Eraser 2.6.1.app: valid on disk Permanent Eraser 2.6.1.app: satisfies its Designated Requirement
Looks good so far. For the interest of it, I then tried verifying an earlier version of Permanent Eraser which had not been code signed.
codesign --verify --verbose=4 Permanent\ Eraser\ 2.6.0.app Permanent Eraser 2.6.0.app: code object is not signed at all
Once again, this is returning the expected results. However, if I used the new spctl utility to verify Permanent Eraser in OS X 10.8+, I encountered a problem.
spctl --verbose=4 --assess --type execute Permanent\ Eraser\ 2.6.1.app Permanent Eraser 2.6.1.app: rejected
spctl, which manages the system policy security, is a command line utility which first appeared in Mac OS X 10.7.3, but the security system known as Gatekeeper came to prominence with OS X 10.8 "Mountain Lion".
The solution was not to use the Mac Developer signing idenity to sign the app (which is used for signing an app for the Mac App Store), but to use the Developer ID Application one, instead. Now when I perform the appropriate checks in OS X Mavericks, everything is looking good.
codesign --verify --verbose=4 Permanent\ Eraser.app/ Permanent Eraser.app/: valid on disk Permanent Eraser.app/: satisfies its Designated Requirement spctl --verbose=4 --assess --type execute Permanent\ Eraser.app ../Permanent Eraser.app: accepted source=Developer ID
Oddly enough, after signing this way in Snow Leopard, trying to verify the app returned this result:
codesign --verify --verbose=4 Permanent\ Eraser.app Permanent Eraser.app: valid on disk Permanent Eraser.app: does not satisfy its designated Requirement
However, since the other checks appear to be in proper working order on post-Snow Leopard systems, this looks to be the proper route to properly code sign the app and let it verify properly with Gatekeeper.