tunnelblick start message - tunnelblick was changed, signature doesn't match
145 views
Skip to first unread message
dirk.n...@gmail.com
Nov 15, 2014, 2:40:44 AM11/15/14
to tunnelbli...@googlegroups.com
Hello,
I do use tunnelblick for some years now and all worked fine. Since 2 months I get strange message which means, that the binary tunnelblick was changed and the signature doesn't match anymore. I reinstalled tunnelblick and all worked fine a few days but then I got the message again. Could some explain whats happing?
best ragrds and thanks in adance Dirk
*Tunnelblick: OS X 10.9.5; Tunnelblick 3.4.1 (build 4054); Admin user
Console Log:
2014-11-15 08:33:40 Tunnelblick[316] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
2014-11-15 08:33:40 Tunnelblick[316] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
2014-11-15 08:34:17 Tunnelblick[316] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2014-11-15 08:34:17 Tunnelblick[316] Finished shutting down Tunnelblick; allowing termination
2014-11-15 08:34:52 Tunnelblick[3933] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss
2014-11-15 08:34:53 Tunnelblick[3933] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
2014-11-15 08:34:53 Tunnelblick[3933] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
![]()
I do use tunnelblick for some years now and all worked fine. Since 2 months I get strange message which means, that the binary tunnelblick was changed and the signature doesn't match anymore. I reinstalled tunnelblick and all worked fine a few days but then I got the message again. Could some explain whats happing?
best ragrds and thanks in adance Dirk
*Tunnelblick: OS X 10.9.5; Tunnelblick 3.4.1 (build 4054); Admin user
Console Log:
2014-11-15 08:33:40 Tunnelblick[316] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
2014-11-15 08:33:40 Tunnelblick[316] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
2014-11-15 08:34:17 Tunnelblick[316] applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes
2014-11-15 08:34:17 Tunnelblick[316] Finished shutting down Tunnelblick; allowing termination
2014-11-15 08:34:52 Tunnelblick[3933] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss
2014-11-15 08:34:53 Tunnelblick[3933] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
2014-11-15 08:34:53 Tunnelblick[3933] DEBUG: Updater: systemVersion 10.9.5 satisfies minimumSystemVersion 10.4.0
jkbull...gmail.com
Nov 15, 2014, 5:44:30 AM11/15/14
to tunnelbli...@googlegroups.com
The message means that something inside the Tunnelblick application has changed. Normally, nothing inside the application should change or be changed.
Please do the following:
- Launch Tunnelblick if it is not currently running
- Open the "VPN Details…" window
- Click on the large "Preferences" button at the top of the window
- Click on the "Reset Disabled Warnings" button
- Quit Tunnelblick
- Launch Tunnelblick and see if the warning appears
If you still get this warning, please copy/paste the following command into /Applications/Utilities/Terminal.app:
codesign --deep -vv /Applications/Tunnelblick.app
and reply with the output. This command should run the same check that Tunnelblick uses but output some diagnostic messages specifying what within Tunnelblick has been changed. Perhaps that will indicate what the problem is.
If the warning does not appear, please wait until the next time it does appear and then copy/paste the Terminal command above and reply with the output.
...
dir...@gmail.com
Nov 15, 2014, 7:34:15 AM11/15/14
to tunnelbli...@googlegroups.com
Hello,
Am Samstag, 15. November 2014 11:44:30 UTC+
thanks for the quick reply. I reset the warning and started Tunnelblick again. The message appeared again.
The terminal output is:
MBP-DNE:~ nerle$ codesign --deep -vv /Applications/Tunnelblick.app
/Applications/Tunnelblick.app: a sealed resource is missing or invalid
In subcomponent: /Applications/Tunnelblick.app/Contents/Frameworks/Sparkle.framework
file missing: /Applications/Tunnelblick.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/fr_CA.lproj
I have 2 Mac's running Tunnelblick, I tried the procedure at my second Mac too. It's the same problem at both Macs.
imac:~ nerle$ codesign --deep -vv /Applications/Tunnelblick.app
/Applications/Tunnelblick.app: a sealed resource is missing or invalid
In subcomponent: /Applications/Tunnelblick.app/Contents/Frameworks/Sparkle.framework
file missing: /Applications/Tunnelblick.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources/fr_CA.lproj
Best regards Dirk
Am Samstag, 15. November 2014 11:44:30 UTC+
1 schrieb jkbull...gmail.com:
jkbull...gmail.com
Nov 15, 2014, 8:09:58 AM11/15/14
to tunnelbli...@googlegroups.com, dir...@gmail.com
Thanks for the info. Unresolved problems bug me, and I am glad you are helping to try to solve this one.
I can't explain why or how this is happening (yet). It is interesting, however, that what is says is "missing" -- "fr_CA.lproj" -- is not a file, but is a symbolic link to a folder (the "fr.lproj"). So I'm not sure if codesign is saying that it is the link that is missing, or the folder that the link points to. (The link and the folder have to do with localizing to French Canadian and to French, respectively.)
Either way, I think the message is wrong: I doubt that the actual link or folder is missing unless you have used some program that removes extra languages from your programs or something like that. (Such programs used to be used to make programs smaller, back when disk space was at a premium, but they break the digital signatures of modern applications, so they aren't used much any more.) I think what is happening is some kind of cache bug in OS X, or something like that is making codesign think that it is missing. Another possibility is that the permissions have somehow been modified so that codesign cannot "see" "fr_CA.lproj".
Is your Mac set up with English as the primary language (in System Preferences)? Or have you done anything that might have to do with languages? (Selected French or French Canadian as a language, perhaps?)
It would help if you copy/paste the following two commands in Terminal (each command is all on one line) and reply with the output:
sudo codesign --deep -vv /Applications/Tunnelblick.app
and
sudo ls -l -R /Applications/Tunnelblick.app/Contents/Frameworks/Sparkle.framework/Versions/Current/Resources
Note: You will asked for your password for the first command. Type it in (nothing, not even asterisks, will appear as you type), then press the enter/return key. Terminal "remembers" the password for a few minutes, so you won't have to type it in for the second command.
The first command checks the code signature while running as "root", so if the problem is with permissions, it should succeed. The second command will list the files and their ownership and permissions so we can see what is missing (if anything is missing) or what has incorrect permissions (if anything has incorrect permissions).
Dirk N.
Nov 15, 2014, 11:54:42 AM11/15/14
to tunnelbli...@googlegroups.com, dir...@gmail.com
That's it! I use CleanMyMac 2 sometimes and delete unwanted languages. I run it on both macs and so I could explain why Tunnelblick works for awhile. I installed Tunnelblick again and all is working fine.
I tested it - installed a fresh Tunnelblick, it starts without the message.
I run CleanMyMac - which suggest clean foreign languages, what I did.
Started Tunnelblick again and the message appear.
Installed Tunnelblick and all is working fine - without message again, so the missing language files are responsible.
I think Tunnelblick should just check the binary for changes and not the language files too. Is it worth that somebody open a (minor) bug?
Thank you very much!!! Thinking that my systems are infected is not very funny.
Have a nice weekend and
best regards Dirk
jkbull...gmail.com
Nov 15, 2014, 12:17:28 PM11/15/14
to tunnelbli...@googlegroups.com, dir...@gmail.com
OK. That makes sense.
The standard on OS X is to check everything for changes, so that's what Tunnelblick does. (This checking started in OS X 10.5 ("Lion") and has been expanded and enhanced in most versions since then.
Because Tunnelblick is usually used by people who want to make things "secure", Tunnelblick checks for changes each time it is launched; most programs don't bother to do that.
You save about 5 MB by deleting the Tunnelblick language files. That is 0.001 of a 1 TB hard drive. So if you have 1000 similar programs, you will save 1% of your hard drive space. Doesn't seem worthwhile to me.
Removing the language files (even if Tunnelblick doesn't check, or you tell it to not warn about it) will also interfere with Tunnelblick's use of the Keychain, because recent versions of OS X will not allow a program that has an invalid digital signature (which is how changes are detected) to use the Keychain.
==========
Not checking the language files could lead to the possibility that the language files have been altered, which can be a security risk, too. Suppose (to simplify things) the message "Your VPN is not connected" is changed to read "Your VPN is connected"? -- you'd think you were safely connected to your VPN but you wouldn't be.
So I would reject any bug report or enhancement suggestion with a "Won't fix".
Dirk N.
Nov 15, 2014, 2:51:31 PM11/15/14
to tunnelbli...@googlegroups.com
I won't delete the Tunnelblick language files any more. I'm happy with Tunnelblick and the way the signature check make it more secure.
Altering the language file is really a security issue - I hadn't such a important thing in mind. So I understand the "won't fix" :-))
Thank's again!
Dirk
Reply all
Reply to author
Forward
0 new messages