pkgutil erroneously reports "signed by untrusted certificate"

Originator:0xmachos
Number:rdar://47072099 Date Originated:06/01/2019
Status:Open Resolved:
Product:macOS Product Version:10.14.2
Classification:Security Reproducible:Always
 
Summary:

The application bundle "/Library/Image Capture/Devices/EPSON Scanner.app" is shipped with macOS. 

pkgutil reports that it is "signed by untrusted certificate" however codesign reports that the signature is valid. 

The third party tools "What's my Sign" [1] and "Signet" [2] both report that the signature is valid.

1. https://objective-see.com/products/whatsyoursign.html
2. https://eclecticlight.co/2018/12/20/mojave-happily-runs-apps-with-revoked-signatures-and-more/

Steps to Reproduce:

codesign --verify --verbose --deep "/Library/Image Capture/Devices/EPSON Scanner.app"
/Library/Image Capture/Devices/EPSON Scanner.app: valid on disk
/Library/Image Capture/Devices/EPSON Scanner.app: satisfies its Designated Requirement

pkgutil --check-signature "/Library/Image Capture/Devices/EPSON Scanner.app"
Package "EPSON Scanner":
   Status: signed by untrusted certificate
   Certificate Chain:
    1. Developer ID Application: EPSON (TXAEAV5RN4)
       SHA1 fingerprint: 07 08 DA 9F 2A 02 43 09 E5 83 28 0A 66 6E 3A 2F E9 77 4F 7D
       -----------------------------------------------------------------------------
    2. Developer ID Certification Authority
       SHA1 fingerprint: 3B 16 6C 3B 7D C4 B7 51 C9 FE 2A FA B9 13 56 41 E3 88 E1 86
       -----------------------------------------------------------------------------
    3. Apple Root CA
       SHA1 fingerprint: 61 1E 5B 66 2C 59 3A 08 FF 58 D1 4A E2 24 52 D1 98 DF 6C 60

Expected Results:

Both utilities report the same signature status.

Actual Results:

pkgutil reports "signed by untrusted certificate" while codesign, Signet and What's Your Sign report that the signature is valid.  

Version/Build:

      System Version: macOS 10.14.2 (18C54)
      Kernel Version: Darwin 18.2.0
      Boot Volume: ***
      Boot Mode: Normal
      Computer Name: ***
      User Name: ***
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: 23:55


Configuration:

      Model Name: MacBook Pro
      Model Identifier: MacBookPro15,2
      Processor Name: Intel Core i7
      Processor Speed: 2.7 GHz
      Number of Processors: 1
      Total Number of Cores: 4
      L2 Cache (per Core): 256 KB
      L3 Cache: 8 MB
      Memory: 16 GB
      Boot ROM Version: 220.230.16.0.0 (iBridge: 16.16.2542.0.0,0)
      Serial Number (system): ***
      Hardware UUID: ***

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!