So I started getting emails yesterday complaining that Jettison was suddenly telling users their trial period was over – even though they’d already purchased a license. When I got the first few, I thought they’d just deleted their preference files and needed to re-activate their licenses, but then the trickle became a deluge – what the heck?
So I dropped everything and looked into it – I needed an answer ASAP or I was gonna spend the next couple of days doing nothing but answering email. It turns out everyone who was affected had bought Jettison through the Mac App Store and then upgraded to the direct-from-the-website version (because it’s better, of course – instructions here if you’re interested). When you do this, Jettison copies your Mac App Store receipt to a safe place so that it can verify that you’ve actually bought a license, even if you delete the App Store copy of Jettison.
Lucky for me, I’d bought a copy of Jettison myself when testing this mechanism, so I had my own receipt still sitting in ~/Library/Application Support/ so I could look at it. Printing the certificates in the receipt showed this little tidbit:
[...] Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations [...] Validity Not Before: Nov 11 21:58:01 2010 GMT Not After : Nov 11 21:58:01 2015 GMT Subject: CN=Mac App Store Receipt Signing, OU=Apple Worldwide Deve [...] [...]
See that “Not After:” entry in the Validity section? “Nov 11 21:58:01 2015 GMT” – yeah, that’d be yesterday. When the emails started. Apple signed the receipt with a certificate that expired yesterday, so if you have one of these receipts, Jettison no longer thinks you’re legit. Sorry about that – I hadn’t considered that eventuality. And reading the news this morning, it appears that Apple hadn’t either.
So what to do? I’ve wrapped up Jettison 1.5 and posted it. You’re going to have to do a little dance again to get Jettison to update your receipt, but this version will do the right thing once you follow these instructions:
- Put every copy of Jettison on your Mac in the Trash and empty the Trash.
- Open the App Store application and click on the Purchases tab.
- Re-download the copy of Jettison you purchased. It will include a new, non-expired receipt.
- Download the latest version of Jettison (http://www.stclairsoft.com/download/Jettison-1.5.1d2.zip)
- Double-click the .dmg file to open it, then double-click on Jettison before copying it to your Applications folder.
- After Jettison tells you that it has found your App Store license, you can copy it to your Applications folder.
Sorry for the hassle. But hey, at least it forced me to get the version 1.5 update out the door, so there’s some benefit there, eh? And thanks Apple – I didn’t need to sleep last night anyway.
P.S. I’m seeing a bunch of people buying non-App Store licenses directly from the St. Clair Software store today instead of jumping through these hoops to deal with the App Store. I have to say I’m all for that 🙂
A bit more info that’s interesting and could use some corroboration: I think this problem only affects apps that were downloaded before September 24 (either via purchase or update). When I download a new copy of Jettison from the App Store, the receipt is signed with a cert valid within these dates:
Not Before: Sep 24 19:09:31 2015 GMT Not After : Oct 23 19:09:31 2017 GMT
So in my sample size of 1, copies of Jettison purchased or updated today will work until Oct 23, 2017, and could have worked with this receipt only as far back as September 24. If Apple has been using the same certificate to sign all App Store receipts (which seems reasonable), then anything that has been downloaded from the App Store after September 24 won’t expire until 2017. And apps downloaded prior to that have some other expiration in their receipts. If I had more time, I’d dig through all of my App Store apps to find out when each cert expires, but alas, I’ve got work to do and have killed enough time on this already…