We interrupt your normally scheduled Default Folder X development for… expiring App Store receipts??

The Problem:

So I started getting emails yesterday complaining that Jettison was suddenly telling users their trial period was over – even though they’d already purchased a license. When I got the first few, I thought they’d just deleted their preference files and needed to re-activate their licenses, but then the trickle became a deluge – what the heck?

So I dropped everything and looked into it – I needed an answer ASAP or I was gonna spend the next couple of days doing nothing but answering email. It turns out everyone who was affected had bought Jettison through the Mac App Store and then upgraded to the direct-from-the-website version (because it’s better, of course – instructions here if you’re interested). When you do this, Jettison copies your Mac App Store receipt to a safe place so that it can verify that you’ve actually bought a license, even if you delete the App Store copy of Jettison.

Lucky for me, I’d bought a copy of Jettison myself when testing this mechanism, so I had my own receipt still sitting in ~/Library/Application Support/ so I could look at it. Printing the certificates in the receipt showed this little tidbit:

[...]
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations [...]
Validity
    Not Before: Nov 11 21:58:01 2010 GMT
    Not After : Nov 11 21:58:01 2015 GMT
Subject: CN=Mac App Store Receipt Signing, OU=Apple Worldwide Deve [...]
[...]

See that “Not After:” entry in the Validity section? “Nov 11 21:58:01 2015 GMT” – yeah, that’d be yesterday. When the emails started. Apple signed the receipt with a certificate that expired yesterday, so if you have one of these receipts, Jettison no longer thinks you’re legit. Sorry about that – I hadn’t considered that eventuality. And reading the news this morning, it appears that Apple hadn’t either.

The Fix:

So what to do? I’ve wrapped up Jettison 1.5 and posted it. You’re going to have to do a little dance again to get Jettison to update your receipt, but this version will do the right thing once you follow these instructions:

  1. Put every copy of Jettison on your Mac in the Trash and empty the Trash.
  2. Open the App Store application and click on the Purchases tab.
  3. Re-download the copy of Jettison you purchased. It will include a new, non-expired receipt.
  4. Download the latest version of Jettison (http://www.stclairsoft.com/download/Jettison-1.5.1d2.zip)
  5. Double-click the .dmg file to open it, then double-click on Jettison before copying it to your Applications folder.
  6. After Jettison tells you that it has found your App Store license, you can copy it to your Applications folder.

Sorry for the hassle. But hey, at least it forced me to get the version 1.5 update out the door, so there’s some benefit there, eh? And thanks Apple – I didn’t need to sleep last night anyway.

– Jon

P.S. I’m seeing a bunch of people buying non-App Store licenses directly from the St. Clair Software store today instead of jumping through these hoops to deal with the App Store. I have to say I’m all for that 🙂

Update:

A bit more info that’s interesting and could use some corroboration: I think this problem only affects apps that were downloaded before September 24 (either via purchase or update). When I download a new copy of Jettison from the App Store, the receipt is signed with a cert valid within these dates:

            Not Before: Sep 24 19:09:31 2015 GMT
            Not After : Oct 23 19:09:31 2017 GMT

So in my sample size of 1, copies of Jettison purchased or updated today will work until Oct 23, 2017, and could have worked with this receipt only as far back as September 24. If Apple has been using the same certificate to sign all App Store receipts (which seems reasonable), then anything that has been downloaded from the App Store after September 24 won’t expire until 2017. And apps downloaded prior to that have some other expiration in their receipts. If I had more time, I’d dig through all of my App Store apps to find out when each cert expires, but alas, I’ve got work to do and have killed enough time on this already…

6 Responses to “We interrupt your normally scheduled Default Folder X development for… expiring App Store receipts??”

  1. Greg says:

    enter this in the terminal, seems to work for a few people

    killall -KILL storeaccountd

    • Jon says:

      That may work for apps that are still managed by the App Store, but won’t work for Jettison, which has copied the App Store receipt out of the downloaded Jettison app. That’s why the longer process above is necessary.

  2. John says:

    Why are you not updating the version in the app store? I was able to do your outlined process, but IMO you should have just pushed an update thru the store instead and keep the Website version and the store version the same.

    • Jon says:

      Because Jettison now requires your admin password in order to remount SD cards, Apple won’t approve it for sale on the Mac App Store.

  3. michael says:

    This worked for me. thanks

  4. eduardo says:

    Just started to get this today again Feb 16, 2016. Following the steps again fixes it.

Leave a Reply for eduardo