我有一个Mac应用程序,我使用终端的'productsign'命令签名
productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg
productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain
productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: Wrote signed product archive to InstallerSigned.pkg
然后我运行了评估命令
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: accepted
我还检查了签名
pkgutil --check-signature InstallerSigned.pkg
Package "InstallerSigned.pkg":
Status: signed by a developer certificate issued by Apple
Certificate Chain:
1. 3rd Party Mac Developer Installer: My company (dasdfjkaj)
2. Apple Worldwide Developer Relations Certification Authority
3. Apple Root CA
当我从我的机器运行安装程序(将Gatekeeper设置为“Mac App store并识别开发人员”)时,它运行正常。在我将其部署到我的网站后下载相同的pkg时,它也正确安装。
但是......当我在另一台机器上下载pkg时,它无法安装。它无法识别我的开发者ID。当我在失败的机器上运行spctl命令时,我得到了
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: rejected
有谁知道为什么它在我自己的机器上运行良好但在pkg在另一台机器上运行时失败?我真的完全没有想法:/
编辑: 这是我在
时得到的spctl --list --type execute
3[Apple System] P0 allow execute
anchor apple
4[Mac App Store] P0 allow execute
anchor apple generic and certificate leaf[field.<I removed this>] exists
5[Developer ID] P0 allow execute
anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists
7[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
10[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
14[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
15[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
18[GKE] P0 allow execute [(gke)]
答案 0 :(得分:5)
这些是您需要一起用于代码签名的证书:
开发者ID应用
如果没有提交到AppStore,您将使用“开发者ID安装程序”证书。对于具体的代码签名部分,您需要使用“开发者ID应用程序”证书。