我有一个myFile.mpkg文件,并使用命令行实用程序productsign和以下命令在Mac OS X 10.9.5中对其进行签名:
productsign --sign "Developer ID Installer: MyDeveloperInstallerId" myFile.mpkg
mySignedFile.mpkg
运行命令时的输出如下:
productsign: preparing "myFile.mpkg" for signing...
productsign: Using timestamp authority for signature
productsign: Wrote signed product archive to mySignedFile.mpkg
然后为了验证我的文件是否已签名,我运行了命令:
pkgutil --check-signature mySignedFile.mpkg
,输出结果为:
Package "mySignedFile.mpkg":
Status: signed by a certificate trusted by Mac OS X
Certificate Chain: etc...
然而,当我尝试将签名文件安装到Mac OS X 10.10.1时,出现以下消息:
mySignedFile.mpkg can't be opened because the identity of the developer cannot be
confirmed
知道为什么会这样吗?签署过程中有什么问题吗?
[UPDATE]
找到此post
并运行以下命令:
spctl -a -t exec -vv mySignedFile.mpkg
mySignedFile.mpkg: rejected
source=obsolete resource envelope
这意味着Gatekeeper将在10.9.5(OSX Mavericks)/10.10(OSX Yosemite)或以上版本中拒绝我的软件包。
我还检查了签名的版本,发现了一些奇怪的东西:
codesign -dvvv mySignedFile.mpkg
Executable=mySignedFile.mpkg/Contents/distribution.dist
Identifier=mySignedFile
Format=installer package bundle
CodeDirectory v=20200 size=183 flags=0x0(none) hashes=1+3 location=embedded
Hash type=sha1 size=20
CDHash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Signature size=7589
Authority=Developer ID Application: My Company
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jan 14, 2015, 13:08:13 pm
Info.plist=not bound
TeamIdentifier=XXXXXXXXX
Sealed Resources version=2 rules=4 files=2
Internal requirements count=1 size=200
Info.plist而不是条目=数字等于未绑定。