4

我有一个 Mac 应用程序,我使用终端中的“productsign”命令对其进行了签名

productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg

productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain
productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: Wrote signed product archive to InstallerSigned.pkg

然后我运行了评估命令

spctl -a -v --type install  InstallerSigned.pkg
InstallerSigned.pkg: accepted

我也检查了签名

pkgutil --check-signature InstallerSigned.pkg 
Package "InstallerSigned.pkg":
Status: signed by a developer certificate issued by Apple
   Certificate Chain:
    1. 3rd Party Mac Developer Installer: My company (dasdfjkaj)
    2. Apple Worldwide Developer Relations Certification Authority
    3. Apple Root CA

当我从我的机器上运行安装程序时(Gatekeeper 设置为“Mac App Store 和已识别的开发人员”),它运行良好。当我将它部署到我的网站后下载相同的 pkg 时,它也正确安装。

但是......当我在另一台机器上下载 pkg 时,它无法安装。它无法识别我的开发者 ID。当我在故障机器上运行 spctl 命令时,我得到

spctl -a -v --type install  InstallerSigned.pkg
InstallerSigned.pkg: rejected

有谁知道为什么它在我自己的机器上运行良好,但当 pkg 在另一台机器上运行时失败?我真的没有主意了:/

编辑:这就是我得到的

spctl --list --type execute
3[Apple System] P0 allow execute
    anchor apple
4[Mac App Store] P0 allow execute
    anchor apple generic and certificate leaf[field.<I removed this>] exists
5[Developer ID] P0 allow execute
    anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists
7[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
10[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
14[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
15[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
18[GKE] P0 allow execute [(gke)]
4

1 回答 1

5

证书很重要

这些是您需要一起用于代码签名的证书:

  • 开发者 ID 安装程序
  • 开发者ID申请

    • 第 3 方 Mac 开发者安装程序(通常仅用于 AppStore 应用程序)。

如果不提交到 AppStore,您将使用“ Developer ID Installer ”证书。对于特定的代码签名部分,您需要使用“ Developer ID Application ”证书。

Apple 开发人员代码设计工作流程指南

于 2014-01-22T23:17:51.250 回答