我有一个 Mac 应用程序,我使用终端中的“productsign”命令对其进行了签名
productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg
productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain
productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: Wrote signed product archive to InstallerSigned.pkg
然后我运行了评估命令
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: accepted
我也检查了签名
pkgutil --check-signature InstallerSigned.pkg
Package "InstallerSigned.pkg":
Status: signed by a developer certificate issued by Apple
Certificate Chain:
1. 3rd Party Mac Developer Installer: My company (dasdfjkaj)
2. Apple Worldwide Developer Relations Certification Authority
3. Apple Root CA
当我从我的机器上运行安装程序时(Gatekeeper 设置为“Mac App Store 和已识别的开发人员”),它运行良好。当我将它部署到我的网站后下载相同的 pkg 时,它也正确安装。
但是......当我在另一台机器上下载 pkg 时,它无法安装。它无法识别我的开发者 ID。当我在故障机器上运行 spctl 命令时,我得到
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: rejected
有谁知道为什么它在我自己的机器上运行良好,但当 pkg 在另一台机器上运行时失败?我真的没有主意了:/
编辑:这就是我得到的
spctl --list --type execute
3[Apple System] P0 allow execute
anchor apple
4[Mac App Store] P0 allow execute
anchor apple generic and certificate leaf[field.<I removed this>] exists
5[Developer ID] P0 allow execute
anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists
7[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
10[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
14[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
15[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
18[GKE] P0 allow execute [(gke)]