我们有一个 Mono Mac 应用程序,它在 AppStore 之外分发,由 Developer Id 证书签名。Gatekeeper 在 OS X 10.9 上接受该应用程序(在 10.9.4 上测试),但在 10.10 DP 7 上无法接受。
10.10 DP 7 上的一些故障排除命令的输出:
mactesters-Mac-mini:myapp 1 mactester$ spctl --assess -v ./myapp.app
./myapp.app: rejected
source=obsolete resource envelope
mactesters-Mac-mini:myapp 1 mactester$ codesign -v myapp.app
myapp.app: resource envelope is obsolete (custom omit rules)
mactesters-Mac-mini:myapp 1 mactester$ codesign -dv myapp.app/
Executable=/Volumes/myapp 1/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:55:21
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224
mactesters-Mac-mini:myapp 1 mactester$
10.9 上相同应用程序的输出:
macadmins-iMac:myapp mactester$ spctl --assess -v ./myapp.app
./myapp.app: accepted
source=Developer ID
macadmins-iMac:myapp mactester$ codesign --verify --deep --verbose=4 ./myapp.app
./myapp.app: valid on disk
./myapp.app: satisfies its Designated Requirement
macadmins-iMac:myapp mactester$ codesign -dv myapp.app
Executable=/Volumes/myapp/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:54:50
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224
使用的代码签名命令不包含 --resource-rules 标志:
codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app/Contents/MonoBundle/libMonoPosixHelper.dylib
codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app
自定义省略规则是什么意思?如何解决这个问题?