0

How can I achive Gatekeeper pass an app signed with a third-party certificate?

I have signed mine with the one I bought for the Windows version and if I have checked the "Mac App and identifier developers" option in System Preferences it can't be executed.

This is the command I executed for signing:

codesign --force --verify --verbose --sign "My cert" My.app

This is the command for verifying the signing:

codesign --verify --verbose=4 My.app

And this is the output:

My.app/: valid on disk
My.app/: satisfies its Designated Requirement

What am I doing wrong?

Thanks.

4

1 回答 1

2

Gatekeeper 不接受第三方证书,只接受 Mac App Store 和 Apple Developer ID 证书。这样做的原因是,如果 Apple 发现签名的恶意软件正在分发,他们希望能够撤销用于签名的证书;这只有在 Apple 拥有颁发签名证书的证书颁发机构时才有可能。因此,出于 Gatekeeper 的目的,第三方证书被认为是不可信的。

顺便说一句,您正在执行的检查codesign -- verify仅检查签名是否与应用程序的内容匹配,而不是它是否被视为 Gatekeeper-valid 签名。为此,您需要spctl -va My.app(尽管请注意,这会根据您当前的 Gatekeeper 策略对其进行检查,因此如果您将 Gatekeeper 设置为仅 Mac App Store,它会将开发人员 ID 签名的应用程序报告为“已拒绝”)。

于 2014-09-17T20:12:36.287 回答