我有一个 myFile.mpkg 文件,并使用命令行实用程序 productsign 和以下命令在 Mac OS X 10.9.5 中对其进行了签名:
productsign --sign "Developer ID Installer: MyDeveloperInstallerId" myFile.mpkg
mySignedFile.mpkg
我运行命令时的输出如下:
productsign: preparing "myFile.mpkg" for signing...
productsign: Using timestamp authority for signature
productsign: Wrote signed product archive to mySignedFile.mpkg
然后为了验证我的文件是否已签名,我运行了以下命令:
pkgutil --check-signature mySignedFile.mpkg
输出是:
Package "mySignedFile.mpkg":
Status: signed by a certificate trusted by Mac OS X
Certificate Chain: etc...
然而,当我尝试将我的签名文件安装到 Mac OS X 10.10.1 时,出现以下消息:
mySignedFile.mpkg can't be opened because the identity of the developer cannot be
confirmed
知道为什么会这样吗?签名过程有什么问题吗?
[更新]
找到这个帖子
并运行以下命令:
spctl -a -t exec -vv mySignedFile.mpkg
输出是:
mySignedFile.mpkg: rejected
source=obsolete resource envelope
这意味着我的包裹将在 10.9.5 (OSX Mavericks) /10.10 (OSX Yosemite) 或更高版本被 Gatekeeper 拒绝。
我还检查了签名的版本,发现了一些奇怪的东西:
codesign -dvvv mySignedFile.mpkg
Executable=mySignedFile.mpkg/Contents/distribution.dist
Identifier=mySignedFile
Format=installer package bundle
CodeDirectory v=20200 size=183 flags=0x0(none) hashes=1+3 location=embedded
Hash type=sha1 size=20
CDHash=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Signature size=7589
Authority=Developer ID Application: My Company
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Jan 14, 2015, 13:08:13 pm
Info.plist=not bound
TeamIdentifier=XXXXXXXXX
Sealed Resources version=2 rules=4 files=2
Internal requirements count=1 size=200
Info.plist 而不是条目 = 一个等于未绑定的数字。