我正在尝试使用购买的 COMODO 证书对 OSX Sierra 的桌面应用程序二进制文件进行代码签名。在命令运行CSSMERR_TP_NOT_TRUSTED
结束时出现代码签名验证错误:macdeployqt
$ security unlock-keychain -p "$PASSWORD" /Users/user/Library/Keychains/login.keychain
$ ~/Qt5.8/5.8/clang_64/bin/macdeployqt app_name.app/ -codesign=(cat ~/keyid3) -verbose=4 -no-plugins # (1)
# (...)
Log: Finished codesigning "app_name.app" with identity "118E862D88E30998B6C4BACB8ABCB1FBDEADBEEF"
ERROR: codesign verification error:
ERROR: "app_name.app: CSSMERR_TP_NOT_TRUSTED\nIn architecture: x86_64\n"
当我尝试直接在最终包上使用 codesign 实用程序时也会发生同样的情况(我提供与 XCode 相同的证书 ID):
+ security unlock-keychain -p "$PASSWORD" /Users/user/Library/Keychains/login.keychain
+ export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
+ CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
+ /usr/bin/codesign --force --sign 118E862D88E30998B6C4BACB8ABCB1FBDEADBEEF --deep --timestamp=none '<build-path>/app_name'
+ /usr/bin/codesign --verify '<build-path>/app_name' -dv
Executable=<build-path>/app_name/Contents/MacOS/app_name
Identifier=$(PRODUCT_BUNDLE_IDENTIFIER)
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=19725 flags=0x0(none) hashes=611+3 location=embedded
Signature size=2359
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources version=2 rules=13 files=2
Internal requirements count=1 size=104
+ /usr/bin/codesign --verify '<build-path>/app_name'
<build-path>/app_name: CSSMERR_TP_NOT_TRUSTED
In architecture: x86_64
+ spctl -a -v <build-path>/app_name
<build-path>/app_name/: CSSMERR_TP_NOT_TRUSTED
由 XCode 编译和签名的二进制文件虽然被 Gatekeeper 接受(我使用 CMake 生成 XCode 项目,然后修改项目属性以对二进制文件进行签名——但这并没有为我制作完整的捆绑包)。我使用相同的codesign
命令(从 XCode 的日志中复制)进行签名。
我已经:
- 删除并导入证书,
- 允许它用于所有应用程序,
- 选中的是权限系统默认值,
- 检查系统中的双重证书。
我使用 qmake (Qt5.8) 创建 makefile。我的捆绑内容(之后make
,之前macdeploy
):
./Contents
./Contents/_CodeSignature
./Contents/_CodeSignature/CodeResources
./Contents/Info.plist
./Contents/MacOS
./Contents/MacOS/app_name
./Contents/PkgInfo
./Contents/Resources
./Contents/Resources/CS_icon.icns
./Contents/Resources/empty.lproj
我应该怎么做才能在 OSX Sierra 下制作正确的签名二进制文件?