为什么OSX不断要求已签名的我的应用程序具有防火墙许可? [英] Why is OSX continually asking for firewall permission for my app which is signed?

问题描述

OSX El Capitan版本10.11.4

OSX El Capitan version 10.11.4

我正在Xcode中构建一个应用程序，并使用正式的开发人员证书对其进行签名.然后，将其打包到我也要签名的DMG中.

I am building an application in Xcode and signing it with an official developer cert. I then package this into a DMG which I am also signing.

我的应用程序侦听特定端口(在这种情况下为7772)上的TCP连接.

My application listens for TCP connections on a specific port (7772 in this case).

我已验证签名:

$ codesign -dvvvv /Applications/Foo.app/

Executable=/Applications/Foo.app/Contents/MacOS/Foo
Identifier=com.foo.bar.Foo
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=69949 flags=0x0(none) hashes=2179+4 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=188672458e5a40f9f5eb72a864ecaee6dbb46970
CandidateCDHash sha256=c0f4bc81011db7123d8bf881d14868e6e4203cdf
Hash choices=sha1,sha256
CDHash=c0f4bc81011db7123d8bf881d14868e6e4203cdf
Signature size=8912
Authority=Developer ID Application: *** Inc. (3********2)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Apr 15, 2016, 4:12:19 PM
Info.plist entries=27
TeamIdentifier=3*********2
Sealed Resources version=2 rules=12 files=32
Internal requirements count=1 size=192

在启用防火墙的情况下重新启动时，出现提示，要求我允许应用程序接受传入的连接.

When I reboot with the firewall enabled I get a prompt asking me to allow the application to accept incoming connections.

如果我说好的，那么它可以工作(显然)，并且如果拒绝"，则防火墙会阻止端口.

If I say ok, then it works (obviously) and if "deny" then the firewall blocks the port.

我的问题是为什么我的应用签名是否正确?

一旦我点击接受"，我的防火墙应用程序中也看不到它.

Once I hit "accept" I don't see it in my firewall applications either.

我忘了提到我的防火墙已配置为自动允许签名的软件接收传入的连接" .这就是为什么我对我的应用进行签名并通过代码签名验证后感到不解的原因.

I forgot to mention that my firewall is configured to "Automatically allow signed software to receive incoming connections". That's why I'm puzzled since my app is being signed and passes codesign verification.

推荐答案

据此: https ://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html

您应检查代码指定要求": codesign -vv yourapp.app

you should check the Code Designated Requirement: codesign -vv yourapp.app

这篇关于为什么OSX不断要求已签名的我的应用程序具有防火墙许可?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！