macOS公证错误：“使用的签名算法太弱”； [英] macOS notarization error: "The signature algorithm used is too weak"

问题描述

我想知道是否有人熟悉此错误，只有在将我的应用程序上载到Apple进行公证时才会发生：

I wonder if anyone's familiar with this error which only happens when I upload my apps to Apple for notarization:

"AppName.zip/AppName.app/Contents/Resources/EWSMacCompress.tar.gz/EWSMacCompress.tar/EWSMac.framework/Versions/A/EWSMac83886082"
"The signature algorithm used is too weak."

其他信息：

-I'多年来，我一直在为我的应用程序签名。该错误仅在发送应用程序以进行公证时发生。

-I've been signing my apps for years with no issues. The error only happens when sending the apps for notarization.

-我在2018年11月提交了一个错误，提供了苹果要求的所有信息-但从未得到解决。

-I submitted a bug back in November 2018, provided Apple all the info they asked for - but it was never addressed further.

-我最近再次联系了Apple，他们向我指出了一些资源页面，该页面最后一次更新是在2016年。它简短地提到了类似的错误-但仍然没有任何错误有关如何解决的信息：
https://developer.apple.com/library/archive/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG301

-I recently contacted Apple again and they pointed me to some resource page that was last updated back in 2016. It briefly mentions a similar error - but still without any info on how to solve it: https://developer.apple.com/library/archive/technotes/tn2206/_index.html#//apple_ref/doc/uid/DTS40007919-CH1-TNTAG301

-搜索此错误不会产生任何有用的结果。

-A search on this error didn't produce anything useful.

-所涉及的tar.gz文件是eSellerate授权框架。正如许多人可能知道的那样，十多年来，它一直是Mac软件的流行许可平台。不久前我切换到其他许可平台时，我仍然拥有成千上万的拥有eSellerate许可的客户（我敢肯定其他许多Mac开发人员的情况）。

-The tar.gz file in question is an eSellerate licensing framework. As many people may know, it's been a popular licensing platform for Mac software for over a decade. While I switched to a different licensing platform some time ago, I still have thousands of customers with eSellerate licenses (as I'm sure is the situation with many other Mac developers).

据我所知，整个情况与tar.gz归档文件中的文件签名有关-在此我也找不到任何信息

As far as I understand, this whole situation has to do something with signing files inside tar.gz archives - on which I couldn't find any info either

任何

谢谢，
Leo

Thanks, Leo

推荐答案

您必须打开 tar ， zip 或 jar 文件，对所有有错误的文件进行代码签名，然后重新打包。

You have to unpack your tar, zip or jar file, codesign all the files that have errors and repackage them.

只需检查日志并对所有错误进行代码签名，然后对整个应用程序进行签名。
对我来说，我使用以下两个命令。

Just go through the logs and codesign all of them with errors, and then sign the app as a whole. For me, I use the following two commands.

find ./MyApp -type f \
 -exec codesign --timestamp \
 --keychain /Users/builduser/Library/Keychains/login.keychain-db \
 -s 'Developer ID Application: XXXXXXXX' -f --verbose=9 --deep \
 --options=runtime --entitlements entitlements.xml {} +

然后签名应用

codesign --timestamp \
 --keychain /Users/builduser/Library/Keychains/login.keychain-db \
 -s 'Developer ID Application: XXXXXXXX' -f --verbose=9 --deep \
 --options=runtime --entitlements entitlements.xml MyApp

您必须使用-options = runtime运行代码签名。
这是指南。

如果您正在构建Java应用程序，这些链接也可能会有所帮助：

If you are building Java apps, these links might also be helpful: How to build MacOS app with hardened runtime in AppBundler

https://bitbucket.org/infinitekind/appbundler/issues/ 39 / build-with-hardened-runtime

这篇关于macOS公证错误：“使用的签名算法太弱”；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！