Mac App Store助手工具沙箱 [英] Mac app store helper tool Sandboxing
问题描述
我的应用包含两个可执行文件
My app consist of two executables
- 主要应用可执行文件
- 小型控制台应用处理一些文件,此可执行文件位于Resources文件夹中(无需root特权)
问题是我不知道如何将此应用程序提交到appstore时,我从苹果收到以下响应
The thing is that I don't know how to submit this app to appstore, I get the following response from apple
无效签名-路径为appname.app的主应用程序包appname已签名但签名无效。从codesign报告了以下错误:
a密封的资源丢失或无效
在体系结构中:i386
Invalid Signature - the main app bundle appname at path appname.app is signed but the signature is invalid. The following error(s) were reported from codesign: a sealed resource is missing or invalid In architecture: i386
如果我删除了助手应用程序,它会绕过此错误,但该应用程序将根本无法工作。任何人都知道如何嵌入帮助程序并将其核心签名到应用商店的好方法或示例?
If I remove helper app, it bypasses this error, but app won't work at all. Anyone knows a good way or example on how to embed a helper app and sign it corectly to appstore??
Apple文档尚不清楚。
Apple docs are not clear on this.
推荐答案
您需要同时签署主应用程序和助手控制台工具
You need to sign both main app and helper console tool
签署.app是记录下来,所以我描述了如何对助手进行代码签名。
Signing .app is documented so I describe you how to codesign the helper.
- 手动创建权利文件并将其添加到助手项目中(您可以复制
- 创建一个Info.plist,如将Info.plist添加到单文件工具(此步骤应该不是强制性的,但是如果您发现帮助程序崩溃,请尝试添加它)
- Create by hand an entitlements file and add it to helper project (you can copy the one from main app and removing not necessary entitlements keys)
- Create an Info.plist as documented at Adding an Info.plist to Single-File Tools (this step should be not mandatory but if you find the helper crash try to add it)
如果主应用程序启动了帮助程序工具,则您需要添加
If main app launches the helper tool you should need to add
com.apple.security.inherit
这在启用应用沙盒继承
如果主应用程序以其他方式与帮助程序交互,则可能需要XPC通信,或者如果幸运的话,使用应用程序组
If main app interacts with helper in some other manner maybe you need XPC communication or if you are lucky it will be sufficient to use App Group
类似
<key>com.apple.security.application-groups</key>
<array>
<string>$(TeamIdentifierPrefix)my.package</string>
</array>
根据我的经验,TeamIdentifierPrefix在开发环境中必须为空,并设置为您的团队ID 当您提交给MAS时,请谨慎处理关于TeamIdentifierPrefix的注意事项(即,尝试一下)
From my experience TeamIdentifierPrefix must be empty on development environment and set to your team id when you submit to MAS, please handle with care my considerations on TeamIdentifierPrefix (i.e. try yourself)
这篇关于Mac App Store助手工具沙箱的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
