Mac 应用商店助手工具沙盒 [英] Mac app store helper tool Sandboxing
问题描述
我的应用由两个可执行文件组成
My app consist of two executables
- 主应用程序可执行文件
- 用于处理某些文件的小型控制台应用程序,此可执行文件位于 Resources 文件夹中(无需 root 权限)
问题是我不知道如何将这个应用提交到应用商店,我得到了苹果的以下回复
The thing is that I don't know how to submit this app to appstore, I get the following response from apple
无效签名 - 路径 appname.app 处的主应用程序包 appname 已签名,但签名无效.协同设计报告了以下错误:密封资源丢失或无效在架构方面:i386
Invalid Signature - the main app bundle appname at path appname.app is signed but the signature is invalid. The following error(s) were reported from codesign: a sealed resource is missing or invalid In architecture: i386
如果我删除辅助应用程序,它会绕过此错误,但应用程序根本无法运行.任何人都知道如何嵌入辅助应用程序并将其正确签名到应用商店的好方法或示例??
If I remove helper app, it bypasses this error, but app won't work at all. Anyone knows a good way or example on how to embed a helper app and sign it corectly to appstore??
Apple 文档对此并不清楚.
Apple docs are not clear on this.
推荐答案
主应用和辅助控制台工具都需要签名
You need to sign both main app and helper console tool
签名 .app 已记录在案,因此我向您介绍了如何对帮助程序进行代码签名.
Signing .app is documented so I describe you how to codesign the helper.
- 手动创建一个权利文件并将其添加到帮助项目(您可以从主应用程序复制该文件并删除不需要的权利密钥)
- 创建一个 Info.plist,如 将 Info.plist 添加到单文件工具(这一步应该不是强制性的,但如果您发现帮助程序崩溃,请尝试添加它)莉>
- Create by hand an entitlements file and add it to helper project (you can copy the one from main app and removing not necessary entitlements keys)
- Create an Info.plist as documented at Adding an Info.plist to Single-File Tools (this step should be not mandatory but if you find the helper crash try to add it)
如果主应用程序启动辅助工具,您需要添加
If main app launches the helper tool you should need to add
com.apple.security.inherit
这在 启用应用沙盒继承
如果主应用程序以其他方式与助手交互,也许您需要 XPC 通信,或者如果您很幸运,使用 应用组
If main app interacts with helper in some other manner maybe you need XPC communication or if you are lucky it will be sufficient to use App Group
类似的东西
<key>com.apple.security.application-groups</key>
<array>
<string>$(TeamIdentifierPrefix)my.package</string>
</array>
根据我的经验 TeamIdentifierPrefix 在开发环境中必须为空并设置为您的 team id 当您提交给 MAS 时,请谨慎处理我对 TeamIdentifierPrefix 的考虑(即自己尝试)
From my experience TeamIdentifierPrefix must be empty on development environment and set to your team id when you submit to MAS, please handle with care my considerations on TeamIdentifierPrefix (i.e. try yourself)
这篇关于Mac 应用商店助手工具沙盒的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
