Mac DMG古怪-签名并“损坏"；应用领域 [英] Mac DMG oddity - signing and "damaged" applications

问题描述

我的Gatekeeper设置为应用商店和已确定的开发人员"

My Gatekeeper settings are "App Store and Identified Developers"

我有一个带有已签名应用程序的DMG.

I have a DMG with a signed app.

当我安装DMG并在本地运行时，它可以工作. 当我将同一个DMG(通过http)上传到我们的服务器时，(通过http)下载它，安装并尝试运行该应用程序时，我弹出一个窗口，说我的应用程序已损坏，无法打开.您应该移动它到垃圾箱.

When I mount the DMG and run it locally, it works. when I upload the same DMG to our servers (via http), download it (via http), mount it, and try to run the app I get a popup saying my application is "damaged and can't be opened. You should move it to the Trash.

我不知道发生了什么.同一文件如何在本地正确运行，但是在上载和下载时已损坏?该服务器很好，我们公司中的其他各方也可以从该服务器上载和下载应用程序.

I have no idea what's going on. How can the same file run correctly locally, but when uploaded and downloaded it's corrupt? The server is fine, other parties in our company upload and download applications from it just fine.

我想念什么吗?

推荐答案

经过大量尝试后发现了问题.

Figured out the problem after lot of tries.

就我而言: 弹出消息-损坏的应用程序由于缺少库而出现. 我已经使用QT创建了.app文件. 为了生成dmg，我使用了deploymacqt命令工具. deploymacqt工具会在.app中创建动态库，因此，基本上，如果我们在创建dmg之前进行代码签名，则此更改将操纵代码符号. 因此，正确的解决方法是.

In my case: The Pop Message - damaged application came due to libraries were missing. I Had created .app file using QT. To generate dmg i was using deploymacqt command tool. deploymacqt tool creates dynamic libraries inside .app, so basically if we codesign before creating dmg, this alter will manipulate code sign. So the proper fix is.

# Create dmg using 
    deploymacqt <yourapp.app> -dmg

# Open resulted dmg file, copy <yourapp.app> to different folder(let's say /Documents/<yourapp.app>)

# Codesign the /Documents/<yourapp.app> using 
    codesign --deep --force --verify --verbose --sign "Developer ID Application: <developerid>" <yourapp.app>

# Verify using
    codesign --verify --verbose=4 <yourapp.app>
 * you should see something like this
    <yourapp.app>: valid on disk
    <yourapp.app>: satisfies its Designated Requirement

# Now create again the dmg file using [dropdmg](https://c-command.com/dropdmg/) application, download, install dropdmg. set the cofiguration preferences with your developer id certificate in signing option.

# drag and drop <yourapp.app> to dropdmg app, wait for creation of dmg to complete. voila you have now successfully created dmg with proper developer id certification.

# verify resulted dmg again using   
     codesign --verify --verbose=4 <yourapp.dmg>
# you can also verify with gatekeeper
     spctl -a -t exec -vv <yourapp.dmg>

这篇关于Mac DMG古怪-签名并“损坏"；应用领域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！