OS X 10.8守和Java applets [英] OS X 10.8 Gatekeeper and Java applets
问题描述
在OS X 10.8的新版本,网守会弹出下面的警告,当您尝试启动一个签名的Java小程序:
With the new release of OS X 10.8, the Gatekeeper will popup the following warning, when you try to start a signed Java applet:
该小程序已经签署了一个有效的code签名证书,将正常工作在其他平台上,以及OS X的previous版本如果我改变允许下载的应用程序:以任何地方 ,它工作正常。
The applet has been signed with a valid code signing certificate and will work correctly on other platforms as well as previous versions of OS X. If I change "Allow applications downloaded from:" to "Anywhere", it works correctly.
据我可以找出数字签名无法验证,实际上是指类似签名尚未作出了Mac开发者ID。
As far as I can figure out "The digital signature could not be verified", actually means something like "the signature has not been made with a Mac Developer ID".
所以:我可以用Mac开发者ID签名Java Applet?我可以同时拥有Mac开发者ID和一个标准的code签名证书签名?有没有更好的方法吗?
So: Can I sign Java applets with a Mac Developer ID? Can I sign it with both a Mac Developer ID and a standard code signing certificate? Is there a better approach?
推荐答案
下面是我从苹果开发人员技术支持得到了答案:
Here's the answer that I got from Apple Developer Technical Support:
感谢您的耐心等待我们研究这一点。
Thank you for your patience while we investigated this.
警报是由Java的psented $ P $,而不是由网守。但是,你
正确的验证逻辑是在OS X山狮的变化。
The alert is presented by Java, not by Gatekeeper. However, you're correct that the verification logic was changed on OS X Mountain Lion.
有关,而现在,用户已经与此警报的时候psented $ P $
运行已签名Applet,因为签名的Applet可以逃脱了Java
沙箱,使用户的系统意想不到的变化。用户可以
该选项选中允许所有小程序复选框,如果
他们信任的开发商,因此,他们不会再看到警报
除非他们从Java安全preferences删除该项目。
For a while now, users have been presented with this alert when running a signed applet, because signed applets can escape the Java sandbox and make unexpected changes to the user's system. Users have the option to check the "Allow all applets from " box if they trust the developer and thus they won't see the alert again unless they remove the item from the Java Security preferences.
在什么山狮的变化是,现在验证警报
基本上意味着Applet的签名是有效的,但小程序
从一个身份不明的开发者,并试图升级权限
当关守已启用,用户必须决定是否允许
这一点。
What's changed in Mountain Lion is that the verification alert now basically means that the applet's signature is valid, but the applet is from an unidentified developer and is trying to escalate privileges when Gatekeeper is enabled and the user has to decide whether to allow that.
身份不明的开发商是指除在Mac App Store以外的源
或者开发者ID标识的开发商。请注意,Java小程序不能
参与开发者ID程序。
"Unidentified developer" means a source other than the Mac App Store or a Developer ID-identified developer. Note that Java applets cannot participate in the Developer ID program.
如果网闸设置为只信任Mac App Store的应用程序,那么你会
不能,除非你添加到程序添加到信任列表
小应用程序的证书添加到钥匙链使用出现的表
单击显示详细信息了。
If Gatekeeper is set to trust only Mac App Store apps, then you will not be able to add the applet to the trusted list unless you add the applet's certificate to the keychain using the sheet that appears after clicking Show Details.
未签名的applet不允许在所有逃离Java沙箱。
Unsigned applets are not allowed to escape the Java sandbox at all.
这是与守的处理原生Mac应用程序的一致性;
从不明应用程序的开发人员不准在默认情况下运行。
This is consistent with Gatekeeper's treatment of native Mac apps; apps from unidentified developers are not allowed to run by default.
如果你想看到改变警报的措辞,请提交
在 https://developer.apple.com/bugreporter 的bug报告。
If you'd like to see the wording of the alert changed, please file a bug report at https://developer.apple.com/bugreporter.
这基本上意味着没有办法登入小程序以这样的方式,可以避免这种消息被显示。我提交了一份bug报告给苹果说,我要改变邮件的措辞不包含类似不知名,UNVERIFIED话,不安全的......因为这是签署小应用程序,让用户可以感受到温暖所有的整点和舒适,当他们需要允许小程序运行,向他们保证,他们将要允许正常和验证,它不会做任何伤害到他们的电脑,里面我们需要显示它在一个地方,它将是可见的,戳他们的眼睛吧。
This basically means that there is no way to sign the applet in such a way that you can avoid this message to be shown. I filed a bug report to Apple saying that I want the wording of the message to be changed not to contain words like UNIDENTIFIED, UNVERIFIED, INSECURE... because that's the whole point of signing the applets, so that the users can feel all warm and cosy inside when they need to allow the applet to run, to assure them that what they are about to allow is OK and verified and it won't do any harm to their computer, and we need to show it on a place where it will be visible, to poke their eyes with it.
这篇关于OS X 10.8守和Java applets的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
