如何仅使用普通的Apple ID帐户签署dylib?(尚无开发者帐户) [英] How can I sign a dylib using just a normal apple id account? (No developer account yet)

问题描述

我有一个dylib，为了使其能够在我的机器上运行，我不得不在xcode的目标设置中禁用库验证.是否可以仅出于测试目的而在没有付费开发人员帐户的情况下对其进行签名?任何有关如何执行此操作的链接或教程都会有很大帮助.

解决方案

取决于您获取库的方式.

在Xcode中构建

如果使用Xcode构建，则应该能够启用签名并告诉它使用 Team None 和 Sign在本地运行项目的签名和功能窗格.

签署现有的dylib

如果您不是在Xcode中构建它，并且想要对以其他方式构建或检索的二进制文件进行签名，则需要使用 codesign ，该代码可以是非常复杂.

从理论上讲，您可以使用已被授权进行代码签名的任何证书来运行codesign，并且可以使用自签名证书来创建代码，但这是最大的麻烦，并且不一定能成功./p>

如果您已登录开发人员门户并允许Xcode为您管理签名标识，则Xcode应该自动创建"Mac Developer"代码签名证书.

您可以使用以下方法验证您是否具有代码签名身份:

 安全性查找身份-v -p代码签名 

这将列出所有有效的代码签名身份.

对 dylib 进行签名是使用codesign命令的问题:

  codesign --force --timestamp --sign<证书名称><您要签名的二进制文件> 

使用自签名代码签名证书

注意:不建议这样做，但这确实对我有用.

1. 启动钥匙串访问
2. 选择钥匙串访问>证书助手>创建证书...
3. 命名您的证书易于输入
4. 将证书类型更改为代码签名
5. 点击创建
6. 阅读警告后点击继续
7. 完成后单击完成(然后返回钥匙串访问")
8. 在钥匙串访问"中找到您新创建的证书，然后双击它以获取详细信息
9. 点击信任旁边的显示三角形以显示信任首选项
10. 将使用此证书时设置为始终信任

现在，当您运行上述 security 命令以列出代码签名证书时，应该会显示您的自签名证书.如果是这样，您很可能没有将始终信任或证书类型设置为代码签名.

此时，您准备执行代码签名命令，然后可以使用以下命令进行验证:

  codesign -vvvv< dylib的路径> 

I have a dylib and in order for the it to be able to run on my machine, I had to disable library validation in the target settings on xcode. Is it possible to get it signed without a paid developer account just for testing purposes? Any links or tutorials on how to go about doing that would help a great deal.

解决方案

Depends on how you're getting the library.

Building in Xcode

If building in Xcode, you should be able to enable signing and tell it to use Team None and Sign to Run Locally all in the Signing and Capabilities pane of the Project.

Signing an existing dylib

If you're not building it in Xcode and you want to sign a binary you've built or retrieved in some other manner, you're going to need to use codesign, which can be pretty complex.

You can theoretically run codesign using any certificate that has been authorized for code signing, and you can create that with a self-signed certificate, but that is a supreme pain in the neck, and not certain to result in success.

Xcode should automatically create a "Mac Developer" code signing certificate if you have signed in to the developer portal and allowed Xcode to manage signing identifies for you.

You can verify that you have a codesigning identity by using:

security find-identity -v -p codesigning

This will list all of the valid codesigning identities.

Signing the dylib is a matter of using the codesign command:

codesign --force --timestamp --sign <name of certificate> <binary you want to sign>

Using a self-signed code-signing certificate

Note: this is not recommended, but it did work for me.

1. Start Keychain Access
2. Choose Keychain Access > Certificate Assistant > Create a Certificate...
3. Name your certificate something easy to type
4. Change the Certificate Type to Code Signing
5. Click Create
6. Click Continue after reading the warning
7. Click Done when it completes (and go back to Keychain Access)
8. Find your newly-created certificate in Keychain Access and double-click on it to get the details
9. Click the disclosure triangle next to Trust to expose the trust preferences
10. Set When using this certificate to Always Trust

Now, your self-signed certificate should show up when you run the aforementioned security command to list out the codesigning certificates. If it does, you most likely didn't set the Always Trust or the certificate type to Code Signing.

At this point, you're ready to execute the code signing command, and then you can verify using:

codesign -vvvv <path to dylib>

这篇关于如何仅使用普通的Apple ID帐户签署dylib?(尚无开发者帐户)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！