如何在xcode中上传dmg文件进行公证 [英] How to upload dmg file for notarization in xcode
问题描述
我正在尝试将我们现有的应用上传到 Apple 进行公证.
根据文档https://help.apple.com/xcode/mac/current/#/dev88332a81e我必须打开应用程序 xcode 存档管理器.
我们有一个从 jenkins 构建服务器生成的 dmg 文件.如何在xcode中打开dmg文件上传?
另外,是否有一些命令行工具可以用于公证?
您可以从命令行完成.
首先,您需要从 .dmg 中提取 .app 并退出它,删除过程中的 com.apple.security.get-task-allow
权利(这是由自动添加的支持调试的构建通常会通过存档删除 - 但是,公证服务不会接受具有该权利的包,因此您必须将其删除).
您使用的 .entitlements 文件可以是空的.
<小时>Xcode 10.2 及更高版本允许您设置构建设置代码签名注入基本权利",这将阻止首先添加 com.apple.security.get-task-allow
权利.您可以在例如使用此选项发布不需要调试的版本,并跳过整个辞职和重新打包的过程,并使用空的权利文件.
还要注意 --options runtime
的使用,它指定您的应用是使用强化运行时构建的,也是必需的.
codesign -f -s "Developer ID Application: Name (ID)" --entitlements my-entitlments.entitlements --options runtime MyApp.app
现在您需要将您的 .app 重新打包到 .dmg 中,然后辞职:
(我在这里也使用了 --options runtime
标志,但不确定是否有必要)
codesign -s "Developer ID Application: Name (ID)" MyApp.dmg --options 运行时
然后使用 altool
提交您的 .dmg:
(用户名和密码必须是开发者门户中 macOS 团队的成员)
xcrun altool --notarize-app -f MyApp.dmg --primary-bundle-id my-app.myapp -u 用户名 -p 密码
如果上传成功,你会得到一个令牌:
RequestUUID = 28fad4c5-68b3-4dbf-a0d4-fbde8e6a078f
然后你可以使用 altool
检查状态,使用该令牌:
xcrun altool --notarization-info 28fad4c5-68b3-4dbf-a0d4-fbde8e6a078f -u 用户名 -p 密码
最终,它要么成功,要么失败.继续检查.检查响应的状态"字段,应为成功".响应还将包含一个日志文件,您可以使用该文件对错误进行故障排除.
假设它成功,您需要将公证装订到应用程序:
xcrun 订书机订书机 MyApp.dmg
然后验证:
xcrun 订书机验证 MyApp.dmg
<块引用>
验证操作有效!
您也可以将隔离标志应用到您的 .app 并尝试启动它,您将看到新的 Gatekeeper 对话框:
xattr -w com.apple.quarantine MyApp.app
I am trying to upload our existing app to apple for notarization.
According to the document https://help.apple.com/xcode/mac/current/#/dev88332a81e I have to open the app the xcode archive organizer.
We have a dmg file generated from our jenkins build server. How do I open the dmg file in xcode to upload?
Also, is there some command line tool that I can use for the notarization?
You can do it from the command line.
First you will need to extract the .app from your .dmg and resign it, removing the com.apple.security.get-task-allow
entitlement in the process (this is added automatically by the build to support debugging and normally gets removed by archiving - the notarization service won't accept a package with that entitlement, however, so you must remove it).
The .entitlements file you use can just be an empty one.
Xcode 10.2 and higher lets you set a build setting "Code Signing Inject Base Entitlements" that will prevent the com.apple.security.get-task-allow
entitlement from being added in the first place. You can use this option on e.g. release builds where debugging is not required, and skip this whole dance of resigning and repackaging with an empty entitlements file.
Note also the use of the --options runtime
, which specifies your app was built with the hardened runtime, and is also required.
codesign -f -s "Developer ID Application: Name (ID)" --entitlements my-entitlments.entitlements --options runtime MyApp.app
Now you need to repackage your .app back inside a .dmg, and resign that:
(I use the --options runtime
flag here too, though not sure if it's necessary)
codesign -s "Developer ID Application: Name (ID)" MyApp.dmg --options runtime
Then use altool
to submit your .dmg:
(Username and password must be someone on the macOS team in the developer portal)
xcrun altool --notarize-app -f MyApp.dmg --primary-bundle-id my-app.myapp -u username -p password
If it upload successfully, you will get back a token:
RequestUUID = 28fad4c5-68b3-4dbf-a0d4-fbde8e6a078f
Then you can check the status with altool
, using that token:
xcrun altool --notarization-info 28fad4c5-68b3-4dbf-a0d4-fbde8e6a078f -u username -p password
Eventually, it will either succeed or fail. Just keep checking. Check the "Status" field of the response, which should be "success". The response will also include a log file that you can use to troubleshoot errors.
Assuming it succeeds, you need to staple the notarization to the app:
xcrun stapler staple MyApp.dmg
And then validate:
xcrun stapler validate MyApp.dmg
The validate action worked!
You can also apply the quarantine flag to your .app and try to launch it, you will see the new Gatekeeper dialog:
xattr -w com.apple.quarantine MyApp.app
这篇关于如何在xcode中上传dmg文件进行公证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!