Productsigned Mac 应用程序未安装在非我的计算机中 [英] Productsigned Mac app not installing in computers that are not mine

问题描述

我有一个 Mac 应用程序，我使用终端上的productsign"命令对其进行了签名

I have a Mac app which I have signed using the 'productsign' command from the terminal

productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg

productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain
productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: Wrote signed product archive to InstallerSigned.pkg

然后我运行了评估命令

spctl -a -v --type install  InstallerSigned.pkg
InstallerSigned.pkg: accepted

我也检查了签名

pkgutil --check-signature InstallerSigned.pkg 
Package "InstallerSigned.pkg":
Status: signed by a developer certificate issued by Apple
   Certificate Chain:
    1. 3rd Party Mac Developer Installer: My company (dasdfjkaj)
    2. Apple Worldwide Developer Relations Certification Authority
    3. Apple Root CA

当我从我的机器上运行安装程序时(Gatekeeper 设置为Mac App Store 和已识别的开发人员")，它运行良好.当我将它部署到我的网站后下载相同的 pkg 时，它也正确安装.

When I run the installer from my machine (with Gatekeeper set to "Mac App store and identified developers") it runs fine. It also installed properly when I downloaded the same pkg after I deployed it to my website.

但是...当我在另一台机器上下载 pkg 时，它无法安装.它无法识别我的开发者 ID.当我在故障机器上运行 spctl 命令时，我得到了

But... when I download the pkg in another machine it fails to install. It does not recognize my developer ID. When I run the spctl command on the failed machine, I get

spctl -a -v --type install  InstallerSigned.pkg
InstallerSigned.pkg: rejected

有谁知道为什么它在我自己的机器上运行良好，但当 pkg 在另一台机器上运行时失败?我真的没有主意了:/

Does anyone know why this it runs fine on my own machine but fails when the pkg runs on another machine? I am all out of ideas really :/

这就是我得到的时候

spctl --list --type execute
3[Apple System] P0 allow execute
    anchor apple
4[Mac App Store] P0 allow execute
    anchor apple generic and certificate leaf[field.<I removed this>] exists
5[Developer ID] P0 allow execute
    anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists
7[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
10[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
14[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
15[GKE] P0 allow execute [(gke)]
    cdhash H"<I removed this>"
18[GKE] P0 allow execute [(gke)]

推荐答案

证书问题

这些是您需要一起用于协同签名的证书:

Certificates Matter

These are the certificates you will need to use together for codesigning:

• 开发者 ID 安装程序

• 开发者 ID 应用程序

• 第 3 方 Mac 开发者安装程序(通常仅用于 AppStore 应用程序).

• 3rd Party Mac Developer Installer (usually only used for the AppStore apps).

如果不提交到 AppStore，您将使用Developer ID Installer"证书.对于特定的代码签名部分，您需要使用Developer ID Application"证书.

The "Developer ID Installer" certificate is what you would use if not submitting to the AppStore. For codesigning portions specifically, you need to use the "Developer ID Application" certificate.

Apple 开发者代码设计工作流程指南

这篇关于Productsigned Mac 应用程序未安装在非我的计算机中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！