产品Mac应用程序不安装在不是我的计算机 [英] Productsigned Mac app not installing in computers that are not mine
问题描述
我有一个Mac应用程序,我已经使用终端上的'productsign'命令签名
productsign - 第三方Mac开发商安装程序:我的公司(dasdfjkaj)InstallerUnsigned.pkg InstallerSigned.pkg
productsign:使用第三方Mac开发人员安装程序:我的公司(dasdfjkaj)从keychain / me / Library / Keychains / login.keychain
productsign:添加中间证书Apple Worldwide开发人员关系认证中心
productsign:已签署的产品归档文件InstallerSigned.pkg
然后我运行了命令
spctl -a -v-install install InstallerSigned.pkg
InstallerSigned.pkg:accepted
也检查签名
pkgutil --check-signature InstallerSigned.pkg
软件包InstallerSigned.pkg:
状态:由苹果颁发的开发人员证书签署
证书链:
1.第三方Mac开发人员安装程序:我的公司(dasdfjkaj)
2. Apple全球开发人员关系认证中心
3. Apple Root CA
当我从我的机器运行安装程序(Gatekeeper设置为 Mac应用商店和识别开发人员)它运行正常。它也安装正确,当我下载了相同的pkg后,我部署到我的网站。
但是...当我在另一台机器上下载pkg时,它无法安装。它无法识别我的开发者ID。当我在失败的机器上运行spctl命令时,我得到
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg:rejected
有人知道为什么它在我自己的机器上运行良好,当pkg在另一台机器上运行时失败?我真的很想出来:/
编辑:
这是我在spctl --list --type execute
3 [Apple系统] P0允许执行
锚点苹果
4 [Mac App Store] P0允许执行
anchor apple generic and certificate leaf [field。< I removed this>] exists
5 [开发者ID] P0允许执行
锚点苹果通用和证书1 [字段< I removed this> ;]存在并且证书叶[字段。< I removed this>]存在
7 [GKE] P0 allow execute [(gke)]
cdhash H< I removed this>
10 [GKE] P0 allow execute [(gke)]
cdhash H< I removed this>
14 [GKE] P0 allow execute [(gke)]
cdhash H< I removed this>
15 [GKE] P0 allow execute [(gke)]
cdhash H< I removed this>
18 [GKE] P0 allow execute [(gke)]
解决方案证书重要
这些是您需要一起使用以进行代码签名的证书:
- 开发者ID安装程序
开发者ID应用
- 第三方Mac开发人员安装程序(通常只用于AppStore应用程式)。
开发人员ID安装程序证书是您在未提交到AppStore时将使用的证书。对于具体指定部分的代码,您需要使用开发人员ID应用证书。
I have a Mac app which I have signed using the 'productsign' command from the terminal
productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority" productsign: Wrote signed product archive to InstallerSigned.pkg
I then ran the assess command
spctl -a -v --type install InstallerSigned.pkg InstallerSigned.pkg: accepted
I also checked the signature
pkgutil --check-signature InstallerSigned.pkg Package "InstallerSigned.pkg": Status: signed by a developer certificate issued by Apple Certificate Chain: 1. 3rd Party Mac Developer Installer: My company (dasdfjkaj) 2. Apple Worldwide Developer Relations Certification Authority 3. Apple Root CA
When I run the installer from my machine (with Gatekeeper set to "Mac App store and identified developers") it runs fine. It also installed properly when I downloaded the same pkg after I deployed it to my website.
But... when I download the pkg in another machine it fails to install. It does not recognize my developer ID. When I run the spctl command on the failed machine, I get
spctl -a -v --type install InstallerSigned.pkg InstallerSigned.pkg: rejected
Does anyone know why this it runs fine on my own machine but fails when the pkg runs on another machine? I am all out of ideas really :/
EDIT: This is what I get when
spctl --list --type execute 3[Apple System] P0 allow execute anchor apple 4[Mac App Store] P0 allow execute anchor apple generic and certificate leaf[field.<I removed this>] exists 5[Developer ID] P0 allow execute anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists 7[GKE] P0 allow execute [(gke)] cdhash H"<I removed this>" 10[GKE] P0 allow execute [(gke)] cdhash H"<I removed this>" 14[GKE] P0 allow execute [(gke)] cdhash H"<I removed this>" 15[GKE] P0 allow execute [(gke)] cdhash H"<I removed this>" 18[GKE] P0 allow execute [(gke)]
解决方案Certificates Matter
These are the certificates you will need to use together for codesigning:
- Developer ID Installer
Developer ID Application
- 3rd Party Mac Developer Installer (usually only used for the AppStore apps).
The "Developer ID Installer" certificate is what you would use if not submitting to the AppStore. For codesigning portions specifically, you need to use the "Developer ID Application" certificate.
Apple Developer Codesigning Workflow Guide
这篇关于产品Mac应用程序不安装在不是我的计算机的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文