Fatal编程技术网
  • macos/
  • Macos 为什么OSX10.10上的gatekeeper不接受在OSX10.9上使用版本2信封的应用程序?

Macos 为什么OSX10.10上的gatekeeper不接受在OSX10.9上使用版本2信封的应用程序?

macos

Macos 为什么OSX10.10上的gatekeeper不接受在OSX10.9上使用版本2信封的应用程序?,macos,code-signing,osx-yosemite,osx-gatekeeper,Macos,Code Signing,Osx Yosemite,Osx Gatekeeper,我们有一个Mono Mac应用程序,它是在AppStore之外分发的,由开发者Id证书签名。Gatekeeper在OS X 10.9上接受应用程序(在10.9.4上测试),但在10.10 DP 7上无法接受 10.10 DP 7上某些故障排除命令的输出: mactesters-Mac-mini:myapp 1 mactester$ spctl --assess -v ./myapp.app ./myapp.app: rejected source=obsolete resource envelo

我们有一个Mono Mac应用程序,它是在AppStore之外分发的,由开发者Id证书签名。Gatekeeper在OS X 10.9上接受应用程序(在10.9.4上测试),但在10.10 DP 7上无法接受

10.10 DP 7上某些故障排除命令的输出:

mactesters-Mac-mini:myapp 1 mactester$ spctl --assess -v ./myapp.app
./myapp.app: rejected
source=obsolete resource envelope

mactesters-Mac-mini:myapp 1 mactester$ codesign -v myapp.app
myapp.app: resource envelope is obsolete (custom omit rules)

mactesters-Mac-mini:myapp 1 mactester$ codesign -dv myapp.app/
Executable=/Volumes/myapp 1/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:55:21
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224
mactesters-Mac-mini:myapp 1 mactester$ 

macadmins-iMac:myapp mactester$ spctl --assess -v ./myapp.app
./myapp.app: accepted
source=Developer ID

macadmins-iMac:myapp mactester$ codesign --verify --deep --verbose=4 ./myapp.app
./myapp.app: valid on disk
./myapp.app: satisfies its Designated Requirement

macadmins-iMac:myapp mactester$ codesign -dv myapp.app
Executable=/Volumes/myapp/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:54:50
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224

codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app/Contents/MonoBundle/libMonoPosixHelper.dylib
codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app
10.9上相同应用程序的输出:

mactesters-Mac-mini:myapp 1 mactester$ spctl --assess -v ./myapp.app
./myapp.app: rejected
source=obsolete resource envelope

mactesters-Mac-mini:myapp 1 mactester$ codesign -v myapp.app
myapp.app: resource envelope is obsolete (custom omit rules)

mactesters-Mac-mini:myapp 1 mactester$ codesign -dv myapp.app/
Executable=/Volumes/myapp 1/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:55:21
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224
mactesters-Mac-mini:myapp 1 mactester$ 

macadmins-iMac:myapp mactester$ spctl --assess -v ./myapp.app
./myapp.app: accepted
source=Developer ID

macadmins-iMac:myapp mactester$ codesign --verify --deep --verbose=4 ./myapp.app
./myapp.app: valid on disk
./myapp.app: satisfies its Designated Requirement

macadmins-iMac:myapp mactester$ codesign -dv myapp.app
Executable=/Volumes/myapp/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:54:50
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224

codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app/Contents/MonoBundle/libMonoPosixHelper.dylib
codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app
使用的代码签名命令不包含--resource rules标志:

mactesters-Mac-mini:myapp 1 mactester$ spctl --assess -v ./myapp.app
./myapp.app: rejected
source=obsolete resource envelope

mactesters-Mac-mini:myapp 1 mactester$ codesign -v myapp.app
myapp.app: resource envelope is obsolete (custom omit rules)

mactesters-Mac-mini:myapp 1 mactester$ codesign -dv myapp.app/
Executable=/Volumes/myapp 1/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:55:21
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224
mactesters-Mac-mini:myapp 1 mactester$ 

macadmins-iMac:myapp mactester$ spctl --assess -v ./myapp.app
./myapp.app: accepted
source=Developer ID

macadmins-iMac:myapp mactester$ codesign --verify --deep --verbose=4 ./myapp.app
./myapp.app: valid on disk
./myapp.app: satisfies its Designated Requirement

macadmins-iMac:myapp mactester$ codesign -dv myapp.app
Executable=/Volumes/myapp/myapp.app/Contents/MacOS/myapp.sh
Identifier=com.Company.myapp
Format=bundle with generic
CodeDirectory v=20100 size=145 flags=0x0(none) hashes=1+3 location=embedded
Signature size=8531
Timestamp=03 Sep 2014 16:54:50
Info.plist entries=32
TeamIdentifier=not set
Sealed Resources version=2 rules=5 files=813
Internal requirements count=2 size=224

codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app/Contents/MonoBundle/libMonoPosixHelper.dylib
codesign -v --force --sign 'dev id...' /Volumes/myapp/myapp.app
习惯省略规则意味着什么?如何解决这个问题

“自定义忽略规则”错误是由于在签名期间使用--resource rules标志造成的。这个标志已经被弃用了一段时间,从OSX 10.9.5开始,它不再被Gatekeeper接受。您可以安全地删除它,但是,版本2签名是向后兼容的,甚至可以与OSX 10.6一起使用(我已经测试过了)。

这并不能回答这个问题。若要评论或要求作者澄清,请在其帖子下方留下评论-您可以随时在自己的帖子上发表评论,一旦您有足够的评论,您就可以发表评论。由于我的声誉不高,我无法在其帖子上添加评论。@lrakis感谢您的贡献,但这是一项非常重要的政策,这就是为什么有评论特权的原因。@evanwong谢谢你的提醒,我把这变成了一个实际的答案,并提供了更多的信息,我希望现在一切都好。@evanwong:在我看来,这个答案的原始版本可以作为一个答案。它包含一个问号这一事实表明它涉及到一些猜测,而不是它主要是一个问题。你解决了这个问题吗?我今天偶然发现了它,很难找到这方面的资源只是一个猜测:问题可能是动态库位于非标准位置。列出嵌套代码的标准位置。@JWWalker Thanx以获取提示。一旦我们对此进行了调查,我将更新帖子。