我有一个Mac应用
productsign --sign "3rd Party Mac Developer Installer: My company (dasdfjkaj)" InstallerUnsigned.pkg InstallerSigned.pkg
productsign: signing product with identity "3rd Party Mac Developer Installer: My company (dasdfjkaj)" from keychain /Users/me/Library/Keychains/login.keychain
productsign: adding intermediate certificate "Apple Worldwide Developer Relations Certification Authority"
productsign: Wrote signed product archive to InstallerSigned.pkg
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: accepted
我还检查了签名
pkgutil --check-signature InstallerSigned.pkg
Package "InstallerSigned.pkg":
Status: signed by a developer certificate issued by Apple
Certificate Chain:
1. 3rd Party Mac Developer Installer: My company (dasdfjkaj)
2. Apple Worldwide Developer Relations Certification Authority
3. Apple Root CA
当我从计算机运行安装程序(将Gatekeeper设置为" Mac App Store并确定开发人员")时,它运行良好。当我将同一pkg下载到我的网站后,它也适当地安装了它。
但是...当我在另一台计算机中下载PKG时,它无法安装。它不认识我的开发人员ID。当我在故障计算机上运行SPCTL命令时,我会得到
spctl -a -v --type install InstallerSigned.pkg
InstallerSigned.pkg: rejected
有人知道为什么它在我自己的机器上运行良好,但是当PKG在另一台计算机上运行时会失败?我真的没有想法:/
编辑:这就是我当
时得到的spctl --list --type execute
3[Apple System] P0 allow execute
anchor apple
4[Mac App Store] P0 allow execute
anchor apple generic and certificate leaf[field.<I removed this>] exists
5[Developer ID] P0 allow execute
anchor apple generic and certificate 1[field.<I removed this>] exists and certificate leaf[field.<I removed this>] exists
7[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
10[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
14[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
15[GKE] P0 allow execute [(gke)]
cdhash H"<I removed this>"
18[GKE] P0 allow execute [(gke)]
证书很重要
这些是您需要一起使用的证书:
- 开发人员ID安装程序
-
开发人员ID应用程序
- 3rd Party Mac Developer installer (通常仅用于AppStore应用程序)。
" 开发人员ID安装程序"证书是如果不提交AppStore,则将使用证书。对于代码签名部分,您需要使用" 开发人员ID应用程序"证书。
Apple开发人员代码工作流程指南