我在osx 10.9上使用python 2.7创建了一个应用程序,所以不使用xcode。我用证书对其进行了代码签名,但当使用spctl命令进行检查时,它显示被拒绝。
命令包括:
codesign -s "3rd Party Mac Developer Application: Cloud Inc" -v -f /Applications/Cloud/logout.app/Contents/Frameworks/Python.framework/Versions/2.7
codesign -s "3rd Party Mac Developer Application: Cloud Inc" -v -f --entitlements /Users/Cloud/Desktop/app.entitlements /Applications/Cloud/logout.app/Contents/MacOS/python
codesign -s "3rd Party Mac Developer Application: Cloud Inc" -v -f --entitlements /Users/Cloud/Desktop/app.entitlements /Applications/Cloud/logout.app/Contents/MacOS/logout
codesign -s "3rd Party Mac Developer Application: Cloud Inc" -v -f --entitlements /Users/Cloud/Desktop/app.entitlements /Applications/Cloud/logout.app
spctl --assess --type execute /Applications/Cloud/logout.app
/Applications/Cloud/logout.app: rejected
我的info.plist文件是:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleDisplayName</key>
<string>logout</string>
<key>CFBundleExecutable</key>
<string>logout</string>
<key>CFBundleIconFile</key>
<string>cc.icns</string>
<key>CFBundleIdentifier</key>
<string>com.cloud.macapp.logout</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>logout</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>4.4</string>
<key>CFBundleSignature</key>
<string>CC4B</string>
<key>LSApplicationCategoryType</key>
<string>public.app-category.reference</string>
<key>CFBundleVersion</key>
<string>4.4</string>
<key>LSHasLocalizedDisplayName</key>
<false/>
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
<string>Copyright © 2014 Cloud, Inc.</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
<string>NSApplication</string>
<key>PyMainFileNames</key>
<array>
<string>__boot__</string>
</array>
<key>PyOptions</key>
<dict>
<key>alias</key>
<false/>
<key>argv_emulation</key>
<false/>
<key>emulate_shell_environment</key>
<false/>
<key>no_chdir</key>
<false/>
<key>prefer_ppc</key>
<false/>
<key>site_packages</key>
<false/>
<key>use_faulthandler</key>
<false/>
<key>use_pythonpath</key>
<false/>
<key>verbose</key>
<false/>
</dict>
<key>PyResourcePackages</key>
<array>
</array>
<key>PyRuntimeLocations</key>
<array>
<string>@executable_path/../Frameworks/Python.framework/Versions/2.7/Python</string>
</array>
<key>PythonInfoDict</key>
<dict>
<key>PythonExecutable</key>
<string>/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python</string>
<key>PythonLongVersion</key>
<string>2.7.8 (default, Jul 7 2014, 20:30:57)
[GCC 4.2.1 (Apple Inc. build 5664)]</string>
<key>PythonShortVersion</key>
<string>2.7</string>
<key>py2app</key>
<dict>
<key>alias</key>
<false/>
<key>template</key>
<string>app</string>
<key>version</key>
<string>0.8</string>
</dict>
</dict>
</dict>
</plist>
应用程序授权文件为:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
</plist>
请检查info.plist和app.entitlements和命令,建议一些补救措施来解决与spctl检查时被拒绝的问题。
我认为Apple文档在这方面有点欠缺。
据我所知,苹果的文档中提到"第三方Mac应用程序开发人员"证书允许访问某些服务,尽管他们没有在文档中具体说明这些服务是什么,但预计会有这些服务-iCloud存储、应用内购买、游戏中心、推送通知。
"第三方…"证书用于向苹果应用商店提交应用程序和安装程序,一旦被接受,苹果将在那里添加自己的证书。
相比之下,"开发者ID…"证书用于在应用商店之外部署。
spctl工具是一个用于控制安全评估策略子系统的命令行工具,并与Gatekeeper联系在一起。
由于用"第三方…"证书签名是为了发送给苹果商店,他们会剥去证书并用自己的证书重新签名,我从研究中得出结论,spctl只会返回接受的苹果商店或开发者ID证书。
阅读这篇文章,似乎也证实了这一点。
请注意,开发人员ID证书只能由团队代理获得。