为啥 electron-osx-sign 无法生成 Gatekeeper 识别的签名应用程序?
Posted
技术标签:
【中文标题】为啥 electron-osx-sign 无法生成 Gatekeeper 识别的签名应用程序?【英文标题】:Why electron-osx-sign fails to produce a signed app recognised by Gatekeeper?为什么 electron-osx-sign 无法生成 Gatekeeper 识别的签名应用程序? 【发布时间】:2019-04-01 04:40:37 【问题描述】:我正在尝试签署股票电子应用程序。下面是我正在使用的脚本。问题是看门人抱怨应用程序(“电子”)无法打开,因为无法确认开发者的身份。这是为什么?
#!/bin/bash
set -e
identity="76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC"
rm -rf dist
mkdir -p dist/electron
wget -q -O dist/electron/electron.zip "https://github.com/electron/electron/releases/download/v3.0.3/electron-v3.0.3-darwin-x64.zip"
cd dist/electron
unzip -qq electron.zip
export DEBUG=electron-osx-sign*
electron-osx-sign Electron.app --gatekeeper-assess --identity="$identity" --identity-validation --platform=darwin --type=distribution --version=3.0.3
它似乎已“成功”签名,但在我存档/压缩并上传然后下载它之后,它不再被 Gatekeeper 接受 (“Electron” can’t be opened because the identity of the developer cannot be confirmed.")
electron-osx-sign:warn No `entitlements` passed in arguments:
* Provide `entitlements` to specify entitlements file for codesign. +0ms
[32;1melectron-osx-sign [0melectron-osx-sign@0.4.11 [32m+0ms[0m
[32;1melectron-osx-sign [0m`identity` passed in arguments. [32m+8ms[0m
[32;1melectron-osx-sign [0mExecuting... security find-identity -v [32m+1ms[0m
[32;1melectron-osx-sign [0mIdentity:
> Name: Developer ID Application: XXX S.R.L (<masked>)
> Hash: 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC [32m+101ms[0m
[32;1melectron-osx-sign [0mFound 1 identity. [32m+2ms[0m
[32;1melectron-osx-sign [0mPre-sign operation enabled for provisioning profile:
* Disable by setting `pre-embed-previsioning-profile` to `false`. [32m+1ms[0m
[32;1melectron-osx-sign [0mPre-sign operation enabled for entitlements automation with versions >= `1.1.1`:
* Disable by setting `pre-auto-entitlements` to `false`. [32m+0ms[0m
[32;1melectron-osx-sign [0mNo `provisioning-profile` passed in arguments, will find in current working directory and in user library... [32m+1ms[0m
[32;1melectron-osx-sign [0mNo provisioning profile found, will not embed profile in app contents. [32m+2ms[0m
[32;1melectron-osx-sign [0mSigning application...
> Application: Electron.app
> Platform: darwin
> Entitlements: undefined
> Child entitlements: undefined
> Additional binaries: []
> Identity: name: 'Developer ID Application: XXX S.R.L (<masked>)',
hash: '76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC' [32m+0ms[0m
[32;1melectron-osx-sign [0mWalking... Electron.app/Contents [32m+4ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework [32m+29ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib [32m+2s[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libffmpeg.dylib [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib [32m+312ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler [32m+474ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Resources/crashpad_handler [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Framework.framework [32m+275ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Framework.framework [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Helper EH.app/Contents/MacOS/Electron Helper EH [32m+1s[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Helper EH.app/Contents/MacOS/Electron Helper EH [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Helper EH.app [32m+272ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Helper EH.app [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Helper NP.app/Contents/MacOS/Electron Helper NP [32m+284ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Helper NP.app/Contents/MacOS/Electron Helper NP [32m+1ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Helper NP.app [32m+277ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Helper NP.app [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Helper.app/Contents/MacOS/Electron Helper [32m+290ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Helper.app/Contents/MacOS/Electron Helper [32m+1ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Electron Helper.app [32m+275ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Electron Helper.app [32m+1ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle [32m+278ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Mantle.framework/Versions/A/Mantle [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Mantle.framework [32m+278ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Mantle.framework [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/ReactiveCocoa.framework/Versions/A/ReactiveCocoa [32m+280ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/ReactiveCocoa.framework/Versions/A/ReactiveCocoa [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/ReactiveCocoa.framework [32m+287ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/ReactiveCocoa.framework [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt [32m+295ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Squirrel.framework/Versions/A/Resources/ShipIt [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel [32m+284ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Squirrel.framework/Versions/A/Squirrel [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/Frameworks/Squirrel.framework [32m+286ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/Frameworks/Squirrel.framework [32m+0ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app/Contents/MacOS/Electron [32m+285ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app/Contents/MacOS/Electron [32m+1ms[0m
[32;1melectron-osx-sign [0mSigning... Electron.app [32m+297ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --sign 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC --force Electron.app [32m+0ms[0m
[32;1melectron-osx-sign [0mVerifying... [32m+404ms[0m
[32;1melectron-osx-sign [0mVerifying application bundle with codesign... [32m+1ms[0m
[32;1melectron-osx-sign [0mExecuting... codesign --verify --deep --strict --verbose=2 Electron.app [32m+0ms[0m
[32;1melectron-osx-sign [0mVerifying Gatekeeper acceptance for darwin platform... [32m+659ms[0m
[32;1melectron-osx-sign [0mExecuting... spctl --assess --type execute --verbose --ignore-cache --no-cache Electron.app [32m+0ms[0m
[32;1melectron-osx-sign [0mVerified. [32m+1s[0m
[32;1melectron-osx-sign [0mApplication signed. [32m+0ms[0m
[32;1melectron-osx-sign [0mApplication signed: Electron.app [32m+0ms[0m
Application signed: Electron.app
【问题讨论】:
迈克,你知道 76BC42C9D40AFBAE569D5B041940B97C4BEB0DFC 是正确的吗? @George,感谢您的提问!是的,这是正确的 SHA 。真正的问题是我使用的 zip/archive 实用程序没有保留“额外属性文件”。 【参考方案1】:问题似乎是由于使用了“zip”实用程序所致。这不会保留由 codesign 生成的额外文件属性。我用的是ditto,下载后签名验证成功。
【讨论】:
如何切换到同上?以上是关于为啥 electron-osx-sign 无法生成 Gatekeeper 识别的签名应用程序?的主要内容,如果未能解决你的问题,请参考以下文章
为啥这个 Angular 脚本无法检索 Laravel 4 生成的 JSON?