xcode 如何在xcode中上传dmg文件进行公证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/53112078/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to upload dmg file for notarization in xcode
提问by laocius
I am trying to upload our existing app to apple for notarization.
我正在尝试将我们现有的应用程序上传到苹果进行公证。
According to the document https://help.apple.com/xcode/mac/current/#/dev88332a81eI have to open the app the xcode archive organizer.
根据文档https://help.apple.com/xcode/mac/current/#/dev88332a81e我必须打开应用程序 xcode 存档管理器。
We have a dmg file generated from our jenkins build server. How do I open the dmg file in xcode to upload?
我们有一个从 jenkins 构建服务器生成的 dmg 文件。如何在xcode中打开dmg文件上传?
Also, is there some command line tool that I can use for the notarization?
另外,是否有一些命令行工具可用于公证?
回答by TheNextman
You can do it from the command line.
您可以从命令行执行此操作。
First you will need to extract the .app from your .dmg and resign it, removing the com.apple.security.get-task-allowentitlement in the process (this is added automatically by the build to support debugging and normally gets removed by archiving - the notarization service won't accept a package with that entitlement, however, so you must remove it).
首先,您需要从您的 .dmg 中提取 .app 并退出它,删除com.apple.security.get-task-allow过程中的权利(这是由构建自动添加以支持调试,通常通过存档删除 - 公证服务不会接受包但是,具有该权利,因此您必须将其删除)。
The .entitlements file you use can just be an empty one.
您使用的 .entitlements 文件可以只是一个空文件。
Xcode 10.2 and higher lets you set a build setting "Code Signing Inject Base Entitlements" that will prevent the com.apple.security.get-task-allowentitlement from being added in the first place. You can use this option on e.g. release builds where debugging is not required, and skip this whole dance of resigning and repackaging with an empty entitlements file.
Xcode 10.2 及更高版本允许您设置构建设置“代码签名注入基本权利”,这将首先阻止com.apple.security.get-task-allow添加权利。您可以在不需要调试的例如发布版本上使用此选项,并跳过使用空授权文件进行辞职和重新打包的整个过程。
Note also the use of the --options runtime, which specifies your app was built with the hardened runtime, and is also required.
另请注意 的使用--options runtime,它指定您的应用程序是使用强化运行时构建的,并且也是必需的。
codesign -f -s "Developer ID Application: Name (ID)" --entitlements my-entitlments.entitlements --options runtime MyApp.app
Now you need to repackage your .app back inside a .dmg, and resign that:
现在您需要将您的 .app 重新打包到 .dmg 中,然后辞职:
(I use the --options runtimeflag here too, though not sure if it's necessary)
(我--options runtime也在这里使用标志,但不确定是否有必要)
codesign -s "Developer ID Application: Name (ID)" MyApp.dmg --options runtime
Then use altoolto submit your .dmg:
然后使用altool提交您的.dmg:
(Username and password must be someone on the macOS team in the developer portal)
(用户名和密码必须是开发者门户中 macOS 团队的成员)
xcrun altool --notarize-app -f MyApp.dmg --primary-bundle-id my-app.myapp -u username -p password
If it upload successfully, you will get back a token:
如果上传成功,您将获得一个令牌:
RequestUUID = 28fad4c5-68b3-4dbf-a0d4-fbde8e6a078f
Then you can check the status with altool, using that token:
然后您可以altool使用该令牌检查状态:
xcrun altool --notarization-info 28fad4c5-68b3-4dbf-a0d4-fbde8e6a078f -u username -p password
Eventually, it will either succeed or fail. Just keep checking. Check the "Status" field of the response, which should be "success". The response will also include a log file that you can use to troubleshoot errors.
最终,它要么成功,要么失败。继续检查。检查响应的“状态”字段,应为“成功”。响应还将包括一个日志文件,您可以使用它来排除错误。
Assuming it succeeds, you need to staple the notarization to the app:
假设它成功,您需要将公证装订到应用程序:
xcrun stapler staple MyApp.dmg
And then validate:
然后验证:
xcrun stapler validate MyApp.dmg
The validate action worked!
验证操作有效!
You can also apply the quarantine flag to your .app and try to launch it, you will see the new Gatekeeper dialog:
您还可以将隔离标志应用到您的 .app 并尝试启动它,您将看到新的 Gatekeeper 对话框:
xattr -w com.apple.quarantine MyApp.app
