xcode 我应该使用哪个证书来签署我的 Mac OS X 应用程序?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29039462/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Which certificate should I use to sign my Mac OS X application?
提问by pupeno
We are developing a Mac OS X application that we are going to distribute outside the Mac App Store. We ended up having these certificates in the Mac Developers program:
我们正在开发一个 Mac OS X 应用程序,我们将在 Mac App Store 之外分发该应用程序。我们最终在 Mac 开发人员计划中获得了这些证书:
and when I go to select one for signing the application, I find this:
当我选择一个来签署申请时,我发现:
Am I correct in that I should use Developer ID: *for Debug? Will that allow developers that don't have my company's certificate to sign the application to be able to run it locally?
我应该Developer ID: *用于调试是否正确?这是否允许没有我公司证书的开发人员签署应用程序以便能够在本地运行它?
What certificate should I use for Release?
我应该使用什么证书来发布?
回答by l'L'l
For development (for example, the Debug configuratino) use the Mac Developeroption, which will choose your local Mac Developer certificate (in your case "Mac Developer: José Fernández"), which is meant for team members working on your project (includes testing/debugging).
对于开发(例如,Debug configuratino)使用该Mac Developer选项,它将选择您的本地 Mac 开发人员证书(在您的情况下为“Mac 开发人员:José Fernández”),这适用于处理您的项目的团队成员(包括测试/调试)。
For Release, use "Developer ID: *" which will pick the standard application release certificate used outside the AppStore, in your case "Developer ID Application: Carousel Apps. I recommend doing a final test/debug after codesigning to ensure it's working as expected.
对于发布,使用“开发人员 ID:*”,它将选择在 AppStore 之外使用的标准应用程序发布证书,在您的情况下为“开发人员 ID 应用程序:Carousel Apps。我建议在代码设计后进行最终测试/调试以确保它按预期工作.
The way Xcode picks up certificates is by a simple substring matching.
Xcode 获取证书的方式是通过简单的子字符串匹配。
Apple Codesigning Certificate Types
Apple Codesigning 证书类型
(Name, Type, Description)
(名称,类型,描述)
iOS Development
iOS开发
- iPhone Developer: Team Member Name Used to run an iOS app on devices and use certain app services during development.
- iPhone 开发人员:团队成员姓名 用于在设备上运行 iOS 应用程序并在开发过程中使用某些应用程序服务。
iOS Distribution
iOS发行版
- iPhone Distribution: Team Name Used to distribute your iOS app on designated devices for testing or to submit it to the App Store.
- iPhone 分发:团队名称 用于在指定设备上分发您的 iOS 应用程序以进行测试或将其提交到 App Store。
Mac Development
Mac 开发
- Mac Developer: Team Member Name Used to enable certain app services during development and testing.
- Mac Developer: Team Member Name 用于在开发和测试期间启用某些应用服务。
Mac App Distribution
Mac 应用程序分发
- 3rd Party Mac Developer Application: Team Name Used to sign a Mac app before submitting it to the Mac App Store.
- 第 3 方 Mac 开发者应用程序:团队名称 用于在将 Mac 应用程序提交到 Mac App Store 之前对其进行签名。
Mac Installer Distribution
Mac 安装程序分发
- 3rd Party Mac Developer Installer: Team Name Used to sign and submit a Mac Installer Package, containing your signed app, to the Mac App Store.
- 第 3 方 Mac 开发人员安装程序:团队名称 用于签署 Mac 安装程序包并将其提交到 Mac App Store,其中包含您已签名的应用程序。
Developer ID Application
开发者 ID 申请
- Developer ID Application: Team Name Used to sign a Mac app before distributing it outside the Mac App Store.
- 开发人员 ID 应用程序:团队名称 用于在 Mac App Store 之外分发 Mac 应用程序之前对其进行签名。
Developer ID Installer
开发者 ID 安装程序
- Developer ID Installer: Team Name Used to sign and distribute a Mac Installer Package, containing your signed app, outside the Mac App Store
- 开发人员 ID 安装程序:团队名称 用于在 Mac App Store 之外签署和分发包含您已签名应用程序的 Mac 安装程序包
Once codesigned you can also simulate the launch behavior of your app when Gatekeeper is enabled from Terminal.app:
完成代码设计后,您还可以在以下位置启用 Gatekeeper 时模拟应用程序的启动行为Terminal.app:
spctl -a -v Carousel.app
./Carousel.app: accepted
source=Developer ID
The
Developer ID Applicationcertificate allows your app to run withGatekeeperon the setting "allow apps downloaded from Mac App Store and identified developers"
该
Developer ID Application证书允许您的应用程序Gatekeeper在“允许从 Mac App Store 下载的应用程序和已识别的开发人员”设置下运行
回答by CDM
To code sign via the terminal (if not using Xcode):
通过终端进行代码签名(如果不使用 Xcode):
codesign -s "Developer ID" -v Carousel.app # to sign with "Developer ID Application" for distribution
codesign -s "Developer ID" -v Carousel.app # 使用“Developer ID Application”签名以进行分发
codesign -s "Mac Developer" -v CarouselDebug.app # to sign with "Mac Developer:*" for testing
codesign -s "Mac Developer" -v CarouselDebug.app # 使用“Mac Developer:*”签名进行测试
spctl -a -v Carousel.app # to verify, look for "accepted"
spctl -a -v Carousel.app # 验证,寻找“已接受”
spctl -a -v CarouselDebug.app # to verify, look for "accepted"
spctl -a -v CarouselDebug.app # 验证,寻找“已接受”
Codesign finds the correct certificate by looking for certificates in your keychain that have the -s string as a substring. If only more than one certificate matches, it will warn you and you can give a longer string.
Codesign 通过在您的钥匙串中查找将 -s 字符串作为子字符串的证书来找到正确的证书。如果只有多个证书匹配,它会警告您,您可以提供更长的字符串。
参考:https: //developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW4
