https://developer.apple.com/library/content/technotes/tn2206/_index.html
This command:
This command:
$ codesign --verify --deep --strict --verbose=2 Foo.app |
mimics what Gatekeeper does to check your app.
Mount the disk image, then run the tool like this:
$ cd "/Volumes/Signature Check" |
$ ./check-signature /Path/to/Foo.app /Path/to/Bar.pkg |
For each target, the tool will present a simple
YES answer if the signature meets Gatekeeper requirements, or NO if it does not.
Read the error messages carefully, with particular attention to the
in subcomponent: part which, if present, tells you which nested code is giving you problems.
Understand that this validation will stop on many errors, and thus you must repeat it until you run out of problems.
You can also use the
spctl tool to check if Gatekeeper will accept your app's signature. spctl is a command-line interface to the same security assessment policy subsystem that Gatekeeper uses.
Like Gatekeeper,
spctl will only accept Developer ID-signed apps and apps downloaded from the Mac App Store by default. It will reject apps signed with Mac App Store development or distribution certificates.
Run
spctl on your app like this:$ spctl -a -t exec -vv Foo.app |
This is the output if your app's signature will be accepted:
Foo.app: accepted |
source=Developer ID |
source will be Mac App Store for apps downloaded from the Mac App Store.
If
spctl shows any result other than accepted, you must re-sign your app on Mavericks or later to ensure Gatekeeper compatibility.
No comments:
Post a Comment