Why does codesigned Go binary get tagged as “Unknown Developer” on macOS 13?

huangapple go评论92阅读模式
英文:

Why does codesigned Go binary get tagged as “Unknown Developer” on macOS 13?

问题

当前的 macOS 13 beta 版本具有一个功能,它在系统偏好设置面板中显示所有应用程序安装的登录项,包括 LaunchDaemons。我的应用程序有一个用 Go 编写的 LaunchDaemon,在构建过程中使用我的开发者 ID 进行 codesign

但是,当我在只安装了我的应用程序的 macOS 13 上查看登录项时,我看到了这个:

Why does codesigned Go binary get tagged as “Unknown Developer” on macOS 13?

我确定圈出来的二进制文件已经正确地进行了代码签名。例如,这是在 Xcode 归档构建之后使用 spctl 的输出(tless 是 Go 二进制文件):

% spctl -vvv -a -t open --context context:primary-signature mactless/Applications/Mactless.app/Contents/Resources/tless
mactless/Applications/Mactless.app/Contents/Resources/tless: accepted
source=Notarized Developer ID
origin=Developer ID Application: MY_NAME_HERE (SB********)

SB******** 是我的正确的开发者 ID 签名标识。

macOS 13 将这个已签名的二进制文件识别为“未知开发者”的原因是什么?

英文:

The current macOS 13 beta has a feature in which it displays all application-installed Login Items in a System Preferences panel, including LaunchDaemons. My app has a LaunchDaemon written in Go that I codesign with my Developer ID as part of the build process.

But when I view the Login Items in System Preferences on macOS 13 with only my app installed, I see this:

Why does codesigned Go binary get tagged as “Unknown Developer” on macOS 13?

I am sure the circled binary is codesigned correctly. For example, here is the output of spctl after an Xcode archive build (tless is the go binary):

% spctl -vvv -a -t open --context context:primary-signature mactless/Applications/Mactless.app/Contents/Resources/tless
mactless/Applications/Mactless.app/Contents/Resources/tless: accepted
source=Notarized Developer ID
origin=Developer ID Application: MY_NAME_HERE (SB********)

The SB******** is my correct Developer ID signing identity.

What could be the cause of macOS 13 identifying this signed binary as being from an "unknown developer”?

答案1

得分: 2

我找到了一个解决方案,可以在"Unknown Developer"的位置显示我的开发者ID名称。我将以下所有值都设置为com.mycompany.MyApp.daemon

  • 二进制文件本身的名称
  • (因此,codesign运行脚本步骤也变成了codesign -s [xxxxxxxxxxxxxxxxxxxxxxxxxx] -o runtime -v com.mycompany.MyApp.daemon
  • /Library/LaunchDaemons plist文件中的Label字段
  • /Library/LaunchDaemons plist文件的名称(以.plist结尾,即com.mycompany.MyApp.daemon.plist

重新构建、卸载和重新安装,然后哇,它显示了我的名称,而不是未知开发者的地方。

希望对某人有所帮助。

英文:

I found a solution that displays my Developer ID name in place of "Unknown Developer." I set all of the following values equal to com.mycompany.MyApp.daemon:

  • The name of the binary itself
  • (The codesign Run Script step thus also became codesign -s [xxxxxxxxxxxxxxxxxxxxxxxxxx] -o runtime -v com.mycompany.MyApp.daemon)
  • The Label field inside the /Library/LaunchDaemons plist file
  • The name of the /Library/LaunchDaemons plist file (with .plist at the end, i.e., com.mycompany.MyApp.daemon.plist)

Rebuilt, uninstalled and reinstalled, and voila, it showed up with my name where the circle is instead of Unknown Developer.

Hope this helps someone.

huangapple
  • 本文由 发表于 2022年6月17日 15:53:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/72656053.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定