如何验证我的Electron应用以避免在macOS上出现“开发者无法验证”的错误?

huangapple go评论141阅读模式
英文:

How can I verify my Electron app to avoid "developer cannot be verified" error on macOS?

问题

我已经开发了一个React Electron应用,并使用electron-builder打包它。在macOS上安装应用程序后,我遇到了一个问题,尝试打开它会显示错误消息:"无法打开我的Electron应用程序,因为无法验证开发者。"

尽管我通过临时调整安全设置并点击"仍然打开"按钮来绕过这个错误,但我的目标是为应用程序建立正确的验证。我希望确保当我与其他人分享应用程序时,他们可以安装和运行它,而无需修改任何设置或禁用安全功能。

有人能否指导我通过哪些步骤来验证我的Electron应用程序,以便它可以在其他macOS机器上顺利安装和启动,而不会遇到"无法验证开发者"的障碍?您的帮助将不胜感激!

我已经查阅了多个来源,它们建议加入苹果开发者计划以解决这个问题。
https://developer.apple.com/support/app-account/

英文:

I've developed a React Electron app and used electron-builder to package it. After installing the app on macOS, I encountered an issue where attempting to open it results in an error message: "My Electron App cannot be opened because the developer cannot be verified."

While I managed to bypass this error by temporarily adjusting security settings and clicking the "open anyway" button, my goal is to establish proper verification for the app. I want to ensure that when I share the app with others, they can install and run it without having to modify any settings or disable security features.

Could someone guide me through the steps to verify my Electron app so that it can be smoothly installed and launched on other macOS machines without encountering the "developer cannot be verified" obstacle? Your assistance will be greatly appreciated!

I've researched multiple sources and they recommend enrolling in the Apple Developer Program to address this issue.
https://developer.apple.com/support/app-account/

答案1

得分: 1

"developer cannot be verified" error on macOS 是由于苹果的 Gatekeeper 安全功能引起的。为了确保用户的应用程序安全,需要对其进行代码签名和公证。以下是验证您的 Electron 应用程序的逐步指南:

  1. 加入苹果开发者计划:
    您需要加入苹果开发者计划以获得必要的证书和工具访问权限。它需要支付年度费用。在此注册

  2. 获取开发者 ID 证书:
    登录到苹果开发者中心
    导航到"Certificates, Identifiers & Profiles"。
    在 macOS 下,选择"Certificates",然后单击 "+" 按钮创建新证书。
    选择"Developer ID Application",并按照屏幕上的说明操作。

  3. 为 Electron 应用程序进行代码签名:
    使用支持代码签名的 electron-builder。确保您的开发者 ID Application 证书已安装在您的 Mac 上。
    在您的 electron-builder 配置中(通常在 package.json 中),确保您有以下内容:

"mac": {
  "category": "your.app.category",
  "entitlements": "./build/entitlements.mac.plist",
  "hardenedRuntime": true,
  "gatekeeperAssess": false,
  "type": "distribution"
},
"dmg": {
  "sign": false
}

entitlements.mac.plist 是一个定义应用程序权限的文件。对于基本应用程序,可能不需要,但对于使用某些 macOS 功能的应用程序,您需要指定权限。

  1. 对应用程序进行公证:
    从 macOS Catalina 开始,应用程序需要由苹果进行公证。这是一个自动化过程,苹果会扫描您的应用程序以检测恶意内容。
    调整您的 electron-builder 配置:
"afterSign": "scripts/notarize.js"

在您的 notarize.js 中:

require('dotenv').config();
const { notarize } = require('electron-notarize');

exports.default = async function notarizing(context) {
  const { electronPlatformName, appOutDir } = context;
  if (electronPlatformName !== 'darwin') {
    return;
  }

  const appName = context.packager.appInfo.productFilename;

  return await notarize({
    appBundleId: 'your.app.id',
    appPath: `${appOutDir}/${appName}.app`,
    appleId: process.env.APPLE_ID,
    appleIdPassword: process.env.APPLE_ID_PASSWORD,
  });
};
  1. 分发应用程序:
    一旦签名和公证完成,将您的 .dmg 或 .pkg 文件分发给用户。他们不应再看到"developer cannot be verified"错误。
英文:

The "developer cannot be verified" error on macOS arises because of Apple's Gatekeeper security feature. To assure users that your app is safe, code sign and notarize it. Here's a step-by-step guide for verifying your Electron app:

  1. Join the Apple Developer Program:
    You'll need to enroll in the Apple Developer Program to get access to necessary certificates and tools. It comes with an annual fee. enroll here

  2. Obtain a Developer ID Certificate:
    Log in to Apple Developer Center.
    Navigate to Certificates, Identifiers & Profiles.
    Under macOS, select Certificates and then click the + button to create a new certificate.
    Choose Developer ID Application and follow the on-screen instructions.

  3. Code Signing the Electron App:
    Use electron-builder which supports code-signing. Ensure you have your Developer ID Application certificate installed on your Mac.
    In your electron-builder configuration (usually in package.json), ensure you have.

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-js -->

&quot;mac&quot;: {
  &quot;category&quot;: &quot;your.app.category&quot;,
  &quot;entitlements&quot;: &quot;./build/entitlements.mac.plist&quot;,
  &quot;hardenedRuntime&quot;: true,
  &quot;gatekeeperAssess&quot;: false,
  &quot;type&quot;: &quot;distribution&quot;
},
&quot;dmg&quot;: {
  &quot;sign&quot;: false
}

<!-- end snippet -->
The entitlements.mac.plist is a file that defines permissions for your app. For a basic app, this might not be required but for apps using certain macOS capabilities, you'd need to specify entitlements.

  1. Notarize the App:
    Starting macOS Catalina, apps need to be notarized by Apple. This is an automated process where Apple scans your app for malicious content.
    Adjust your electron-builder config:

<!-- begin snippet: js hide: false console: false babel: false -->

<!-- language: lang-js -->

&quot;afterSign&quot;: &quot;scripts/notarize.js&quot;

<!-- end snippet -->
In your notarize.js:

<!-- begin snippet: js hide: false console: false babel: false -->

<!-- language: lang-js -->

require(&#39;dotenv&#39;).config();
const { notarize } = require(&#39;electron-notarize&#39;);

exports.default = async function notarizing(context) {
  const { electronPlatformName, appOutDir } = context;
  if (electronPlatformName !== &#39;darwin&#39;) {
    return;
  }

  const appName = context.packager.appInfo.productFilename;

  return await notarize({
    appBundleId: &#39;your.app.id&#39;,
    appPath: `${appOutDir}/${appName}.app`,
    appleId: process.env.APPLE_ID,
    appleIdPassword: process.env.APPLE_ID_PASSWORD,
  });
};

<!-- end snippet -->

  1. Distribute the App:
    Once signed and notarized, distribute your .dmg or .pkg file to users. They shouldn't see the "developer cannot be verified" error anymore.

答案2

得分: 0

你说得对,被确认的开发者是苹果的开发者计划的付费会员。在系统中,有许多法律和财务协议以及披露文件,帮助保护分发和在其他用户的设备上运行的软件的安全性。确保这一安全性的两个组成部分需要由苹果发放给会员的开发者ID或App Store分发证书:已认证的代码签名和公证。我认为最近费用可能略有上涨,但只是一个象征性的金额,大约每年100美元左右。

参考链接:https://discussions.apple.com/thread/7488189

英文:

You are correct, identified developers are paid members of Apple's Developer Program. There are numerous legal and financial agreements and disclosures Apple Developers file in the system which help protect the security of software that gets distributed and run on other users' machines. The two components of ensuring this security require a Developer ID or Appstore Distribution certificate issued by Apple to members: certified codesign and notarization. I think the fee went up slightly recently, but it is only a token sum, around $100 or so per year.

Cf. https://discussions.apple.com/thread/7488189

huangapple
  • 本文由 发表于 2023年8月9日 13:06:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/76864732-2.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定