mac 会在更新应用后再次提示用户允许访问钥匙串吗?
Will the mac prompt the user again to allow access to the keychain after updating the app?
当我 运行 我的应用程序的 Xcode 构建然后启动应用商店构建时,我注意到有些东西有点 st运行ge。如果我 运行 xcode 构建(使用开发证书),然后 运行 我的应用程序通过应用程序商店(使用生产证书)我得到以下对话框的提示
MyApp want to use your confidential information stored in "com.myApp in the keychain.
当我先 运行 应用商店构建,然后是 Xcode 开发构建时,我也会看到这个对话框。我相信出现此对话框是因为两个版本都有不同的证书(可能是错误的)。
我最关心的是用户更新应用,用户会看到这个对话框吗?
不确定这是否重要,但这就是我将数据保存到钥匙串的方式。
[[A0SimpleKeychain keychain] setString:string forKey:@"key"];
Apple 的代码签名指南有答案。
I believe this dialog appears because both builds have different certificates
正确。见 Understanding the Code Signature:
The most important internal requirement is the designated requirement, or DR. This rule tells an evaluating system how to identify a particular piece of code. Any two pieces of code that have (and successfully verify against) the same DR are considered to be the same code.
...
Some parts of macOS do not care about the identity of the signer. They care only whether the app is validly signed and stable. Stability is determined through the DR, and does not depend on the nature of the certificate authority used. The keychain system and parental controls are examples of such usage.
Shipping and Updating Your Product
The user’s system considers the new version of your product to be the
same program as the previous version. For example, Keychain Services
does not distinguish older and newer versions of your program as long
as both are signed and the unique Identifier remains constant.
使用不同的证书签署您的代码会使系统将其视为不同的应用程序。只要您在版本之间使用相同的证书签署您的版本,就可以了。
当我 运行 我的应用程序的 Xcode 构建然后启动应用商店构建时,我注意到有些东西有点 st运行ge。如果我 运行 xcode 构建(使用开发证书),然后 运行 我的应用程序通过应用程序商店(使用生产证书)我得到以下对话框的提示
MyApp want to use your confidential information stored in "com.myApp in the keychain.
当我先 运行 应用商店构建,然后是 Xcode 开发构建时,我也会看到这个对话框。我相信出现此对话框是因为两个版本都有不同的证书(可能是错误的)。
我最关心的是用户更新应用,用户会看到这个对话框吗?
不确定这是否重要,但这就是我将数据保存到钥匙串的方式。
[[A0SimpleKeychain keychain] setString:string forKey:@"key"];
Apple 的代码签名指南有答案。
I believe this dialog appears because both builds have different certificates
正确。见 Understanding the Code Signature:
The most important internal requirement is the designated requirement, or DR. This rule tells an evaluating system how to identify a particular piece of code. Any two pieces of code that have (and successfully verify against) the same DR are considered to be the same code.
...
Some parts of macOS do not care about the identity of the signer. They care only whether the app is validly signed and stable. Stability is determined through the DR, and does not depend on the nature of the certificate authority used. The keychain system and parental controls are examples of such usage.
Shipping and Updating Your Product
The user’s system considers the new version of your product to be the same program as the previous version. For example, Keychain Services does not distinguish older and newer versions of your program as long as both are signed and the unique Identifier remains constant.
使用不同的证书签署您的代码会使系统将其视为不同的应用程序。只要您在版本之间使用相同的证书签署您的版本,就可以了。