试图对一个 mac osx 应用程序进行协同签名,但是当我检查它时,我得到 `Pharo.app: invalid Info.plist (plist or signature have been modified)`
trying to codesign a mac osx app but when I check it, I get `Pharo.app: invalid Info.plist (plist or signature have been modified)`
问题是 codesign 无法验证已签名的应用程序,它说 Info.plist 文件已被修改,但实际上并没有。我什至检查过 sha256sum 文件预签名和 post 签名。
https://objective-see.com/products/whatsyoursign.html returns error code -67030 which, according to https://eclecticlight.co/2019/06/28/a-primer-on-code-signing-errors/ 是由于
invalid Info.plist, because the Info.plist file or its signature have been modified. That should never occur, and merits a close look to check what has happened. Although this property list is readily readable, its contents are complex and detecting deliberate tampering may not be easy.
事实是,我没有以任何方式修改应用程序,我只是签名然后立即检查它的签名。
该应用程序是在此处找到的 smalltalk vm:https://github.com/feenkcom/opensmalltalk-vm 在默认分支中。
编译它必须
cmake .
make
make install
make package
然后在 build/packages 中,第一个 zip 将包含 Pharo.app
我解压然后运行
codesign --force -v --options=runtime --deep --timestamp --file-list - -s $SIGNING_IDENTITY Pharo.app
这行得通,但是如果我 运行
codesign --verify --strict --verbose=2 Pharo.app
我通过标题中的错误消息获得了很多经过验证的库(这很好)invalid Info.plist (plist or signature have been modified)
感谢任何提示。
问题是 codesign 无法处理以大写字母开头的可执行文件名称。
一旦我将可执行文件名称更改为 pharo 而不是 Pharo,它就像魔术一样工作。
问题是 codesign 无法验证已签名的应用程序,它说 Info.plist 文件已被修改,但实际上并没有。我什至检查过 sha256sum 文件预签名和 post 签名。
https://objective-see.com/products/whatsyoursign.html returns error code -67030 which, according to https://eclecticlight.co/2019/06/28/a-primer-on-code-signing-errors/ 是由于
invalid Info.plist, because the Info.plist file or its signature have been modified. That should never occur, and merits a close look to check what has happened. Although this property list is readily readable, its contents are complex and detecting deliberate tampering may not be easy.
事实是,我没有以任何方式修改应用程序,我只是签名然后立即检查它的签名。
该应用程序是在此处找到的 smalltalk vm:https://github.com/feenkcom/opensmalltalk-vm 在默认分支中。 编译它必须
cmake .
make
make install
make package
然后在 build/packages 中,第一个 zip 将包含 Pharo.app
我解压然后运行
codesign --force -v --options=runtime --deep --timestamp --file-list - -s $SIGNING_IDENTITY Pharo.app
这行得通,但是如果我 运行
codesign --verify --strict --verbose=2 Pharo.app
我通过标题中的错误消息获得了很多经过验证的库(这很好)invalid Info.plist (plist or signature have been modified)
感谢任何提示。
问题是 codesign 无法处理以大写字母开头的可执行文件名称。
一旦我将可执行文件名称更改为 pharo 而不是 Pharo,它就像魔术一样工作。