无法通过 .net 6.0 可执行文件的苹果公证
Unable to pass apple Notarization with .net 6.0 executable
问题
.net 6.0 可执行文件未通过公证。
其余文件正常。
设置
- macOS 卡特琳娜:
Version 10.15.7
- dotnet --version:
6.0.100-rc.2.21505.57
- 钥匙串中有正确的证书
- 用于签署可执行文件的权利:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key><true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
<key>com.apple.security.cs.disable-executable-page-protection</key><true/>
</dict>
</plist>
- 用于创建 .app 的 nuget 包 - Dotnet.Bundle - 版本 0.9.13 - https://www.nuget.org/packages/DotNet.Bundle
发布步骤
dotnet restore -r osx.10.15-x64 DWGuru/src/DWGuru/DWGuru.csproj
Restored ***/DWGuru/src/ImGui.NET/ImGui.NET.csproj (in 252 ms).
Restored ***/DWGuru/src/DWGuru/DWGuru.csproj (in 870 ms).
dotnet msbuild -t:BundleApp -p:RuntimeIdentifier=osx.10.15-x64 -p:UseAppHost=true -p:PublishSingleFile=true -p:PublishReadyToRun=true -p:Configuration=Release DWGuru/src/DWGuru/DWGuru.csproj
Microsoft (R) Build Engine version 17.0.0-preview-21501-01+bbcce1dff for .NET
Copyright (C) Microsoft Corporation. All rights reserved.
You are using a preview version of .NET. See: https://aka.ms/dotnet-core-preview
You are using a preview version of .NET. See: https://aka.ms/dotnet-core-preview
ImagesReferenceTracker ->***/DWGuru/bin/Release/ImagesReferenceTracker/net6.0/ImagesReferenceTracker.dll
ImGui.NET -> ***/DWGuru/bin/Release/ImGui.NET/net6.0/ImGui.NET.dll
DWGuru -> ***/DWGuru/bin/Release/DWGuru/net6.0/osx.10.15-x64/DWGuru.dll
DWGuru -> ***/DWGuru/bin/Release/DWGuru/net6.0/osx.10.15-x64/publish/
cp -r DWGuru/bin/Release/DWGuru/net6.0/osx.10.15-x64/publish/DWGuru.app .
succeeds
codesign DWGuru.app/Contents/MacOS/* --force --timestamp --sign *** --options=runtime --deep --no-strict --entitlements 'entitlements.plist'
DWGuru.app/Contents/MacOS/DWGuru: replacing existing signature
DWGuru.app/Contents/MacOS/DWGuru: signed app bundle with Mach-O thin (x86_64) [***]
DWGuru.app/Contents/MacOS/DWGuru.pdb: replacing existing signature
DWGuru.app/Contents/MacOS/DWGuru.pdb: signed generic [DWGuru]
DWGuru.app/Contents/MacOS/ImGui.NET.pdb: replacing existing signature
DWGuru.app/Contents/MacOS/ImGui.NET.pdb: signed generic [ImGui.NET]
DWGuru.app/Contents/MacOS/ImGui.NET.xml: replacing existing signature
DWGuru.app/Contents/MacOS/ImGui.NET.xml: signed generic [ImGui.NET]
DWGuru.app/Contents/MacOS/ImagesReferenceTracker.pdb: replacing existing signature
DWGuru.app/Contents/MacOS/ImagesReferenceTracker.pdb: signed generic [ImagesReferenceTracker]
DWGuru.app/Contents/MacOS/System.Globalization.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Globalization.Native.dylib: signed Mach-O thin (x86_64) [System.Globalization.Native]
DWGuru.app/Contents/MacOS/System.IO.Compression.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.IO.Compression.Native.dylib: signed Mach-O thin (x86_64) [System.IO.Compression.Native]
DWGuru.app/Contents/MacOS/System.Native.a: replacing existing signature
DWGuru.app/Contents/MacOS/System.Native.a: signed generic [System.Native]
DWGuru.app/Contents/MacOS/System.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Native.dylib: signed Mach-O thin (x86_64) [System.Native]
DWGuru.app/Contents/MacOS/System.Net.Http.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Net.Http.Native.dylib: signed Mach-O thin (x86_64) [System.Net.Http.Native]
DWGuru.app/Contents/MacOS/System.Net.Security.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Net.Security.Native.dylib: signed Mach-O thin (x86_64) [System.Net.Security.Native]
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.Apple.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.Apple.dylib: signed Mach-O thin (x86_64) [System.Security.Cryptography.Native.Apple]
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.OpenSsl.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.OpenSsl.dylib: signed Mach-O thin (x86_64) [System.Security.Cryptography.Native.OpenSsl]
DWGuru.app/Contents/MacOS/cimgui.dll: replacing existing signature
DWGuru.app/Contents/MacOS/cimgui.dll: signed generic [cimgui]
DWGuru.app/Contents/MacOS/cimgui.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/cimgui.dylib: signed Mach-O thin (x86_64) [cimgui]
DWGuru.app/Contents/MacOS/cimgui.so: replacing existing signature
DWGuru.app/Contents/MacOS/cimgui.so: signed generic [cimgui]
DWGuru.app/Contents/MacOS/dotnet: replacing existing signature
DWGuru.app/Contents/MacOS/dotnet: signed Mach-O thin (x86_64) [dotnet]
DWGuru.app/Contents/MacOS/libsdl2.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/libsdl2.dylib: signed Mach-O thin (x86_64) [libsdl2]
DWGuru.app/Contents/MacOS/libsos.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/libsos.dylib: signed Mach-O thin (x86_64) [libsos]
DWGuru.app/Contents/MacOS/libuv.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/libuv.dylib: signed Mach-O universal (i386 x86_64) [libuv]
DWGuru.app/Contents/MacOS/sosdocsunix.txt: replacing existing signature
DWGuru.app/Contents/MacOS/sosdocsunix.txt: signed generic [sosdocsunix]
codesign DWGuru.app --force --timestamp --sign *** --options=runtime --deep --no-strict --entitlements 'entitlements.plist'
DWGuru.app: replacing existing signature
DWGuru.app: signed app bundle with Mach-O thin (x86_64)
zip -r DWGuru.zip DWGuru.app
xcrun altool --notarize-app --primary-bundle-id "***" --username "***" --password "" --asc-provider "***" --file "DWGuru.zip"
No errors uploading 'DWGuru.zip'.
RequestUUID = ***-***-***-***-***
结果
xcrun altool --username "***" --password "***" --notarization-info ***-***-***-***-***
No errors getting notarization info.
Date: 2021-10-29 17:29:41 +0000
Hash: ***
LogFileURL:***
accessKey=***
RequestUUID: ***
Status: invalid
Status Code: 2
Status Message: Package Invalid
{
"logFormatVersion": 1,
"jobId": "***",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "DWGuru.zip",
"uploadDate": "2021-10-29T17:48:43Z",
"sha256": "***",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "DWGuru.zip/DWGuru.app/Contents/MacOS/DWGuru",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
问题出在压缩工具上。它破坏了 zip 文件,因此公证将在 Apple 端失败。
zip -r DWGuru.zip DWGuru.app
变成
/usr/bin/ditto -c -k --keepParent DWGuru.app DWGuru.zip
问题
.net 6.0 可执行文件未通过公证。 其余文件正常。
设置
- macOS 卡特琳娜:
Version 10.15.7
- dotnet --version:
6.0.100-rc.2.21505.57
- 钥匙串中有正确的证书
- 用于签署可执行文件的权利:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key><true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>
<key>com.apple.security.cs.disable-executable-page-protection</key><true/>
</dict>
</plist>
- 用于创建 .app 的 nuget 包 - Dotnet.Bundle - 版本 0.9.13 - https://www.nuget.org/packages/DotNet.Bundle
发布步骤
dotnet restore -r osx.10.15-x64 DWGuru/src/DWGuru/DWGuru.csproj
Restored ***/DWGuru/src/ImGui.NET/ImGui.NET.csproj (in 252 ms).
Restored ***/DWGuru/src/DWGuru/DWGuru.csproj (in 870 ms).
dotnet msbuild -t:BundleApp -p:RuntimeIdentifier=osx.10.15-x64 -p:UseAppHost=true -p:PublishSingleFile=true -p:PublishReadyToRun=true -p:Configuration=Release DWGuru/src/DWGuru/DWGuru.csproj
Microsoft (R) Build Engine version 17.0.0-preview-21501-01+bbcce1dff for .NET
Copyright (C) Microsoft Corporation. All rights reserved.
You are using a preview version of .NET. See: https://aka.ms/dotnet-core-preview
You are using a preview version of .NET. See: https://aka.ms/dotnet-core-preview
ImagesReferenceTracker ->***/DWGuru/bin/Release/ImagesReferenceTracker/net6.0/ImagesReferenceTracker.dll
ImGui.NET -> ***/DWGuru/bin/Release/ImGui.NET/net6.0/ImGui.NET.dll
DWGuru -> ***/DWGuru/bin/Release/DWGuru/net6.0/osx.10.15-x64/DWGuru.dll
DWGuru -> ***/DWGuru/bin/Release/DWGuru/net6.0/osx.10.15-x64/publish/
cp -r DWGuru/bin/Release/DWGuru/net6.0/osx.10.15-x64/publish/DWGuru.app .
succeeds
codesign DWGuru.app/Contents/MacOS/* --force --timestamp --sign *** --options=runtime --deep --no-strict --entitlements 'entitlements.plist'
DWGuru.app/Contents/MacOS/DWGuru: replacing existing signature
DWGuru.app/Contents/MacOS/DWGuru: signed app bundle with Mach-O thin (x86_64) [***]
DWGuru.app/Contents/MacOS/DWGuru.pdb: replacing existing signature
DWGuru.app/Contents/MacOS/DWGuru.pdb: signed generic [DWGuru]
DWGuru.app/Contents/MacOS/ImGui.NET.pdb: replacing existing signature
DWGuru.app/Contents/MacOS/ImGui.NET.pdb: signed generic [ImGui.NET]
DWGuru.app/Contents/MacOS/ImGui.NET.xml: replacing existing signature
DWGuru.app/Contents/MacOS/ImGui.NET.xml: signed generic [ImGui.NET]
DWGuru.app/Contents/MacOS/ImagesReferenceTracker.pdb: replacing existing signature
DWGuru.app/Contents/MacOS/ImagesReferenceTracker.pdb: signed generic [ImagesReferenceTracker]
DWGuru.app/Contents/MacOS/System.Globalization.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Globalization.Native.dylib: signed Mach-O thin (x86_64) [System.Globalization.Native]
DWGuru.app/Contents/MacOS/System.IO.Compression.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.IO.Compression.Native.dylib: signed Mach-O thin (x86_64) [System.IO.Compression.Native]
DWGuru.app/Contents/MacOS/System.Native.a: replacing existing signature
DWGuru.app/Contents/MacOS/System.Native.a: signed generic [System.Native]
DWGuru.app/Contents/MacOS/System.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Native.dylib: signed Mach-O thin (x86_64) [System.Native]
DWGuru.app/Contents/MacOS/System.Net.Http.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Net.Http.Native.dylib: signed Mach-O thin (x86_64) [System.Net.Http.Native]
DWGuru.app/Contents/MacOS/System.Net.Security.Native.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Net.Security.Native.dylib: signed Mach-O thin (x86_64) [System.Net.Security.Native]
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.Apple.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.Apple.dylib: signed Mach-O thin (x86_64) [System.Security.Cryptography.Native.Apple]
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.OpenSsl.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/System.Security.Cryptography.Native.OpenSsl.dylib: signed Mach-O thin (x86_64) [System.Security.Cryptography.Native.OpenSsl]
DWGuru.app/Contents/MacOS/cimgui.dll: replacing existing signature
DWGuru.app/Contents/MacOS/cimgui.dll: signed generic [cimgui]
DWGuru.app/Contents/MacOS/cimgui.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/cimgui.dylib: signed Mach-O thin (x86_64) [cimgui]
DWGuru.app/Contents/MacOS/cimgui.so: replacing existing signature
DWGuru.app/Contents/MacOS/cimgui.so: signed generic [cimgui]
DWGuru.app/Contents/MacOS/dotnet: replacing existing signature
DWGuru.app/Contents/MacOS/dotnet: signed Mach-O thin (x86_64) [dotnet]
DWGuru.app/Contents/MacOS/libsdl2.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/libsdl2.dylib: signed Mach-O thin (x86_64) [libsdl2]
DWGuru.app/Contents/MacOS/libsos.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/libsos.dylib: signed Mach-O thin (x86_64) [libsos]
DWGuru.app/Contents/MacOS/libuv.dylib: replacing existing signature
DWGuru.app/Contents/MacOS/libuv.dylib: signed Mach-O universal (i386 x86_64) [libuv]
DWGuru.app/Contents/MacOS/sosdocsunix.txt: replacing existing signature
DWGuru.app/Contents/MacOS/sosdocsunix.txt: signed generic [sosdocsunix]
codesign DWGuru.app --force --timestamp --sign *** --options=runtime --deep --no-strict --entitlements 'entitlements.plist'
DWGuru.app: replacing existing signature
DWGuru.app: signed app bundle with Mach-O thin (x86_64)
zip -r DWGuru.zip DWGuru.app
xcrun altool --notarize-app --primary-bundle-id "***" --username "***" --password "" --asc-provider "***" --file "DWGuru.zip"
No errors uploading 'DWGuru.zip'.
RequestUUID = ***-***-***-***-***
结果
xcrun altool --username "***" --password "***" --notarization-info ***-***-***-***-***
No errors getting notarization info.
Date: 2021-10-29 17:29:41 +0000
Hash: ***
LogFileURL:***
accessKey=***
RequestUUID: ***
Status: invalid
Status Code: 2
Status Message: Package Invalid
{
"logFormatVersion": 1,
"jobId": "***",
"status": "Invalid",
"statusSummary": "Archive contains critical validation errors",
"statusCode": 4000,
"archiveFilename": "DWGuru.zip",
"uploadDate": "2021-10-29T17:48:43Z",
"sha256": "***",
"ticketContents": null,
"issues": [
{
"severity": "error",
"code": null,
"path": "DWGuru.zip/DWGuru.app/Contents/MacOS/DWGuru",
"message": "The signature of the binary is invalid.",
"docUrl": null,
"architecture": "x86_64"
}
]
}
问题出在压缩工具上。它破坏了 zip 文件,因此公证将在 Apple 端失败。
zip -r DWGuru.zip DWGuru.app
变成
/usr/bin/ditto -c -k --keepParent DWGuru.app DWGuru.zip