问题描述
目前我正在使用 electron-builder ("electron-builder": "^22.9.1") 和 electron-notorize ("electron-notorize": ^1.0.0) 包对 Mac 的电子应用程序进行 notorizing。构建成功通过。使用
检查应用签名和通知状态pkgutil --check-signature /Path_to_App/My_App.app
Package "XXXXXXX":
Status: signed by a certificate trusted by macOS
Certificate Chain:...
和
spctl -a -t exec -vvv /Path_to_App/My_App.app
/Applications/XXXXXX.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: XXXXXXXX
表示该应用已签名并经过公证。 但是当我在另一台机器上打开它时,我收到一条消息,提示无法打开应用程序,因为无法验证开发人员。 我在构建配置和 plist 文件中尝试了不同的选项,但仍然无法理解这个问题的原因。 我在 package.json 中的构建配置
"build": {
"appId": "com.XXXX.XX","productName": "XXXXXXX","afterSign": "electron/notarize.js","extends": null,"buildDependenciesFromSource": true,"files": [
"build/**/*"
],"directories": {
"buildresources": "assets"
},"mac": {
"category": "public.app-category.productivity","icon": "build/icon.icns","hardenedRuntime": true,"gatekeeperAssess": false,"entitlements": "build/entitlements.mac.plist","entitlementsInherit": "build/entitlements.mac.plist","electronLanguages": [
"en"
],"target": ["dmg"]
},"dmg": {
"sign": false
},
和 entitlements.mac.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<!-- https://github.com/electron/electron-notarize#prerequisites -->
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<!-- https://github.com/electron-userland/electron-builder/issues/3940 -->
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.disable-executable-page-protection</key>
<true/>
<key>com.apple.security.inherit</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>com.apple.security.device.audio-input </key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.security.device.microphone</key>
<true/>
<key>com.apple.security.device.bluetooth</key>
<true/>
</dict>
</plist>
解决方法
我通过这样做来让它工作:
在 package.json 中,在 "mac" 下添加:
"asarUnpack": "**/*.node"
这将告诉构建器解压这些节点本机二进制文件,以便公证可以检查这些库。
在用于签名的权利文件中,删除:
<key>com.apple.security.cs.disable-library-validation</key> <true/>
然后,它应该按预期工作。