电子应用程序公证 Notorized电子应用程序无法在其他机器上打开

编程问答 2022-05-21

问题描述

目前我正在使用 electron-builder ("electron-builder": "^22.9.1") 和 electron-notorize ("electron-notorize": ^1.0.0) 包对 Mac 的电子应用程序进行 notorizing。构建成功通过。使用

检查应用签名和通知状态 
pkgutil --check-signature /Path_to_App/My_App.app


   Package "XXXXXXX":
   Status: signed by a certificate trusted by macOS
   Certificate Chain:...


spctl -a -t exec -vvv /Path_to_App/My_App.app 

/Applications/XXXXXX.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: XXXXXXXX

表示该应用已签名并经过公证。 但是当我在另一台机器上打开它时,我收到一条消息,提示无法打开应用程序,因为无法验证开发人员。 我在构建配置和 plist 文件中尝试了不同的选项,但仍然无法理解这个问题的原因。 我在 package.json 中的构建配置

"build": {
    "appId": "com.XXXX.XX","productName": "XXXXXXX","afterSign": "electron/notarize.js","extends": null,"buildDependenciesFromSource": true,"files": [
      "build/**/*"
    ],"directories": {
      "buildresources": "assets"
    },"mac": {
      "category": "public.app-category.productivity","icon": "build/icon.icns","hardenedRuntime": true,"gatekeeperAssess": false,"entitlements": "build/entitlements.mac.plist","entitlementsInherit": "build/entitlements.mac.plist","electronLanguages": [
        "en"
      ],"target": ["dmg"]
    },"dmg": {
      "sign": false
    },

和 entitlements.mac.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <!-- https://github.com/electron/electron-notarize#prerequisites -->
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <!-- https://github.com/electron-userland/electron-builder/issues/3940 -->
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>

    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>

    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>

    <key>com.apple.security.inherit</key>
    <true/>
    <key>com.apple.security.automation.apple-events</key>
    <true/>
    <key>com.apple.security.device.audio-input </key>
    <true/>
    <key>com.apple.security.device.camera</key>
    <true/>
    <key>com.apple.security.device.microphone</key>
    <true/>
    <key>com.apple.security.device.bluetooth</key>
    <true/>
  </dict>
</plist>

解决方法

我通过这样做来让它工作:

在 package.json 中,在 "mac" 下添加:

"asarUnpack": "**/*.node"

这将告诉构建器解压这些节点本机二进制文件,以便公证可以检查这些库。

在用于签名的权利文件中,删除:

<key>com.apple.security.cs.disable-library-validation</key> <true/>

然后,它应该按预期工作。

electronelectronelectron-builderelectron-notarize