我想我可能已经搞清楚了这个问题。我一直在使用Xcode 4.6.3进行开发,运行在OS X Mavericks上,以为任何与构建相关的工具都被捆绑在Xcode应用程序中。
但是,似乎codesign
在/usr/bin
中。它是由Xcode安装程序之一放置在那里,还是随着原始系统安装而来,我不确定。但是,在阅读codesign
的man
页面时,我找到了这个巧妙的选项:
--deep When signing a bundle, specifies that nested code content such as helpers, frameworks, and plug-ins, should be recursively signed
in turn. Beware that all signing options you specify will apply, in turn, to such nested content.
When verifying a bundle, specifies that any nested code content will be recursively verified as to its full content. By default,
verification of nested content is limited to a shallow investigation that may not detect changes to the nested code.
When displaying a signature, specifies that a list of directly nested code should be written to the display output. This lists only
code directly nested within the subject; anything nested indirectly will require recursive application of the codesign command.
之后我发现了这篇文章(https://alpha.app.net/isaiah/post/6774960),是两周前(大约在2013年6月)发布的,提到了(虽然是二手消息):
@isaiah 我问了实验室里的一个人。他说现在codesign需要先单独签署嵌入式框架,再对整个应用进行签名。
手动重新运行codesign
命令(类似于Xcode通常运行的方式),并在末尾添加--deep
标志,可以正确签署应用程序。
我还不确定这种手动签名会有什么影响,或者是否可以调整Xcode构建以自动添加--deep
标志,但这似乎是根本问题。(codesign
不再自动深度签署您的应用程序包。)