Signing Installer Packages
来源:互联网 发布:将无线设备添加到网络 编辑:程序博客网 时间:2024/06/06 06:44
Signing Installer Packages
Xcode does not create signed installer packages for you. Instead, you create signed installer packages (with a .pkg
extension) by supplying an installer signing identity to the productbuild tool. For example, to create the package Product.pkg
from a distribution file Product.dist
, and sign it with your identity, as found in your keychain:
productbuild --distribution Product.dist --sign <identity> Product.pkg
As with signed code, when you create a flat-file installation package, any modification after signing invalidates the signature.
Note: Bundle-style installer packages are no longer supported.
productbuild [options] --distributiondist-path
[--package-path search-path]product-output-path
Create aproduct archive usinga distributionfile. If you have a
distribution file, use the --distribution option to specify the path
to it, and the --package-path option to specify the directory where
the component packages are found (if they are not in the current
working directory). All packages referenced by the distribution will
be incorporated into the resulting product archive.
When creatingproduct archives forsubmission to theMac AppStore, use
only the --component mode of productbuild. The other modes will create
product archives that are compatible with the OS X Installer, but are not
necessarily acceptable for the Mac App Store.
SIGNED PRODUCT ARCHIVES
When creating a product archive, you can optionally add a digital signa-
ture to the archive. You will need to have a certificate and correspond-
ing private key -- together called an ``identity'' -- in one of your
accessible keychains. To add a signature, specify the name of the iden-
tity using the --sign option. The identity's name is the same as the
``Common Name'' of the certificate.
If you want to search for the identity in a specific keychain, specify
the path to the keychain file using the --keychain option. Otherwise, the
default keychain search path is used.
productbuild will embed the signing certificate in the product archive,
as well as any intermediate certificates that are found in the keychain.
If you need to embed additional certificates to form a chain of trust
between the signing certificate and a trusted root certificate on the
system, use the --cert option to give the Common Name of the intermediate
certificate. Multiple --cert options may be used to embed multiple inter-
mediate certificates.
The signature can optionally include a trusted timestamp. This is enabled
by default when signing with a Developer ID identity, but it can be
enabled explicitly using the --timestamp option. A timestamp server must
be contacted to embed a trusted timestamp. If you aren't connected to the
Internet, you can use --timestamp=none to disable timestamps, even for a
Developer ID identity.
Note that component packages do not need to be signed (e.g. with
pkgbuild(1)) before adding them to a signed product archive. The signa-
ture on the product archive protects the entire product, including the
added packages.
If you want to postpone signing the product archive until it has been
tested and is ready to deploy, you can use productsign(1) when you are
ready to add the signature.
productbuild --distribution Product.dist --sign sample-identity
Product.pkg
Build the archive Product.pkg using Product.dist, and sign the
resulting archive using the identity sample-identity. You will be
prompted to allow productbuild to access the keychain item,
unless Always Allow was chosen previously.
- Signing Installer Packages
- The installer is unable to run in graphical mode: required operating system packages for Linux
- google signing
- Install Packages
- Packages Roundup
- solaris packages
- Useful Packages
- rOpenSci packages
- R packages
- 3Packages
- Nimble packages
- python packages
- packages使用
- list packages
- kotlin Packages
- R packages
- packages.list和packages.xml
- eclipse版本信息, Oxygen Packages Neon Packages Mars Packages Luna Packages Kepler Packages Juno Packages
- Tomcat踩坑日记
- spring mvc基础篇(四):后端控制器之MultiActionController
- 如何实现android和服务器长连接呢?推送消息的原理
- 行内元素和块级元素总结
- TCP/IP协议中的端口
- Signing Installer Packages
- PHP杂文一篇1
- 为什么要做浏览器适配?浏览器内核的解析和对比
- hdu 1704 rank 传递闭包
- 回首独望啊
- ImportError: liblapack.so.3: cannot open shared object file:
- L1-009. N个数求和
- PHP实现简单双向链表
- xshell上传下载文件