更新时间:2023-12-03 22:23:46
取决于您获取库的方式.
在Xcode中构建
如果使用Xcode构建,则应该能够启用签名并告诉它使用 Team
None
和 Sign在本地运行
项目的签名和功能
窗格.
签署现有的dylib
如果您不是在Xcode中构建它,并且想要对以其他方式构建或检索的二进制文件进行签名,则需要使用 codesign
,该代码可以是非常复杂.
从理论上讲,您可以使用已被授权进行代码签名的任何证书来运行codesign,并且可以使用自签名证书来创建代码,但这是最大的麻烦,并且不一定能成功./p>
如果您已登录开发人员门户并允许Xcode为您管理签名标识,则Xcode应该自动创建"Mac Developer"代码签名证书.
您可以使用以下方法验证您是否具有代码签名身份:
安全性查找身份-v -p代码签名
这将列出所有有效的代码签名身份.
对 dylib
进行签名是使用codesign命令的问题:
codesign --force --timestamp --sign<证书名称><您要签名的二进制文件>
使用自签名代码签名证书
注意:不建议这样做,但这确实对我有用.
现在,当您运行上述 security
命令以列出代码签名证书时,应该会显示您的自签名证书.如果是这样,您很可能没有将始终信任或证书类型设置为代码签名.
此时,您准备执行代码签名命令,然后可以使用以下命令进行验证:
codesign -vvvv< dylib的路径>
I have a dylib and in order for the it to be able to run on my machine, I had to disable library validation in the target settings on xcode. Is it possible to get it signed without a paid developer account just for testing purposes? Any links or tutorials on how to go about doing that would help a great deal.
Depends on how you're getting the library.
Building in Xcode
If building in Xcode, you should be able to enable signing and tell it to use Team
None
and Sign to Run Locally
all in the Signing and Capabilities
pane of the Project.
Signing an existing dylib
If you're not building it in Xcode and you want to sign a binary you've built or retrieved in some other manner, you're going to need to use codesign
, which can be pretty complex.
You can theoretically run codesign using any certificate that has been authorized for code signing, and you can create that with a self-signed certificate, but that is a supreme pain in the neck, and not certain to result in success.
Xcode should automatically create a "Mac Developer" code signing certificate if you have signed in to the developer portal and allowed Xcode to manage signing identifies for you.
You can verify that you have a codesigning identity by using:
security find-identity -v -p codesigning
This will list all of the valid codesigning identities.
Signing the dylib
is a matter of using the codesign command:
codesign --force --timestamp --sign <name of certificate> <binary you want to sign>
Using a self-signed code-signing certificate
Note: this is not recommended, but it did work for me.
Now, your self-signed certificate should show up when you run the aforementioned security
command to list out the codesigning certificates. If it does, you most likely didn't set the Always Trust or the certificate type to Code Signing.
At this point, you're ready to execute the code signing command, and then you can verify using:
codesign -vvvv <path to dylib>