背景:
前一阵子,在xcode的证书管理中心,测试了一下新建证书的功能,想看看在apple 开发者账户产生证书的流程,结果由于网络延迟问题,apple开发者账户刷新未看到,连着新建了几个证书,在某次刷新之后发现,早已生成了好几个,我这个强迫症啊,想找办法删掉,最终没找到方法删掉,只有过期的证书才能删除掉, 后来我只能在本地删掉了一些没用证书的;可是最近在打包新版本APP,发现APP原有的自动升级在签名验证的时候报错:
code signature at url xxx did not pass validation:code failed to satisfy specified code requirements
于是查找签名问题,首先要做的就是对比前后两次签名是否一致,在此做一个记录方便后来人,用到的工具是:codesign, 具体命令如下:
举个例子,查看APP签名信息:
>% codesign -d -vv "/Applications/Xcode.app" <develop ✗>
Executable=/Applications/Xcode.app/Contents/MacOS/Xcode
Identifier=com.apple.dt.Xcode
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20200 size=725 flags=0x2000(library-validation) hashes=15+5 location=embedded
Signature size=4698
Authority=Apple Mac OS Application Signing
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Info.plist entries=44
TeamIdentifier=APPLECOMPUTER
Sealed Resources version=2 rules=13 files=466812
Internal requirements count=1 size=224
当然,你想看更详细的签名西溪可以 “-vvvv”, "v"越多越详细,当然也是有限度的,具体参数详解,可以查阅命令: codesign
接下来就是查看 Application 证书信息了, 需要用到参数“ --extract-certificates ”, 如下:
% codesign -d -vvv --extract-certificates "/Applications/Xcode.app" <develop ✗>
Executable=/Applications/Xcode.app/Contents/MacOS/Xcode
Identifier=com.apple.dt.Xcode
Format=app bundle with Mach-O universal (x86_64 arm64)
CodeDirectory v=20200 size=725 flags=0x2000(library-validation) hashes=15+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=004dce7c24fd6c4c8a0866ddcb3603027f8a891f
CandidateCDHashFull sha1=004dce7c24fd6c4c8a0866ddcb3603027f8a891f
CandidateCDHash sha256=2db4cab95fc0caba9def3e37e92a81c02d0ffb62
CandidateCDHashFull sha256=2db4cab95fc0caba9def3e37e92a81c02d0ffb626025455155f316ebb34fb71b
Hash choices=sha1,sha256
CMSDigest=04d06f85c09f677e35ccb0633d7ac293e4f6b3846f8231df4e7ad04a87478bf8
CMSDigestType=2
CDHash=2db4cab95fc0caba9def3e37e92a81c02d0ffb62
Signature size=4698
Authority=Apple Mac OS Application Signing
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Info.plist entries=44
TeamIdentifier=APPLECOMPUTER
Sealed Resources version=2 rules=13 files=466812
Internal requirements count=1 size=224
此时,你会发现当前目录下产生了 codesign* 文件,接下来就是查看证书信息了,需要用到常用又冷门命令“almanage”,如下:
% qlmanage -c public.x509-certificate -p codesign*
该命令是Quick Look, 是不是既熟悉又陌生。。。
通过以上命令,可以快速查看APP 所用的签名信息和签名证书信息;