获取installer证书名字:
security find-identity -v
签名:
productsign --sign “上面获取证书指令结果,双引号里面的内容” origin.pkg signed.pkg
检查签名:
pkgutil --check-signature signed.pkg
公证:
xcrun altool --notarize-app --primary-bundle-id com.xxx.bundleid --username xxx@xx.com --password xxx-xxx-xxx-xxx --file signed.pkg -itc_provider TeamID &> tmp
--primary-bundle-id:pkg的bundleID
--username:开发者账号AppleID
--password:xxx-xxx-xxx-xxx 在https://appleid.apple.com生成
--file:需要签名的pkg
-itc_provider:开发者账号的Team ID
&> tmp:是写入指令结果的文件
成功执行tem文件结果如下:
No errors uploading ‘signed.pkg'.
RequestUUID = xxxxxxx
后续邮箱也会收到公证完成邮件
进行盖章:
xcrun stapler staple ./signed.pkg
验证公证:
spctl -a -v --type install signed.pkg
已公证结果:
signed.pkg: accepted
source=Notarized Developer ID
未公证结果:
signed.pkg:rejected
source=Unnotarized Developer ID
在进行公证后,用上面的检查签名指令也能看到“Notarization: trusted by the Apple notary service”这样的字样
