無法在OS X上使用Qt框架簽署應用程序包10.10

Question

我在簽署基於Qt的應用程序un OS X時遇到問題。我正在使用Qt 5.3.2。

我已閱讀包含矛盾信息的各種信息源。

這裏是我的應用程序包的內容後，我跑了bin/macdeployqt的Qt工具

SimpleHello.app/ 
    Contents/ 
     Info.plist 
     PkgInfo 
     Frameworks/ 
      QtCore.framework/ 
       Resources/ 
       Versions/ 
        5/ 
         QtCore 
      QtGui.framework/ ... same as Qt core 
      QtPrintSupport.framework/ ... same as Qt core 
      QtWidgets.framework/ ... same as Qt core 
     MacOS/ 
      SimpleHello 
     PlugIns/ ... some plugins 
     Resources/ 
      empty.lproj 
      qt.conf 

第一：

我想：http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/

但是，它似乎是不在OS X 10.10中有效Yosemite

二：

我想：Sign a Framework for OSX 10.9

我能夠沒有任何錯誤簽署整個應用程序。但是，運行spctl時驗證應用程序的有效性，我得到

spctl -a -vvvv SimpleHello.app 
SimpleHello.app/: rejected 
source=obsolete resource envelope 
origin=Developer ID Application: MY CERTIFICATE 

另外與協同設計驗證簽名時，我得到這個：

codesign --verify --deep --verbose=4 SimpleHello.app 
--prepared:/My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework 
--validated:/My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework 
SimpleHello.app/: embedded framework contains modified or invalid version 
In subcomponent: /My/Path/SimpleHello.app/Contents/Frameworks/QtCore.framework 

三：

添加了--no-strict代碼驗證選項根據：Error when export archive

它修復了使用密碼驗證的問題，但未修復spctl問題。

第四：

我試圖簽署框架時添加--no-legacy-signing選項。

根據修正的框架結構：不過，我驗證包簽名時（可以使用codesign和spctl

codesign --verify --deep --verbose=4 SimpleHello.app 
SimpleHello.app/: code has no resources but signature indicates they must be present 

第五得到這個錯誤 http://qt-project.org/forums/viewthread/47768 和 https://gist.github.com/kingcheez/6154462d7734e0c0f3a4

在這我在嘗試簽署框架時遇到此錯誤

SimpleHello.app/Contents/Frameworks/QtCore.framework: unsealed contents present in the root directory of an embedded framework 
SimpleHello.app/Contents/Frameworks/QtGui.framework: unsealed contents present in the root directory of an embedded framework 
SimpleHello.app/Contents/Frameworks/QtPrintSupport.framework: unsealed contents present in the root directory of an embedded framework 
SimpleHello.app/Contents/Frameworks/QtWidgets.framework: unsealed contents present in the root directory of an embedded framework 

編輯：這似乎與unsealed contents present in the root directory of an embedded framework問題是因爲其中一個simlink格式不正確。它是：

QtCore.framework.framework/Versions/Current -> 5/ 

而不是

QtCore.framework.framework/Versions/Current -> 5 

此修復程序後，我仍然得到相同的結果第六雖然。

第六：

新增呼籲codesign的框架時--no-strict選項。我能夠簽署所有的框架，除了一個

SimpleHello.app//Contents/Frameworks/QtCore.framework: signed bundle with Mach-O thin (x86_64) [.] 
SimpleHello.app//Contents/Frameworks/QtGui.framework: signed bundle with Mach-O thin (x86_64) [.] 
SimpleHello.app//Contents/Frameworks/QtPrintSupport.framework: code object is not signed at all 
In subcomponent: /My/Path/SimpleHello.app/Contents/Frameworks/QtPrintSupport.framework/Versions/Current/QtPrintSupport 
SimpleHello.app//Contents/Frameworks/QtWidgets.framework: signed bundle with Mach-O thin (x86_64) [.] 

第七：

我張貼了這個問題，因爲我不知道該怎麼找了

Answer 1

挖多一點之後，我想通了，什麼節第七的問題是：一些Qt框架中包含的文件的Info.plist不良信息（框架名稱與_debug結束）

我來了出這個腳本，解決所有問題（仍有可能可能會得到一些改善加工腳本幾個硬編碼值）

#!/bin/bash 
# Script name: deploy.sh 

# Following environment variables must be defined: 
# - QT_FRAMEWORK_PATH 
# - QT_BIN_PATH 
# - CERTIFICATE 
# - FRAMEWORKS 
# - BAD_FRAMEWORKS 


# retrieve bundle name from first parameter 
BUNDLE_NAME=$1 

# Run QT tool to deploy 
${QT_BIN_PATH}/macdeployqt $BUNDLE_NAME 

# FIX ISSUE 6 
# Please note that Qt5 frameworks have incorrect layout after SDK build, so this isn't just a problem with `macdeployqt` but whole framework assembly part. 
# Present 
# QtCore.framework/ 
#  Contents/ 
#   Info.plist 
#  QtCore -> Versions/Current/QtCore 
#  Versions/ 
#   Current -> 5 
#   5/ 
#    QtCore 
# After macdeployqt 
# QtCore.framework/ 
#  Resources/ 
#  Versions/ 
#   5/ 
#    QtCore 
# 
# Expected 
# QtCore.framework/ 
#  QtCore -> Versions/Current/QtCore 
#  Resources -> Versions/Current/Resources 
#  Versions/ 
#   Current -> 5 
#   5/ 
#    QtCore 
#    Resources/ 
#     Info.plist 
# So in order to comply with expected layout: https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPFrameworks/Concepts/FrameworkAnatomy.html 

for CURRENT_FRAMEWORK in ${FRAMEWORKS}; do 
    echo "Processing framework: ${CURRENT_FRAMEWORK}" 

    echo "Deleting existing resource folder" 
    rmdir ${BUNDLE_NAME}/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/Resources 

    echo "create resource folder" 
    mkdir ${BUNDLE_NAME}/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/Versions/5/Resources 

    echo "create copy resource file" 
    cp ${QT_FRAMEWORK_PATH}/${CURRENT_FRAMEWORK}.framework/Contents/Info.plist $BUNDLE_NAME/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/Versions/5/Resources/ 

    echo "create symbolic links" 
    ln -s 5          ${BUNDLE_NAME}/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/Versions/Current 
    ln -s Versions/Current/${CURRENT_FRAMEWORK} ${BUNDLE_NAME}/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/${CURRENT_FRAMEWORK} 
    ln -s Versions/Current/Resources   ${BUNDLE_NAME}/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/Resources 
done 

# FIX ISSUE 7 
echo "***** Correct Frameworks Info.plist file*****" 

for CURRENT_FRAMEWORK in ${BAD_FRAMEWORKS}; do 
    echo "Correcting bad framework Info.plist: ${CURRENT_FRAMEWORK}" 
    TMP=$(sed 's/_debug//g' ${BUNDLE_NAME}/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/Resources/Info.plist) 
    echo "$TMP" > ${BUNDLE_NAME}/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework/Resources/Info.plist 
done 

# SIGNING FIXED FRAMEWORK 
CODESIGN_OPTIONS="--verbose=4" 

echo "******* Signing Frameworks ***********" 
for CURRENT_FRAMEWORK in ${FRAMEWORKS}; do 
    echo "Signing framework: ${CURRENT_FRAMEWORK}" 
    codesign --force --verify ${CODESIGN_OPTIONS} --sign "$CERTIFICATE" $BUNDLE_NAME/Contents/Frameworks/${CURRENT_FRAMEWORK}.framework 
done 

# Sign plugins 
echo "******* Signing Plugins ***********" 
codesign --force --verify ${CODESIGN_OPTIONS} --sign "${CERTIFICATE}" ${BUNDLE_NAME}/Contents/Plugins/accessible/libqtaccessiblequick.dylib 
codesign --force --verify ${CODESIGN_OPTIONS} --sign "${CERTIFICATE}" ${BUNDLE_NAME}/Contents/Plugins/accessible/libqtaccessiblewidgets.dylib 
# ... Do the same for all plugins 

# Sign bundle itself 
echo "******* Signing Bundle ***********" 
codesign --force --verify ${CODESIGN_OPTIONS} --sign "$CERTIFICATE" $BUNDLE_NAME 

# Verify 

echo "******* Verify Bundle ***********" 
codesign --verify --deep ${CODESIGN_OPTIONS} $BUNDLE_NAME 


echo "******* Verify Bundle using dpctl ***********" 
spctl -a -vvvv $BUNDLE_NAME 

至於調用腳本：

# Define environment variables 
export QT_FRAMEWORK_PATH=/Path/To/Qt_5.3.2/5.3/clang_64/lib 
export QT_BIN_PATH=/Path/To/Qt_5.3.2/5.3/clang_64/bin 
export CERTIFICATE="Developer ID Application: My Certificate" 
export FRAMEWORKS="QtCore QtGui QtPrintSupport QtWidgets" 
export BAD_FRAMEWORKS="QtPrintSupport" 

# Call itself 
deploy.sh SimpleHello.app 

有了這個腳本，最終輸出爲：

SimpleHello.app/: accepted 
source=Developer ID 
origin=Developer ID Application: My Certificate (HASH) 

Answer 2

我運行類似的腳本這種運行macdeployqt後：

#!/bin/bash 

#copy .plist files to frameworks 
cp "/usr/local/Trolltech/Qt-4.8.5/lib/QtCore.framework/Contents/Info.plist" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources/Info.plist" 
#copy folders to proper location 
cp -r "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Versions/4/Resources" 
#delete old folders 
rm -rf "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" 
#create symlinks 
ln -s "Versions/4/Resources" "SimpleHello.app/Contents/Frameworks/QtCore.framework/Resources" 

後，我用：

codesign --deep -f -s 

它的工作原理，只是以類似的方式添加缺少的框架。 我還沒有嘗試過用qt 5+，但它可能適用於它。