我在使用 GitHub Actions 时遇到问题。当我打电话时,productsign工作就挂起了。在搜索互联网时,该作业似乎试图要求用户输入密码,但我没有从日志中收到任何错误或反馈。这项工作永远悬而未决。当在我自己的计算机上运行时,一切都按预期运行并且 .pkg 已签名。
我的工作流程步骤如下
- name: Build & Sign Installer
run: |
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
(cd fastlane && ./decrypt_secret.sh)
carthage update --use-xcframeworks --platform macOS
bundle exec fastlane set_release_version
bundle exec fastlane mac install_certificates
bundle exec fastlane mac build_main_app
bundle exec fastlane mac build_updater
bundle exec fastlane mac build_installer
(cd installer && productsign --sign <identity> app-1.0.0.pkg app-1.0.0-signed.pkg)
我尝试了很多不同的解决方案,但没有任何效果
security import ${P12_FILE} -k ${KEYCHAIN_PATH} -P ${P12_PASSWORD} -Asecurity import ${P12_FILE} -k ${KEYCHAIN_PATH} -P ${P12_PASSWORD} -T /usr/bin/productsign …我有一个父安装程序包,比如说,Parent.unsigned.mpkg我想用OS X签名productsign.
该文件Parent.unsigned.mpkg包含名为的子包A.pkg,B.pkg并且C.pkg反过来安装Clang编译的命令行二进制文件和bash包装脚本:
./Parent.unsigned.mpkg/Contents/Packages/A.pkg
./Parent.unsigned.mpkg/Contents/Packages/B.pkg
./Parent.unsigned.mpkg/Contents/Packages/C.pkg
我注册了一个Mac Developer帐户,该帐户设置(以及其他证书)具有ID的开发者ID安装程序证书ABCD1234(此ID实际上与我的Apple ID不同并且是特定的.)我使用该security工具获取此ID值:
$ security find-certificate -a -c "Developer ID Installer" | grep "alis"
"alis"<blob>="Developer ID Installer: Foo B. Baz (ABCD1234)"
我使用此ID值为这些子包中的每个包签名,这似乎没有发生任何事故:
$ productsign --timestamp --sign ABCD1234 ./Parent.unsigned.mpkg/Contents/Packages/A.pkg ./Parent.unsigned.mpkg/Contents/Packages/A.signed.pkg
...
$ productsign --timestamp --sign ABCD1234 ./Parent.unsigned.mpkg/Contents/Packages/B.pkg ./Parent.unsigned.mpkg/Contents/Packages/B.signed.pkg
...
$ productsign --timestamp --sign ABCD1234 ./Parent.unsigned.mpkg/Contents/Packages/C.pkg ./Parent.unsigned.mpkg/Contents/Packages/C.signed.pkg
...
然后我将这些签名的子包移回原始文件名:
$ mv ./Parent.unsigned.mpkg/Contents/Packages/A.signed.pkg ./Parent.unsigned.mpkg/Contents/Packages/A.pkg
$ mv ./Parent.unsigned.mpkg/Contents/Packages/B.signed.pkg ./Parent.unsigned.mpkg/Contents/Packages/B.pkg
$ …