目标:签署我自己的包和我自己的内核扩展.上下文中的"我自己的"意味着"我写的,或者我在其他地方选择的,从他们的来源重新编译自己,并希望在我的机器上安装.
问题:小牛队不接受我的签名Code Signing Failure: code signature is invalid(但加载了kext),Yosemite甚至不会加载它.
我有自己的CA和代码签名证书.我已经能够成功登录密码和设置,将允许安装由给定的证书签名的代码并执行的政策-无论是协同设计和SPCTL喜欢它,因为你在下面的输出中看到.但是,这似乎不适用于kext(内核扩展) - kextutil坚持签名无效.这是我得到的输出:
$ codesign --verify -vvvv /opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext
/opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext: valid on disk
/opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext: satisfies its Designated Requirement
$ spctl -a -vvv -t exec /opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext
/opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext: accepted
source=XXXXXCode
origin=XXXXXCoder
$ spctl -a -vvv -t install /opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext
/opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext: accepted
source=XXXXXInstall
origin=XXXXXCoder
$ kextutil -tn /opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext
Diagnostics for /opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext:
Code Signing Failure: code signature is invalid
/opt/local/Library/Filesystems/osxfusefs.fs/Support/osxfusefs.kext appears to be loadable (including linkage for on-disk libraries).
在小牛队,这个kext加载了警告信息,在优胜美地上它不会.
我注意到 …