復習 Code Signing

Transcript

1. ෮श Code Signing 2016.12.03 Cocoaษڧձؔ੢ #70 https://cocoa-kansai.connpass.com/event/44431/ by T. MOTOOKA

2. ࣗݾ঺հ T. MOTOOKA ʛ @t_motooka ຊۀɿWeb ΞϓϦ։ൃӡӦ झຯɿPDF / SVG

   / iOS / ϩάΛݟΔ ۙگใࠂɿMacΞϓϦ͸͡Ί·ͨ͠

3. ࣗݾ঺հɿաڈͷMacΞϓϦ ࣌ܭ PPC FileCacherPPC ߴߍ2೥ੜͷࠒͷ࡞඼ ߴߍ1೥ੜͷࠒͷ࡞඼ MacΞϓϦྺ20೥ͷϕςϥϯʂʂ ʢ19೥΄ͲϒϥϯΫ͋Γʣ

4. ͓୊ɿCode Signing

5. ໨࣍ Code Signing : ҙຯͱ࢓૊Έ ূ໌ॻͷछྨ Mac App Store ϦϦʔε࣌

   ॺ໊Λݕূ͢Δ ࢀߟจݙ

6. CodeSigning : ҙຯͱ࢓૊Έ

7. Code Signing ௚઀ͷ໨త iOSΞϓϦΛ ࣮ػʹೖΕΔ࣌ʹඞཁ App Store Ͱ഑෍͢Δ࣌ʹඞཁɹͳͲ MacΞϓϦΛ Mac

   App Store Ͱ഑෍͢Δ࣌ʹඞཁ ௚઀഑෍͢Δ࣌ʹඞཁɹͳͲ ͳͲ

8. Code Signing ຊདྷͷ໨త ड͚औΓखɾϢʔβʔʹରͯ͠ ॺ໊ऀ͕࡞ͬͨόΠφϦͰ͋Δ͜ͱΛূ໌͢Δ ʮt_motookaͷΞϓϦʯͱॻ͍ͯ͋Δ͜ͱ͕৴༻Ͱ͖Δ վ͟Μ͞Ε͍ͯͳ͍͜ͱΛূ໌͢Δ ʮt_motookaͷΞϓϦʯͱॻ͔Εͯ͋ΔͳΒɺ t_motookaҎ֎ͷਓͷख͸ՃΘ͍ͬͯͳ͍ͱ৴͡ΕΔ

9. ࢓૊Έɿॺ໊ ॺ໊ର৅ͷσʔλͷϋογϡ஋Λܭࢉ͢Δ ॺ໊ऀͷൿີ伴Ͱϋογϡ஋Λ҉߸Խˠσδλϧॺ ໊ ॺ໊ର৅ͷσʔλʹ࣍ͷ΋ͷΛఴ෇ ॺ໊ऀͷূ໌ॻʢˠൿີ伴ʹରԠ͢Δެ։伴ʣ σδλϧॺ໊ʢൿີ伴Ͱ҉߸Խͨ͠ϋογϡ஋ʣ

10. ࢓૊Έɿॺ໊ͷݕূ ॺ໊ऀͷূ໌ॻ͕৴པͰ͖Δ͔ʁͷݕূ Appleͷॺ໊Λड͚͍ͯΔ͔ʁͱ͍͏؍఺ ॺ໊ର৅ͷσʔλͷϋογϡ஋Λܭࢉ͢Δ σδλϧॺ໊Λॺ໊ऀͷূ໌ॻʢެ։伴ʣͰ෮߸ ෮߸ͨ͠΋ͷͱϋογϡ஋ͱ͕Ұகͨ͠ΒOK

11. CodeSigning : ҙຯͱ࢓૊Έ ҙຯͱ࢓૊ΈΛ஌͍ͬͯΔͱ ূ໌ॻ࡞੒ͷ࡞ۀ͕ɺ஗଺ແ͘Ͱ͖ΔΑ͏ʹͳΔ ূ໌ॻ࡞੒ͷ࡞ۀ͕ɺ΢β͘ͳ͘ͳΔ Τϥʔϝοηʔδͷҙຯ͕Θ͔ΔΑ͏ʹͳΔ ʮূ໌ॻॺ໊ཁٻʯΛεϥεϥݴ͑ΔΑ͏ʹͳΔ

12. ূ໌ॻͷछྨ

13. ূ໌ॻͷछྨɿiOS Code Signing iOS App Development : ࣮ػ։ൃ༻ App Store

    and Ad Hoc : ഑෍༻ ͦΕҎ֎ Apple Push Notification service SSL : ϓογϡ௨஌༻ Apple Pay Certificate : औҾσʔλ෮߸༻

14. ূ໌ॻͷछྨɿMac Mac Development : DebugϏϧυ༻ Mac App Distribution : Mac

    App Store ༻ Mac Installer Distribution : Mac App Store ఏग़༻ Developer ID : Mac App Store Ҏ֎Ͱͷ഑෍༻ Developer ID ͚ͩ͸࡞੒ʹ “Agent” ݖݶ͕ඞཁ

15. ূ໌ॻͷछྨɿ༗ӹͳࢿྉ https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/ MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW41

16. Mac App Store ϦϦʔε࣌

17. Mac App Store ϦϦʔε࣌ Ϣʔβͷखݩʹಧ͘ͱ͖ɺ
 Apple Mac OS Application Signing

    ʹΑͬͯॺ໊͞Ε ͳ͓͞Ε͍ͯΔ

18. ॺ໊Λݕূ͢Δ

19. MacΞϓϦͷॺ໊ݕূ $ codesign -v hogehoge.app/ ॺ໊͞Εͯͳ͍ͱ͖ͷग़ྗྫ
 SuddenDeathMac.app: code object is

    not signed at all ਖ਼͘͠ॺ໊͞Ε͍ͯΔͱ͖͸ɺԿ΋ग़ྗ͞Εͳ͍ ॺ໊ޙʹվ͟Μ͞Εͨͱ͖ͷग़ྗྫ
 malware.app/: invalid Info.plist (plist or signature have been modified)

20. վ͟Μͨ͠ΞϓϦΛىಈ EXC_CRASH (Code Signature Invalid)

21. MacΞϓϦͷॺ໊ݕূɿৄࡉ $ codesign -dv --verbose=4 Adobe\ Illustrator.app/ Executable=/Applications/Adobe Illustrator CC

    2017/Adobe Illustrator.app/Contents/MacOS/Adobe Ill Identifier=com.adobe.illustrator Format=app bundle with Mach-O thin (x86_64) CodeDirectory v=20200 size=112005 flags=0x0(none) hashes=5593+3 location=embedded OSPlatform=36 OSSDKVersion=658176 OSVersionMin=657920 Hash type=sha1 size=20 CandidateCDHash sha1=bbbdf9c2baa5c04ad85913f370dec5b680143b80 Hash choices=sha1 Page size=4096 CDHash=bbbdf9c2baa5c04ad85913f370dec5b680143b80 Signature size=8524 Authority=Developer ID Application: Adobe Systems, Inc. Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=2016/10/11 8:18:04 Info.plist entries=24 TeamIdentifier=JQ525L2MZD Sealed Resources version=2 rules=12 files=17323 Internal requirements count=1 size=184

22. MacΞϓϦͷॺ໊ݕূ ৄࡉදࣔ࣌ʢ-dv --verbose=4ʣ͸վ͟Μݕ஌͠ʹ͘ ͍͜ͱʹ஫ҙʂ

23. iOSΞϓϦͷॺ໊ݕূ ʢ͕࣌ؒແͯ͘ௐ΂͖Εͳ͔ͬͨɻਐḿμϝɻʣ

24. ࢀߟจݙ

25. ࢀߟจݙ Code Signing Guide
 https://developer.apple.com/library/content/documentation/Security/ Conceptual/CodeSigningGuide/Introduction/Introduction.html App Distribution Guide
 https://developer.apple.com/library/content/documentation/IDEs/

    Conceptual/AppDistributionGuide/Introduction/Introduction.html#//apple_ref/ doc/uid/TP40012582-CH1-SW1 Distributing Apps Outside the Mac App Store
 https://developer.apple.com/library/content/documentation/IDEs/ Conceptual/AppDistributionGuide/DistributingApplicationsOutside/ DistributingApplicationsOutside.html


26. ·ͱΊ ཧ۶Λ஌Ε͹ɺ࡞ۀ͕ݟ͑ͯ͘Δɻ Code Signing Λཧղͯ͠ɺ
 ϦϦʔε௚લͷτϥϒϧΛճආ͠Α͏ʂ ϓογϡ௨஌ɺExtensionɺAppleWatchɺApplePay
 ূ໌ॻ͕ඞཁͳػձ͸೥ʑ૿͑ΔҰํ
 ɹˠɹجૅΛԡ͑ͯ͞ϥΫ͠Α͏ʂ

27. Կ͔࣭͝໰ͳͲ͋Ε͹

28. ׬