෮श Code Signing 2016.12.03 Cocoaษڧձؔ੢ #70 https://cocoa-kansai.connpass.com/event/44431/ by T. MOTOOKA

ࣗݾ঺հ T. MOTOOKA ʛ @t_motooka ຊۀɿWeb ΞϓϦ։ൃӡӦ झຯɿPDF / SVG / iOS / ϩάΛݟΔ ۙگใࠂɿMacΞϓϦ͸͡Ί·ͨ͠

ࣗݾ঺հɿաڈͷMacΞϓϦ ࣌ܭ PPC FileCacherPPC ߴߍ2೥ੜͷࠒͷ࡞඼ ߴߍ1೥ੜͷࠒͷ࡞඼ MacΞϓϦྺ20೥ͷϕςϥϯʂʂ ʢ19೥΄ͲϒϥϯΫ͋Γʣ

͓୊ɿCode Signing

໨࣍ Code Signing : ҙຯͱ࢓૊Έ ূ໌ॻͷछྨ Mac App Store ϦϦʔε࣌ ॺ໊Λݕূ͢Δ ࢀߟจݙ

CodeSigning : ҙຯͱ࢓૊Έ

Code Signing ௚઀ͷ໨త iOSΞϓϦΛ ࣮ػʹೖΕΔ࣌ʹඞཁ App Store Ͱ഑෍͢Δ࣌ʹඞཁɹͳͲ MacΞϓϦΛ Mac App Store Ͱ഑෍͢Δ࣌ʹඞཁ ௚઀഑෍͢Δ࣌ʹඞཁɹͳͲ ͳͲ

Code Signing ຊདྷͷ໨త ड͚औΓखɾϢʔβʔʹରͯ͠ ॺ໊ऀ͕࡞ͬͨόΠφϦͰ͋Δ͜ͱΛূ໌͢Δ ʮt_motookaͷΞϓϦʯͱॻ͍ͯ͋Δ͜ͱ͕৴༻Ͱ͖Δ վ͟Μ͞Ε͍ͯͳ͍͜ͱΛূ໌͢Δ ʮt_motookaͷΞϓϦʯͱॻ͔Εͯ͋ΔͳΒɺ t_motookaҎ֎ͷਓͷख͸ՃΘ͍ͬͯͳ͍ͱ৴͡ΕΔ

࢓૊Έɿॺ໊ ॺ໊ର৅ͷσʔλͷϋογϡ஋Λܭࢉ͢Δ ॺ໊ऀͷൿີ伴Ͱϋογϡ஋Λ҉߸Խˠσδλϧॺ ໊ ॺ໊ର৅ͷσʔλʹ࣍ͷ΋ͷΛఴ෇ ॺ໊ऀͷূ໌ॻʢˠൿີ伴ʹରԠ͢Δެ։伴ʣ σδλϧॺ໊ʢൿີ伴Ͱ҉߸Խͨ͠ϋογϡ஋ʣ

࢓૊Έɿॺ໊ͷݕূ ॺ໊ऀͷূ໌ॻ͕৴པͰ͖Δ͔ʁͷݕূ Appleͷॺ໊Λड͚͍ͯΔ͔ʁͱ͍͏؍఺ ॺ໊ର৅ͷσʔλͷϋογϡ஋Λܭࢉ͢Δ σδλϧॺ໊Λॺ໊ऀͷূ໌ॻʢެ։伴ʣͰ෮߸ ෮߸ͨ͠΋ͷͱϋογϡ஋ͱ͕Ұகͨ͠ΒOK

CodeSigning : ҙຯͱ࢓૊Έ ҙຯͱ࢓૊ΈΛ஌͍ͬͯΔͱ ূ໌ॻ࡞੒ͷ࡞ۀ͕ɺ஗଺ແ͘Ͱ͖ΔΑ͏ʹͳΔ ূ໌ॻ࡞੒ͷ࡞ۀ͕ɺ΢β͘ͳ͘ͳΔ Τϥʔϝοηʔδͷҙຯ͕Θ͔ΔΑ͏ʹͳΔ ʮূ໌ॻॺ໊ཁٻʯΛεϥεϥݴ͑ΔΑ͏ʹͳΔ

ূ໌ॻͷछྨ

ূ໌ॻͷछྨɿiOS Code Signing iOS App Development : ࣮ػ։ൃ༻ App Store and Ad Hoc : ഑෍༻ ͦΕҎ֎ Apple Push Notification service SSL : ϓογϡ௨஌༻ Apple Pay Certificate : औҾσʔλ෮߸༻

ূ໌ॻͷछྨɿMac Mac Development : DebugϏϧυ༻ Mac App Distribution : Mac App Store ༻ Mac Installer Distribution : Mac App Store ఏग़༻ Developer ID : Mac App Store Ҏ֎Ͱͷ഑෍༻ Developer ID ͚ͩ͸࡞੒ʹ “Agent” ݖݶ͕ඞཁ

ূ໌ॻͷछྨɿ༗ӹͳࢿྉ https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/ MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW41

Mac App Store ϦϦʔε࣌

Mac App Store ϦϦʔε࣌ Ϣʔβͷखݩʹಧ͘ͱ͖ɺ
 Apple Mac OS Application Signing ʹΑͬͯॺ໊͞Ε ͳ͓͞Ε͍ͯΔ

ॺ໊Λݕূ͢Δ

MacΞϓϦͷॺ໊ݕূ $ codesign -v hogehoge.app/ ॺ໊͞Εͯͳ͍ͱ͖ͷग़ྗྫ
 SuddenDeathMac.app: code object is not signed at all ਖ਼͘͠ॺ໊͞Ε͍ͯΔͱ͖͸ɺԿ΋ग़ྗ͞Εͳ͍ ॺ໊ޙʹվ͟Μ͞Εͨͱ͖ͷग़ྗྫ
 malware.app/: invalid Info.plist (plist or signature have been modified)

վ͟Μͨ͠ΞϓϦΛىಈ EXC_CRASH (Code Signature Invalid)

MacΞϓϦͷॺ໊ݕূɿৄࡉ $ codesign -dv --verbose=4 Adobe\ Illustrator.app/ Executable=/Applications/Adobe Illustrator CC 2017/Adobe Illustrator.app/Contents/MacOS/Adobe Ill Identifier=com.adobe.illustrator Format=app bundle with Mach-O thin (x86_64) CodeDirectory v=20200 size=112005 flags=0x0(none) hashes=5593+3 location=embedded OSPlatform=36 OSSDKVersion=658176 OSVersionMin=657920 Hash type=sha1 size=20 CandidateCDHash sha1=bbbdf9c2baa5c04ad85913f370dec5b680143b80 Hash choices=sha1 Page size=4096 CDHash=bbbdf9c2baa5c04ad85913f370dec5b680143b80 Signature size=8524 Authority=Developer ID Application: Adobe Systems, Inc. Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=2016/10/11 8:18:04 Info.plist entries=24 TeamIdentifier=JQ525L2MZD Sealed Resources version=2 rules=12 files=17323 Internal requirements count=1 size=184

MacΞϓϦͷॺ໊ݕূ ৄࡉදࣔ࣌ʢ-dv --verbose=4ʣ͸վ͟Μݕ஌͠ʹ͘ ͍͜ͱʹ஫ҙʂ

iOSΞϓϦͷॺ໊ݕূ ʢ͕࣌ؒແͯ͘ௐ΂͖Εͳ͔ͬͨɻਐḿμϝɻʣ

ࢀߟจݙ

ࢀߟจݙ Code Signing Guide
 https://developer.apple.com/library/content/documentation/Security/ Conceptual/CodeSigningGuide/Introduction/Introduction.html App Distribution Guide
 https://developer.apple.com/library/content/documentation/IDEs/ Conceptual/AppDistributionGuide/Introduction/Introduction.html#//apple_ref/ doc/uid/TP40012582-CH1-SW1 Distributing Apps Outside the Mac App Store
 https://developer.apple.com/library/content/documentation/IDEs/ Conceptual/AppDistributionGuide/DistributingApplicationsOutside/ DistributingApplicationsOutside.html


·ͱΊ ཧ۶Λ஌Ε͹ɺ࡞ۀ͕ݟ͑ͯ͘Δɻ Code Signing Λཧղͯ͠ɺ
 ϦϦʔε௚લͷτϥϒϧΛճආ͠Α͏ʂ ϓογϡ௨஌ɺExtensionɺAppleWatchɺApplePay
 ূ໌ॻ͕ඞཁͳػձ͸೥ʑ૿͑ΔҰํ
 ɹˠɹجૅΛԡ͑ͯ͞ϥΫ͠Α͏ʂ

Կ͔࣭͝໰ͳͲ͋Ε͹

׬