codesign 使用教程

转载来自：https://www.jianshu.com/p/0124f10b2e00

codesign就是创建和管理证书的。下面列举一些基本的操作使用。

可以查看codesign的使用帮助

codesign --help

使用方法的命令

Usage: codesign -s identity [-fv*] [-o flags] [-r reqs] [-i ident] path ... # sign
       codesign -v [-v*] [-R=<req string>|-R <req file path>] path|[+]pid ... # verify
       codesign -d [options] path ... # display contents
       codesign -h pid ... # display hosting paths

查看签名

比如我们看一下xcode的签名，我们使用 -d -v 参数，-d 是display展示签名信息的意思，-v 是verbose的意思，越多的verbose显示信息越多，通常3个就已经足够了。

codesign -dvvv  /Applications/DingTalk.app
Executable=/Applications/DingTalk.app/Contents/MacOS/DingTalk
Identifier=com.alibaba.DingTalkMac
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=633443 flags=0x10000(runtime) hashes=19784+7 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=63e8287f9faaf802e7b3706311a01172f2cd5736
CandidateCDHashFull sha256=63e8287f9faaf802e7b3706311a01172f2cd5736b2ca91d463de55be4642ec74
Hash choices=sha256
CMSDigest=63e8287f9faaf802e7b3706311a01172f2cd5736b2ca91d463de55be4642ec74
CMSDigestType=2
Launch Constraints:
    None
CDHash=63e8287f9faaf802e7b3706311a01172f2cd5736
Signature size=9032
Authority=Developer ID Application: Taobao (China) Software CO.,LTD (XN6U3EV979)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Aug 14, 2023 at 3:59:53 PM
Info.plist entries=41
TeamIdentifier=XN6U3EV979
Runtime Version=13.3.0
Sealed Resources version=2 rules=13 files=2990
Internal requirements count=1 size=216

上面的签名中没有显示一些额外的信息，比如授权机制 entitements信息 。那么如何显示证书中的其他信息呢，在查看时使用 --entitlements 选项可以查看，比如：

codesign -d --entitlements - /Applications/DingTalk.app
Executable=/Applications/DingTalk.app/Contents/MacOS/DingTalk
[Dict]
    [Key] com.apple.security.app-sandbox
    [Value]
        [Bool] false
    [Key] com.apple.security.application-groups
    [Value]
        [Array]
            [String] com.alibaba.DingTalk-Helper
    [Key] com.apple.security.assets.movies.read-write
    [Value]
        [Bool] true
    [Key] com.apple.security.assets.music.read-write
    [Value]
        [Bool] true
    [Key] com.apple.security.assets.pictures.read-write
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.allow-dyld-environment-variables
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.allow-jit
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.allow-unsigned-executable-memory
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.debugger
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.disable-executable-page-protection
    [Value]
        [Bool] true
    [Key] com.apple.security.cs.disable-library-validation
    [Value]
        [Bool] true
    [Key] com.apple.security.device.audio-input
    [Value]
        [Bool] true
    [Key] com.apple.security.device.bluetooth
    [Value]
        [Bool] true
    [Key] com.apple.security.device.camera
    [Value]
        [Bool] true
    [Key] com.apple.security.files.downloads.read-write
    [Value]
        [Bool] true
    [Key] com.apple.security.files.user-selected.read-write
    [Value]
        [Bool] true
    [Key] com.apple.security.network.client
    [Value]
        [Bool] true
    [Key] com.apple.security.network.server
    [Value]
        [Bool] true
    [Key] com.apple.security.personal-information.calendars
    [Value]
        [Bool] true
    [Key] com.apple.security.print
    [Value]
        [Bool] true