问题
OSX El Capitan version 10.11.4
I am building an application in Xcode and signing it with an official developer cert. I then package this into a DMG which I am also signing.
My application listens for TCP connections on a specific port (7772 in this case).
I verified the signature:
$ codesign -dvvvv /Applications/Foo.app/
Executable=/Applications/Foo.app/Contents/MacOS/Foo
Identifier=com.foo.bar.Foo
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=69949 flags=0x0(none) hashes=2179+4 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=188672458e5a40f9f5eb72a864ecaee6dbb46970
CandidateCDHash sha256=c0f4bc81011db7123d8bf881d14868e6e4203cdf
Hash choices=sha1,sha256
CDHash=c0f4bc81011db7123d8bf881d14868e6e4203cdf
Signature size=8912
Authority=Developer ID Application: *** Inc. (3********2)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Apr 15, 2016, 4:12:19 PM
Info.plist entries=27
TeamIdentifier=3*********2
Sealed Resources version=2 rules=12 files=32
Internal requirements count=1 size=192
When I reboot with the firewall enabled I get a prompt asking me to allow the application to accept incoming connections.
If I say ok, then it works (obviously) and if "deny" then the firewall blocks the port.
My question is why am I getting prompted if my app signature is good?
Once I hit "accept" I don't see it in my firewall applications either.
EDIT: I forgot to mention that my firewall is configured to "Automatically allow signed software to receive incoming connections". That's why I'm puzzled since my app is being signed and passes codesign verification.
回答1:
According to this:https://developer.apple.com/library/content/documentation/Security/Conceptual/CodeSigningGuide/AboutCS/AboutCS.html
you should check the Code Designated Requirement: codesign -vv yourapp.app
来源:https://stackoverflow.com/questions/36656531/why-is-osx-continually-asking-for-firewall-permission-for-my-app-which-is-signed