ASPIRE

macOS安全性之软件安装的限制

=Start=

缘由:

简单整理一下前段时间碰到的几个小问题,方便后面有需要的时候参考。

正文:

参考解答:

先记录一下安装pkg包失败的2种原因及解决办法。

安装pkg包报错:安装失败

报错信息:
“安装器遇到了一个错误,导致安装失败。请联系软件生产企业以获得帮助”

可能原因1:当前安全设置不允许非appstore和被认可的开发者的应用安装


# macOS Ventura 之前的系统
在【系统偏好设置】-【安全性与隐私】-【通用】-【允许从以下位置下载的应用】中选择「任何来源」,然后再安装。如果依然安装失败可以重启电脑后再试一次。

# macOS Ventura 及之后的系统
系统设置-隐私与安全性-安全性-允许从以下位置下载的应用程序(只有【App Store】和【App Store和被认可的开发者】这2个选项),需要用下面的disable命令开启【任何来源】的选项

$ spctl --status
assessments enabled #app store和被认可的开发者

$ sudo spctl --master-disable

$ spctl --status
assessments disabled #任何来源

$ man spctl
...
EXAMPLES
     To check whether Mail.app is allowed to run on the local system:
           spctl -a /Applications/Mail.app

     To allow Frobozz.app to run on the local system:
           spctl --add --label "My Stuff" /Applications/Frobozz.app

     To forbid all code obtained from the Mac App Store from running:
           spctl --disable --label "Mac App Store"
...

$ spctl kext-consent status
$ spctl kext-consent list
Allowed Team Identifiers:
99U9VSN546

$ sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy
sqlite> SELECT * FROM kext_policy;

可能原因2:【安装器】没有“下载”文件夹的权限

一般是当前最新的 macOS Ventura 13.x 系统会出现这个情况,解决办法就是在:
系统设置-隐私与安全性-完全磁盘访问权限
这里给【安装器】开启相应权限即可。

参考链接:

Getting the Team ID of kernel extensions in macOS 10.13 (and higher?)
https://technology.siprep.org/getting-the-team-id-of-kernel-extensions-in-macos-10-13-and-higher/

Mac安装pkg包报错:安装失败 “安装器遇到了一个错误,导致安装失败,请联系软件制造商以获得帮助
https://blog.csdn.net/magic_jiayu/article/details/105939865

Mac安装软件时提示已损坏的解决方法
https://www.jianshu.com/p/af740a944d25

Mac OS使用SSL常见问题
https://bbs.sangfor.com.cn/forum.php?mod=viewthread&tid=38040

=END=

Docker

,
, , ,

《“macOS安全性之软件安装的限制”》 有 3 条评论

  1. 如何查找Mac应用的bundle ID
    Find the bundle ID of an app on Mac
    https://www.hexnode.com/mobile-device-management/help/how-to-find-the-bundle-id-of-an-application-on-mac/
    `
    # Method 1
    osascript -e ‘id of app “App Name”‘
    osascript -e ‘id of app “Finder”‘

    # Method 2 (This method is applicable only for apps available on the Mac App Store.)

    # Method 3
    1. Open Finder on your Mac.
    2. Head on to Applications.
    3. Right-click on the required application and select ‘Show Packaged Contents’.
    4. Open the Contents folder of that application.
    5. Open the info.plist file using either Xcode or TextEdit. You can find the bundle ID of that application in this file.
    `

    回复

  2. How to get Bundle ID of Mac application?
    https://stackoverflow.com/questions/39464668/how-to-get-bundle-id-of-mac-application
    `
    osascript -e ‘id of app “SomeApp”‘

    mdls -name kMDItemCFBundleIdentifier -r SomeApp.app

    /usr/libexec/PlistBuddy -c ‘print CFBundleIdentifier’ /Applications/Xcode.app/Contents/Info.plist

    defaults read /Applications/Xcode.app/Contents/Info.plist CFBundleIdentifier

    # 查看应用的 info.plist 文件即可
    if you just need it to launch the app look in the app’s info.plist file. the file is in the app bundle in the Contents directory. This works for a lot of apps.
    `

    回复

  3. Audits / Item Search
    https://www.tenable.com/audits/items/search
    `
    As benchmarks are released from source authorities, Tenable Research implements the guidance in its audit language. These audit files are executed and evaluated by Tenable sensors, and reported in Tenable products. Tenable Research has published 1246 audits covering 452 benchmarks from source authorities and vendors that include Center for Internet Security, United States Defense Information Systems Agency, and Microsoft.

    Tenable Research已经发布了1246项审计,涵盖了452项基准,这些基准来自源机构和供应商,包括互联网安全中心(CIS)、美国国防信息系统局和微软。

    我的一些常用搜索关键词:
    icloud
    airdrop
    enable
    disable

    因为相对来说网上的macOS相关的审计和安全设置文章相对较少,且不够权威,有这么一个在线检索功能真的是非常方便和有用。其它系统/软件的其实也很有用。
    `

    回复

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注