usr/bin/security find-identity -v # this should list the two keys imported aboveįollowed by the signing: /usr/bin/codesign -force -sign "Developer ID Application: $DEV_NAME ($TEAM_ID)" -keychain packaging.keychain -deep -timestamp -o runtime -vvvv -entitlements gen.build/ist gen.build/pkgroot/Applications/$APP_NAME.app/Contents/Resources/lib/$DYLIB_NAME.dylib usr/bin/security set-key-partition-list -S apple-tool:,apple: -k $KC_PASSWORD -t private packaging.keychain usr/bin/security import $KEY_DIR/12 -A -k packaging.keychain -P $KEY_PASSWORD usr/bin/security list-keychains -d user -s packaging.keychain $OTHER_KEYCHAINS_IF_ANY usr/bin/security unlock-keychain -p $KC_PASSWORD packaging.keychain usr/bin/security set-keychain-settings packaging.keychain usr/bin/security create-keychain -p $KC_PASSWORD packaging.keychain Specifically, my build script effectively does the following: This answer provided the final piece of the solution for me (which was the "set-key-partition-list" magic): Security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$"īut we don’t know how to run it nor if this is the right thing to do. If it still doesn’t work, e.g the login keychain is empty and you have a code sign error, create a self signed certificate for Code Signing in the login keychain. Delete certificates that don’t need to be there. There should be 9 certificates listed in the system keychain.Įven if you have the right number of certificates in the system keychain and they access control is codesign or allow all applications, there could still be codesign issues. Check both the login and system keychains for duplicates. If there are e.g 36 entities, there could be doubled. When running this command in the Terminal , it returns a list of valid entities:įor example, a list of 18 entities: 9 public key and the 9 corresponding private keys Troubleshooting further: Check that all the required provisioning profiles are present for all territories for release-enterprise and release-appstore. If not, either use scp to copy the missing profiles to this folder or use drag and drop from your local Finder to the remote Finder in Screen Sharing (drag and drop of files is a little fiddly, but it works). Then type the following in a Terminal window to reboot the system:Ĭheck that all the required provisioning profiles are present for all territories for release-enterprise and release-appstore and that they match the certificates installed in Keychain AccessĬd into the ~ /Library/MobileDevice/Provisioning\ Profiles and check if the required provisioning profiles are present. If code signing still doesn't work, in Keychain Access, select File > Unlock All Keychains then File > Lock All Keychains. If the certificates are NOT trusted, please install the certificate from Apple WorldWide Developer Certificate Authority: Select the Access Control tab in the info window.Īccess control should be either Allow all applications to access this item or Confirm before allowing access selected with codesign listed in the applications allowed to access: Right click the private key and select Get Info. Now, check that the access control is correct in Keychain Access. NB: Sometimes, you need to repeat the process several times before you get the right access controls. Better have an approach where you import the certificates one by one, territory by territory. NB: It is not recommended to import a p12 with multiple certificate. p12 -P -k /Library/Keychains/System.keychain -T /usr/bin/codesign Run the following command to import again the certificate with the right access controls: If not, expand the certificate for the territory (arrow), select both the public and the private key underneath it and delete: you will be prompted to enter the password The CodeSign issue is still there:Ĭheck that all the required certificates are present in Keychain AccessĬheck that the access control of all certificates is correctĬheck that the certificate for the corresponding territory has the right access control (either code sign or all apps) We have a troubleshooting page and we tried all of the following, to no avail. We have a persistent CodeSign issue with the following error shown in the log when running an iOS build on a Jenkins node with macOS Catalina 10.15.7:Ĭommand CodeSign failed with a nonzero exit code
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |