Menu
I'm in the process of release testing a library. The process requires testing on a Jail Broken iOS device. For that, I use an old iPad 1 running iOS 5.1 jail broken with RedSn0w.
RedSn0w does not patch the Gatekeeper service (code signing), so I need to use my developer account and sign the binary I am testing (Absinthe does patch Gatekeeper, and its why you can use ldid to generate phony signatures).
Attempting to sign results in:
$ codesign -s "John Doe" cryptest.exe
John Doe: ambiguous (matches "Mac Developer: John Doe (3VT8SJ9C5)" and "iPhone Developer:
John Doe (3VT8SJ9C5)" in /Users/jdoe/Library/Keychains/login.keychain)
I made a pass through codesign(1), but I don't how to resolve it since they are the same KeyIDs. Using a KeyID produces the same message.
How do I remove the ambiguity when signing the executable?
782
This happens when two certificates of the same identity are present in the keychain:
The codesign tool requires there only be one.
NOTE: The mention of
ldidin your question might need a bit more clarification as to how it relates to your Apple issued codesigning certificates, or what the concern there is exactly.
Duplicate certificates sometimes appear in the keychain as a result of one being expired which was never removed. Apple has some instructions for resolving such issues, although you might need to go a bit outside the normal procedure for resolving it if the following doesn't work:
Finally, if the error persists even after creating new certificates, please control-click on the affected certificate in Keychain Access, choose "New Identity Preference" and click the 'Certificate' field. If you see duplicate certificates listed in here, this is an known and uncommon issue with Keychain Access. To work around the problem, try the following:
Keychain Access > Edit > Keychain List, uncheck "Shared" for the login keychain.
If going back into the Keychain List you find the login keychain is still marked as Shared, create a backup of the following files and then remove them if they exist:
/Library/Preferences/com.apple.security-common.plist
~/Library/Preferences/com.apple.security.plist
Then retry your build...
If you fail to resolve the issue by the steps above then try searching for one of the certificates listed in the error message. Once you find the certifcate in question delete either the expired one, or the one that is conflicting with the one you need.
If you have multiple codesigning certificates you will want to specify which one to use (if codesigning from the command line) by using the -s option:
codesign -s <certificate name> -vvvv foo.app
-s, --sign identity Sign the code at the path(s) given using this identity. See SIGNING IDENTITIES in man codesign.
Optional:
-v, --verify Requests verification of code signatures. If other actions (sign, display, etc.) are also requested, -v is interpreted to mean --verbose.
For example, in your case:
codesign -s "iPhone Developer: John Doe" cryptest.app
If you have multiple (conflicted) certificate names, you can create a new keychain and import the desired certificate into it. The "Keychains" list in "Keychain Access" is a sortable list. Therefore be sure your new keychain is at the top of the list.
Then add --keychain <path to new keychain file> to your codesign command line.
The path is typically /Users/<username>/Library/Keychains/<keychain name>.keychain-db
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
