Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Codesign says "no identity found" however the identity is on the keychain

Tags:

macos

certificate

code-signing

keychain

I am integrating code signing into our builds and have created a custom keychain which is held within the source code tree and used to sign the code (it's copied to ~/Library/Keychains before being used, so it's in a well known location).

However when attempting to sign I get an error:

$ /usr/bin/codesign --sign='Mac Developer: John Doe (AA1AAA1AAA)' \
    --keychain=~/Library/Keychains/xxx.keychain \
    dist/64/gmake/release/bin/libmylib.dylib

Mac Developer: John Doe (AA1AAA1AAA): no identity found

However:

$ security find-identity -p codesigning ~/Library/Keychains/xxx.keychain

Policy: Code Signing
  Matching identities
  1) 49F2FBE79899DF18A9638AC6B1302E2EB6E079AD "Mac Developer: John Doe (AA1AAA1AAA)"
     1 identities found

  Valid identities only
  1) 49F2FBE79899DF18A9638AC6B1302E2EB6E079AD "Mac Developer: John Doe (AA1AAA1AAA)"

So I don't understand why codesign is unable to find the identity.

Can anyone suggest a solution?

Note that I have also tried with the identity's SHA-1, with the same result.

like image 696
trojanfoe Avatar asked Oct 04 '13 14:10

trojanfoe

People also ask

What is Codesign in Mac?

You use the codesign command to interrogate an app or other signed entity about its signature. To verify the signature on a signed binary, use the -v option with no other options: codesign -v <code-path>

What is code signing identity?

And, the Signing Identity in the Code Signing Identity is something, which consists of a public and private key pair that are specially created by an Apple. In other words, Code Signing Identity is referred to as the Common Name of the certificates which are installed in the Developer's machine Keychain.

How do I revoke a developer ID application certificate?

Mac (and iOS) App Store certs have a "Revoke" button you can press, whereas Developer ID certs do not have a "Revoke" button. You have to email Apple Product Security to request that your Developer ID cert be revoked. You might do this if the private key for your cert becomes compromised.

1 Answers

Some of codesign's error messages are less than clear. The problem here is that codesign couldn't find the keychain, and that is caused by the use of --keychain=~/path. This is interpreted as a single argument and no tilde expansion is performed. If you modify your command to use separate arguments it should work as expected:

codesign --sign 'Mac Developer: John Doe (AA1AAA1AAA)' \
    --keychain ~/Library/Keychains/xxx.keychain \
    dist/64/gmake/release/bin/libmylib.dylib
like image 68
Matt Stevens Avatar answered Sep 23 '22 07:09

Matt Stevens
Sign in to Comment

Related questions

NSView's Drawing Context
netsession_mac using a lot of CPU. What is it? [closed]
How to use a password from the keychain within an applescript running within Mail.app?
CGContextClip() using an inverted path
Can I version a path in git whose name is operating system dependent
Load dynamic library from memory
How to open a window from mac terminal
Encoding issues on Java 7 file names in OS X
SceneKit smooth camera movement
What is the representation of the mac command key in the terminal?
Curly braces in visual studio running desktop parallels mac
Problems making a node.js app connect to PostgreSQL, using node-orm (under osx 10.6.8)
NSScrollView padding
How to set java environment variable on mac
Errno 35 (EAGAIN) returned on recv call
Checking if NSButton is down on drawRect
How can I programmatically get the list of open file descriptors for a given PID on OS X?
How to install JDK 8 on OS X Mountain Lion with the new lambda features
Installing jpype in Mountain Lion
mac upgrading native php with homebrew, not getting it to work

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!