Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Codesign says "no identity found" however the identity is on the keychain

I am integrating code signing into our builds and have created a custom keychain which is held within the source code tree and used to sign the code (it's copied to ~/Library/Keychains before being used, so it's in a well known location).

However when attempting to sign I get an error:

$ /usr/bin/codesign --sign='Mac Developer: John Doe (AA1AAA1AAA)' \
    --keychain=~/Library/Keychains/xxx.keychain \
    dist/64/gmake/release/bin/libmylib.dylib

Mac Developer: John Doe (AA1AAA1AAA): no identity found

However:

$ security find-identity -p codesigning ~/Library/Keychains/xxx.keychain

Policy: Code Signing
  Matching identities
  1) 49F2FBE79899DF18A9638AC6B1302E2EB6E079AD "Mac Developer: John Doe (AA1AAA1AAA)"
     1 identities found

  Valid identities only
  1) 49F2FBE79899DF18A9638AC6B1302E2EB6E079AD "Mac Developer: John Doe (AA1AAA1AAA)"

So I don't understand why codesign is unable to find the identity.

Can anyone suggest a solution?

Note that I have also tried with the identity's SHA-1, with the same result.

like image 696
trojanfoe Avatar asked Oct 04 '13 14:10

trojanfoe


People also ask

What is Codesign in Mac?

You use the codesign command to interrogate an app or other signed entity about its signature. To verify the signature on a signed binary, use the -v option with no other options: codesign -v <code-path>

What is code signing identity?

And, the Signing Identity in the Code Signing Identity is something, which consists of a public and private key pair that are specially created by an Apple. In other words, Code Signing Identity is referred to as the Common Name of the certificates which are installed in the Developer's machine Keychain.

How do I revoke a developer ID application certificate?

Mac (and iOS) App Store certs have a "Revoke" button you can press, whereas Developer ID certs do not have a "Revoke" button. You have to email Apple Product Security to request that your Developer ID cert be revoked. You might do this if the private key for your cert becomes compromised.


1 Answers

Some of codesign's error messages are less than clear. The problem here is that codesign couldn't find the keychain, and that is caused by the use of --keychain=~/path. This is interpreted as a single argument and no tilde expansion is performed. If you modify your command to use separate arguments it should work as expected:

codesign --sign 'Mac Developer: John Doe (AA1AAA1AAA)' \
    --keychain ~/Library/Keychains/xxx.keychain \
    dist/64/gmake/release/bin/libmylib.dylib
like image 68
Matt Stevens Avatar answered Sep 23 '22 07:09

Matt Stevens