Having issue with allowing codesign to use my keychain

Question

I am using El Capitan and Xcode 7.1 , I am trying to build and archive my application to upload to app store . After compiling this alert pops up :

but Always Allowand Allow buttons do not work at all ,but Deny cancels the alert! how should I fix this issue ? I am using new iMac and transferred all data from my older mac to this new one . This issue even happens with Safari , when a website wants to access password from keychain .

This is console log :

SecurityAgent[1476]: Ignoring user action since the dialog has received events from an untrusted source

I have looked into this question but I am not sharing anything !

Answer 1

Found the solution :

Third-party utilities such as Alfred, TextExpander, or MagicPrefs might appear to take "control" of the window as far as the OS is concerned. You can find the culprit by disabling them all, and turning them on one by one until you find one (or more) which affects Keychain in that manner. Credit : https://apple.stackexchange.com/questions/212622/keychain-wont-let-copy-passwords-after-10-11-1-update

In my case I just uninstalled MagicPref application and the problem solved

Answer 2

Not sure if you already figured this out but I faced this exact issue the other day. Is your Xcode build box remote? Is ARD/VNC enabled? Apple recently released an update for CVE-2015-5943 'A malicious application can programmatically control keychain access prompts' that made it so the always allow/allow buttons didn't work is VNC/ARD is used. The other thing that can cause that error to come up is apps that modify system input like Smoothmouse or MagicPrefs.

You can get around this by re-importing the private key and trusting the codesign binary on import. If you don't have the original private key .p12 file, you may be able to export it from your Keychain. You'll want to remove the private key from the keychain before reimporting (make sure you have the private key backed up somewhere first!!).

To import and trust the codesign binary, you can use this command.

security import /tmp/my-cert-path.p12 -k /Users /xcodeuser/Library/Keychains/login.keychain -P mysupercoolprivatekeypassword -T /usr/bin/codesign

If you need to keep adding trusted apps to the private key, I would definitely make sure to keep your developer private keys backed up elsewhere from here on out. If you lose the private key and cannot export from Keychain Access, think you may need to regenerate it if you don't have local access to the box (we use a remote hosted Mac Mini).

The log entry you posted is the correct one.

SecurityAgent[1476]: Ignoring user action since the dialog has received events from an untrusted source

'About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks' https://support.apple.com/en-us/HT205375

Other folks facing same issue:

El Capitan + Xcode 7.1 not letting me allow enterprise signing

https://superuser.com/questions/1004881/osx-10-11-1-keychain-access-does-not-allow-change-to-access-permission

http://nerdanswer.com/answer.php?q=1181710