Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

productsign error: SignData failed: CSSMERR_CSP_NO_USER_INTERACTION

When signing an app from an ssh terminal session, I am getting the following error:

productsign[29321:707] SignData failed: CSSMERR_CSP_NO_USER_INTERACTION (-2147415840)

productsign was working until recently.

How do I get around this error?

like image 745
Danny Schoemann Avatar asked Apr 29 '13 12:04

Danny Schoemann


3 Answers

I solved it by accident - after combing the web for hours - while reproducing the steps when filing an incident report with Apple Support.

From the Mac (as opposed to from an ssh session) the same command generated a popup asking for permission to access the Keychain.

After choosing "Always Allow" the problem went away. Forever.

like image 173
Danny Schoemann Avatar answered Sep 28 '22 06:09

Danny Schoemann


try to unlock keychain from this terminal:

security -v unlock-keychain -p "<Password>" "/Users/<UserName>/Library/Keychains/login.keychain"
like image 33
lexa-b Avatar answered Sep 28 '22 06:09

lexa-b


Based on Danny Schoemann's answer and my own research I found complete solution for me:

  1. You really need login to your mac machine using GUI, first time, and sign anything with the certificate that you need. Then you will get request window with available option "Always allow" to use this certificate (or smth like that).

    • Important: if you need to use productsign with ssh or other console session (like Jenkins), your certificate must by installed into system scope, but not into user scope. enter image description here enter image description here
  2. If you need to keep your certificate in user scope, you need to unlock your keychain every time in console session when you need to sign something (as Alex wrote):

    security -v unlock-keychain -p "Password" /Users/<UserName>/Library/Keychains/login.keychain"

    You may put it into you build script.

    Obvious minus of this solution - you need to store your password in some unencrypted script, that is insecure, so I prefer first solution.

like image 44
Youw Avatar answered Sep 28 '22 05:09

Youw