In the past, I had to code the .dmg file.
The old certificate has since expired, and I have a new one with which to sign. No problem, right? Do what I did last time? Yes. I exported a new certificate chain and private key as a .pfx file on Windows. It would seem that I can import this directly into the Keychain OS X tool without going into .p12 in the first place. So I did.
When it comes time to actually have a codeword, first try saying that it cannot determine which certificate to use. Therefore, I put the old chain of certificates and the private key in one key fob (2011), and the new one in another (2012) and I will try again:
So...
codesign -s "Identifier Name" --keychain 2012.keychain --verbose --dryrun somefile.dmg
Returns ...
somefile.dmg: signed []
BUT!
codesign -s "Identifier Name" --keychain 2012.keychain --verbose somefile.dmg
Returns ...
somefile.dmg: Argument list too long
And just to be sure ...
codesign -d --verbose somefile.dmg
shows ...
somefile.dmg: code object is not signed
And for the kicks and giggles
codesign -s "Identifier Name" --keychain 2011.keychain --verbose somefile.dmg
shows ...
somefile.dmg: signed generic [somefile.dmg]
tl; dr I can still sign everything in order with my expired certificate, but when I try to do this with a new one, it works on dryrun, but when I try to sign the real one, the command returns a list of arguments that is too long.
I tried to figure this out for about two weeks, and now that I can find from the search, nothing was found in this cryptic error message.
Any ideas on what's going on, or what else can I do?
Thanks,
-Lunpa