All geek questions in one place

Codesign says “no identity”, however the person is on the keychains

I integrate code signing into our assemblies and created a custom keychain that is stored in the source tree and used to sign the code (it was copied to ~/Library/Keychains before use, so it is in a well-known place).

However, when I try to sign, I get an error message:

 $ /usr/bin/codesign --sign='Mac Developer: John Doe (AA1AAA1AAA)' \ --keychain=~/Library/Keychains/xxx.keychain \ dist/64/gmake/release/bin/libmylib.dylib Mac Developer: John Doe (AA1AAA1AAA): no identity found

But:

 $ security find-identity -p codesigning ~/Library/Keychains/xxx.keychain Policy: Code Signing Matching identities 1) 49F2FBE79899DF18A9638AC6B1302E2EB6E079AD "Mac Developer: John Doe (AA1AAA1AAA)" 1 identities found Valid identities only 1) 49F2FBE79899DF18A9638AC6B1302E2EB6E079AD "Mac Developer: John Doe (AA1AAA1AAA)"

Therefore, I do not understand why codesign cannot find the identifier.

Can anyone suggest a solution?

Note that I also tried with the SHA-1 ID with the same result.

+6
source share
1 answer

Some code error messages are less than clear. The problem here is that codeign could not find the keychain, and this is caused by using --keychain=~/path . This is interpreted as a single argument and tilde expansion is not performed. If you change your command to use separate arguments, it will work as expected:

 codesign --sign 'Mac Developer: John Doe (AA1AAA1AAA)' \ --keychain ~/Library/Keychains/xxx.keychain \ dist/64/gmake/release/bin/libmylib.dylib
+8
source

Source: https://habr.com/ru/post/955254/

More articles:


All Articles