I am trying to migrate our build server to a new machine.
I exported the certificate and imported it on the new machine.
But when I get error when I am trying to run codesign
Warning: unable to build chain to self-signed root for signer "Developer ID Application: xxxxxxx"./workspace/onCourseServer.app: errSecInternalComponent
I tried deleting the certificate and reimporting it, adding always trust; I also tried regenerating the certificate and using the new certificate on the new mac. But none of them worked. I am still getting the same error.
The new mac is running the mojave.
Related
I am using github action to create archive ios build. While github runs my yml file, it gives error stating:
security: SecKeychainItemImport: MAC verification failed during PKCS12 import (wrong password?)
I rechecked my certificates and provisioning profiles, and able to create build on my local system using xcloud.
I'm trying to build for App Store but I got the error Command /usr/bin/codesign failed with exit code 1. I tried to clean DerivedData, restart computer, revoke keys and create new one. I had updated my mac to catalina and Xcode 11, before the upgrade it was working.
/Users/digistarts/Library/Developer/Xcode/DerivedData/Runner-glehwjejufujqwblxzreggowpgvb/Build/Intermediates.noindex/ArchiveIntermediates/Runner/InstallationBuildProductsLocation/Applications/Runner.app/Frameworks/Flutter.framework: replacing existing signature
Warning: unable to build chain to self-signed root for signer "Apple Development: Daniel Santana (85UL9U2WVT)"
/Users/digistarts/Library/Developer/Xcode/DerivedData/Runner-glehwjejufujqwblxzreggowpgvb/Build/Intermediates.noindex/ArchiveIntermediates/Runner/InstallationBuildProductsLocation/Applications/Runner.app/Frameworks/Flutter.framework: errSecInternalComponent
Command /usr/bin/codesign failed with exit code 1
In Keychain Access... The solution was right clicking on Apple Worldwide Developer Relations Certification Authority and select Get Info. In the Image bellow, I've change When using this certificate to Use System Defaults and the system asked me to put password. Now it's working \o/
In case it'll be helpful for someone else - I had the same problem, which only was reproduced with no internet connection, and as fast as I connect back - error disappears.
My project xamarin forms.
I had such a problem after renewing the certificate, it turned out at the end of the build on the Mac it asks for the user's password when checking the certificate.
Scenario:
I have a .pkg file that needs to be signed using TeamCity after our TeamCity build has completed.
Ideally this could be a build step or script that runs at the end. After research, I tried the following:
Script INPUT:
security import applicationkey.p12 -k login.keychain -P "password"
security import installerkey.p12 -k login.keychain -P "password"
security -v unlock-keychain -p "password" /Users/administrator/Library/Keychains/login.keychain
security -v unlock-keychain -u /Library/Keychains/System.keychain
productsign --keychain /Users/administrator/Library/Keychains/login.keychain --sign 'Developer ID Installer: Company LLC' CompanyInstaller.pkg CompanyInstallerSigned.pkg
pkgutil --check-signature CompanyInstallerSigned.pkg
OUTPUT:
unlock-keychain "-p" "mypassword" "/Users/administrator/Library/Keychains/login.keychain"
unlock-keychain "-u" "/Library/Keychains/System.keychain"
productsign: using timestamp authority for signature
productsign: signing product with identity "Developer ID Installer: Company LLC" from keychain /Users/administrator/Library/Keychains/login.keychain
productsign: adding certificate "Developer ID Certification Authority"
productsign: adding certificate "Apple Root CA"
2016-10-05 14:57:11.484 productsign[9385:29611120] SignData failed: CSSMERR_CSP_NO_USER_INTERACTION (-2147415840)
Error signing data.
productsign: error: Failed to sign the product.
QUESTION:
I've noticed many solutions to this mentioning to click the "Always Allow" from the dialog prompt the first time it appears in reference to the Keychain's Access Control, however my only known interaction with this build agent is through SSH. Is there a means to sign a .pkg using productsign on Teamcity mac build agent without gui interaction with this "Always Allow" prompt? Or, is there a way to login to the build agent and view a gui so I could click on this "Always Allow" to enable this?
Note: I've also tried saving the (local signing machine) private key's Access Control to "Allow all application to access this item", exported it, imported it to the build agent's login.keychain, then tried the above again, to only have the same output. When I do the same process on my macbookpro, everything works, however I do not recall if I did click "Alway Allow" from long ago.
Any thoughts? Much appreciated.
We ran into this problem as well - we are using TeamCity to sign packages on a Mac build agent.
The first time we set up the build agent, we imported the certificate into the keychain and granted the 'always allow' permission; this seemed to work. At some point the build agent was rebooted and then signing packages no longer worked, whatever we tried with permission & trust settings. We kept getting the SignData failed: CSSMERR_CSP_NO_USER_INTERACTION error.
We fixed this (hopefully for good!) by moving the certificate into the 'System' keychain (it was previously in the 'login') keychain. We didn't need to change our call to productsign at all - it picked up the system keychain correctly. I imagine that if you had the certificate in both keychains then you would need to tell productsign which keychain to use (--keychain ...).
Have some troubles with keystore file.
I make a request for certificate, using Keychain app.
Then I added a certificate in developer.apple site, using my request for certificate.
Then I downloaded certificate, and imported it into Keychain app.
Then I exported *.p12 file from this certificate, using Keychain assistant.
And this *.p12 file I am using to package my app. And when I do so, it raise an error:
Failed to package AIR application MyApp.app:
Unable to build a valid certificate chain for the signer.
Then I found this guy http://scottgaertner.com/code_signing/
And using his guide, I had a new error:
Failed to package AIR application MyApp.app:
Packaging failed. Packager internal error
Can anyone give me some advices?
I am using IntelliJ IDEA 14
UPD: Flash Builder 4.7 throws same error
I am trying to install ros-hydro-genmsg, but encountered the following error.
---> Attempting to fetch 0.4.23-0.tar.gz from https://github.com/ros-gbp/genmsg-release/archive/release/hydro/genmsg/
DEBUG: Fetching distfile failed: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
When I manually go to that link in whatever browser, the file is downloaded immediately. When trying to download it through macports, it does not accept the certificate? I have put both "DigiCert High Assurance EV Root CA > SSL" and "GTE CyberTrust Global Root > SSL" to Always trust like suggested elsewhere, but that did not work either.