On Feb 1, 2016, at 12:46 PM, Jens Alfke wrote: > >> On Jan 27, 2016, at 4:10 PM, Alex Zavatone <[email protected]> wrote: >> >> I’m wondering if it’s using the system keychain or your login keychain. > > It can’t be using the system keychain; that’s only for system-wide data, not > any user passwords/keys/certs.
I hope you're correct. In debugging my OS X server Xcode CI setup, I remember one of the blogs mentioning that the certs and profiles for Xcode server are stored in a different place than where a local copy of Xcode stores it. I can't recall if there also was mention about the keychain, but I *think* one mentioned that the certs needed to go into the system keychain as well. > >> If your certs are empty, that certainly indicates that part of the app >> signing will fail. >> The exact problem is that even if you have installed a cert, you will need >> to export your private key and create the .p12 file for that cert to be >> recognized as being part of your keychain (as I found out last night). > > I think what you mean is that the private key corresponding to the cert needs > to be in your keychain too, so that you can sign data with it. If you > requested the cert on that machine then the key will already be created there > as part of the request, but otherwise you have to export the key+cert as a > .p12 file from where it was created, and then import that file on the machine > where you want to use the cert. > Yes. That is what I was trying to say. > (Sorry, I’m a bit of a crypto geek…) > Dude. No problem. I've learned a ton from your work over the years and discussing this will only help me learn this better and help others as well. >> In any case, Ron Roche wrote an book that was my code signing bible before >> Xcode got more advanced and chapter 3 is pure gold for addressing these some >> of these problems. > > I have that book too, but everything’s changed around so much (at least at > the Xcode level) since then, that I’ve been figuring the book will cause me > more confusion. > Yeah, but here's my suspicion - the core way this operates is still the core way this operates. Please correct me if I'm wrong, but I've seen that a lot of this still holds true. Chapter 3 is my bible. > > Anyways, I appear to be dead in the water right now. Even if I remove the > certs from my keychain and request/generate new ones, they still don’t show > up in “My Certificates” and I get the same error from the codesign tool. > OK. Here's me crazy proposal… Create a dummy user on your box and try to start from scratch on that one. Starting from a known state might be better than where you are now. When in doubt start from a known case and a simple case. Fingers crossed for ya. > —Jens > _______________________________________________ Do not post admin requests to the list. They will be ignored. Xcode-users mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/xcode-users/archive%40mail-archive.com This email sent to [email protected]
