To: "Rob Martino" <robmaillist@wavearts.com> Cc: <Installer-dev@lists.apple.com> Sent: Wednesday, September 05, 2012 2:02 PM Subject: Re: Running productsign as _www user? Yes, this is indeed probably the problem. HTH Alex Am 05.09.2012 um 16:01 schrieb Rob Martino <robmaillist@wavearts.com>: Error signing data. productsign: error: Failed to sign the product. Thanks, Rob _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/below%40mac.com This email sent to below@mac.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/danchik%40rebelbase.co... This email sent to danchik@rebelbase.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com We've had a similar issue, and as a temporary solution, we run a signing agent program on the preauthenticated account to listen for sign requests from other accounts. Problem with that is that every few days it tries to reauthenticate by prompting with password again and forcing a human to log into the signer's account to provide the authentication. So we are eagerly awaiting for proper solution (like password on a command line to programsign for example). ----- Original Message ----- From: "Alexander von Below" <below@mac.com> If you have screen access to the machine, you should still see the dialog that asks you to unlock the keychain. If you don't, my idea would be to either unlock the keychain for everyone, or run the tool under a different user. Perhaps this is outside the scope of this mailing list but maybe someone can point me in the right direction - we are setting up a server to assemble and sign installers with php scripts, and one thing our web developer ran into was running productsign as user _www: 2012-09-01 15:02:15.264 productsign[84774:1307] CMS signature encoding failed: A timestamp was expected but was not found. (-67882) It works fine as a normal user, and the appropriate developer certificate keys are in the System keychain. Is there something specific we can do to allow _www access to the certificates (if that is indeed the problem)?