Re: Code-signing error "The specified keychain is not a valid keychain file"
Re: Code-signing error "The specified keychain is not a valid keychain file"
- Subject: Re: Code-signing error "The specified keychain is not a valid keychain file"
- From: Alex Zavatone <email@hidden>
- Date: Mon, 01 Feb 2016 13:25:01 -0500
On Feb 1, 2016, at 12:46 PM, Jens Alfke wrote:
>
>> On Jan 27, 2016, at 4:10 PM, Alex Zavatone <email@hidden> wrote:
>>
>> I’m wondering if it’s using the system keychain or your login keychain.
>
> It can’t be using the system keychain; that’s only for system-wide data, not any user passwords/keys/certs.
I hope you're correct. In debugging my OS X server Xcode CI setup, I remember one of the blogs mentioning that the certs and profiles for Xcode server are stored in a different place than where a local copy of Xcode stores it. I can't recall if there also was mention about the keychain, but I *think* one mentioned that the certs needed to go into the system keychain as well.
>
>> If your certs are empty, that certainly indicates that part of the app signing will fail.
>> The exact problem is that even if you have installed a cert, you will need to export your private key and create the .p12 file for that cert to be recognized as being part of your keychain (as I found out last night).
>
> I think what you mean is that the private key corresponding to the cert needs to be in your keychain too, so that you can sign data with it. If you requested the cert on that machine then the key will already be created there as part of the request, but otherwise you have to export the key+cert as a .p12 file from where it was created, and then import that file on the machine where you want to use the cert.
>
Yes. That is what I was trying to say.
> (Sorry, I’m a bit of a crypto geek…)
>
Dude. No problem. I've learned a ton from your work over the years and discussing this will only help me learn this better and help others as well.
>> In any case, Ron Roche wrote an book that was my code signing bible before Xcode got more advanced and chapter 3 is pure gold for addressing these some of these problems.
>
> I have that book too, but everything’s changed around so much (at least at the Xcode level) since then, that I’ve been figuring the book will cause me more confusion.
>
Yeah, but here's my suspicion - the core way this operates is still the core way this operates. Please correct me if I'm wrong, but I've seen that a lot of this still holds true. Chapter 3 is my bible.
>
> Anyways, I appear to be dead in the water right now. Even if I remove the certs from my keychain and request/generate new ones, they still don’t show up in “My Certificates” and I get the same error from the codesign tool.
>
OK. Here's me crazy proposal…
Create a dummy user on your box and try to start from scratch on that one. Starting from a known state might be better than where you are now.
When in doubt start from a known case and a simple case.
Fingers crossed for ya.
> —Jens
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden