Couldn't extract Team ID from signing identity XXXX

beeware / briefcase

Tools to support converting a Python project into a standalone native application.

https://briefcase.readthedocs.io/

BSD 3-Clause "New" or "Revised" License

2.66k stars 372 forks source link

Couldn't extract Team ID from signing identity XXXX #1914

Closed jjasghar closed 3 months ago

jjasghar commented 3 months ago

Describe the bug

I have just installed my Apple Certificate. I attempt to sign it, and then it breaks with

Couldn't extract Team ID from signing identity 'companyemail@company.com'

I'm not signing it with that, i'm using my personal one, and not sure why it's trying to extract a Team ID when i didn't put a Team ID anywhere.

Is it because i have two certs in login? Is there a way i can ignore the Team ID completely?

Steps to reproduce

briefcase package macOS

Expected behavior

Signing my Package.

Screenshots

No response

Environment

Operating System: MacOS
Python version: 3.11

Logs

No response

Additional context

No response

jjasghar commented 3 months ago

Looks like it should work:

-> return re.match(r".*\(([\dA-Z]*)\)", name)[1]
(Pdb) name
'Developer ID Application: Jonathan Asghar (94J7XXX977)'
(Pdb) name[1]
'e'
(Pdb) re.match(r".*\(([\dA-Z]*)\)", name)
<re.Match object; span=(0, 54), match='Developer ID Application: Jonathan Asghar (94J7FV>
(Pdb) re.match(r".*\(([\dA-Z]*)\)", name)[1]
'94J7XXX977'
(Pdb)

jjasghar commented 3 months ago

Ah, it seems it's the other vpn certificate that is causing problems.

-> for key, name in self.get_identities(self.tools).items()
(Pdb) name
'Developer ID Application: Jonathan Asghar (94J7XXX977)'
(Pdb) n
> /Users/jjasghar/src/github.com/instructlab/packaging/venv-beeware/lib/python3.11/site-packages/briefcase/platforms/macOS/__init__.py(464)<dictcomp>()
-> if SigningIdentity.team_id_from_name(name) == app_identity.team_id
(Pdb) name
'jja@ibm.com'
(Pdb) n
> /Users/jjasghar/src/github.com/instructlab/packaging/venv-beeware/lib/python3.11/site-packages/briefcase/platforms/macOS/__init__.py(52)team_id_from_name()
-> return re.match(r".*\(([\dA-Z]*)\)", name)[1]
(Pdb) name
'jja@ibm.com'
(Pdb) re.match(r".*\(([\dA-Z]*)\)", name)[1]
*** TypeError: 'NoneType' object is not subscriptable
(Pdb) name
'jja@ibm.com'

freakboy3742 commented 3 months ago

Are you able to provide the full definition that is failing the regex? Or, if you're sensitive about personal information being in a test case, a custom test case for tests/platforms/macOS/test_SigningIdentity.py::test_identity that fails parsing?

freakboy3742 commented 3 months ago

Alternatively: the raw output of security find-identity -v -p codesigning would be helpful.

jjasghar commented 3 months ago

Turns out i had to go through xcode and add two certificates to get the .pkg file created. The documentation says to get it from the website and inject it into the key access, it seems that doesn't work any more.

xcode seems to be the only path forward after you sign up with the apple developer account, then add your account to xcode, create the certs then briefcase seems fine with signing and going to the apple notery service.

It was an adventure to say the least to get up and running. :oof:

freakboy3742 commented 3 months ago

I can't speak to your experience, but I added my distribution certificate less than 2 months ago, and I'm fairly certain I did so by adding it to Keychain. I can't speak to what Xcode might have been coordinating in the background, though.