Open MattSenter opened 3 years ago
I should also mention after a build without the cert attached, I can manually sign the package with the cert in question from the command line:
productsign --sign "MY CERT" unsigned.pkg signed.pkg
Is your certificate located in the Keychain of the user account you use to launch the build?
I have the same problem, and yes, the certificate is in my keychain. Interesting thing is that the manual call triggered asking for the certficate (with the password), but not Packages.
If, in Keychain Access.app, you select the private key of your Developer ID Installer certificate and, control-click it, choose Get Info and click the Access Control tab, what does it say?
I don't have tabs, just a list with a bunch of info, none relating to access control (I'm on Big Sur 11.6)
@mbrucher:
below you should see something that says "Developer ID Installer: Your Team Name (<Your team's identifier>)"
does that entry have a disclosure triangle on the left? clicking that should reveal the private key @packagesdev is referencing.
I only have it in Certificates, not in My Certificates.
I see the same issue with the latest Packages on macOS Monterey and an installer certificate (which is fully setup for all apps as above). I have to self sign after as @MattSenter said
If you can provide detailed instructions on how the certificate was added to the keychain, I can try to reproduce the issue on Monterey. I had no luck trying to reproduce the latest reported issues with certificates.
Hi, I am having the same exact issue running Packages 1.2.10 on Big Sur 11.6.1 The certificate was added to the keychain using "import items", it shows up in the "certificates" as well as "my certificates" tabs. It has a private key. I also added full disk permission to packages. So far nothing is working, any update on this issue?
I was having the same issue, getting the "Unable To Find Signing Certificate" error, and finally found a fix.
This is on macOS Monterey 12.5.1, having Packages sign my installer with a Developer ID Installer certificate. In Keychain Access, that cert (and my other Apple certs, downloaded from their developer portal, and imported to Keychain Access via drag and drop) was showing up in the "Certificates" tab, not the "My Certificates" tab.
So here's the fix: double-click on the Developer ID Installer certificate in Keychain Access. At the top of the window, click on the Trust header to expand that section. It'll look like this:
What you see in that screenshot was the defaults it came up with. For Code Signing and Time Stamping, I changed those to "Always Trust". After closing that window, I tried building the installer again with Packages, and this time it worked.
Weirdly, I went back later and switched those Trust settings back to their defaults, and Packages was still able to successfully build and sign the installer.
Tried that, not working on Ventura (13.5)
I had much the same problems, but once I moved my certificates into the "login" section (I had them in the "system" section), all started working.
on macOS 13.2, I need to set the keychain path(--keychain) to "/Library/Keychains/System.keychain" which my certificate located.
I have set a signing certificate for my distribution project. It locates it just fine and shows the seal:
However, when I run the build, it gives me an "Unable To Find Signing Certificate" error:
I saw a couple of issues were related to full disk access permissions on Big Sur, so I enabled that, and still no luck. Any ideas?