search

qzind / tray

Browser plugin for sending documents and raw commands to a printer or attached device.
https://qz.io
Other
824 stars 266 forks source link

BUILD FAILED Ambiguous matches Developer ID Application #1187

Closed tresf closed 8 months ago

tresf commented 9 months ago

Once #1186 is merged (indirectly caused by #468) the following will occur when rolling back to an older commit...

  [echo] Signing /Users/owner/tray/out/build/scripts/payload/QZ Tray.app using P5DMU6659X
  [exec] find: ./Contents/MacOS/QZ Tray: illegal path
- [exec] P5DMU6659X: ambiguous (matches "Developer ID Application: QZ INDUSTRIES LLC (P5DMU6659X)" and "Developer ID Application: QZ INDUSTRIES LLC (P5DMU6659X)" in /Users/owner/Library/Keychains/login.keychain-db)

This is because Apple does not allow two certs with the same developer ID. The reason this behavior changed is because although pkgbuild was fine with duplicates, the codesign tool is NOT ok with this and since we started bundling Java, we now utilize the codesign tool in addition to pkgbuild.

The workaround for this is to edit the following section of build.xml:

    <target name="add-certificates" depends="get-identity">
-        <exec executable="security">
+        <exec executable="echo">
            <arg value="add-certificates"/>
            <arg value="${basedir}/ant/apple/certs/apple-packager.cer"/>
            <arg value="${basedir}/ant/apple/certs/apple-intermediate.cer"/>
            <arg value="${basedir}/ant/apple/certs/apple-codesign.cer"/>
        </exec>
    </target>

... and then delete the old certificate from the cert store:

security delete-certificate -Z "6FD7892971854384AF40FAD1E0E6C56A992BC5EE"
tresf commented 8 months ago

Partially addressed via c795b28. For old builds, we'll use the above documented workaround.