rubymotion-community / motion-provisioning

Simplified provisioning for RubyMotion iOS, tvOS and macOS apps.
Other
46 stars 20 forks source link

Revoking certificates on macOS fails #15

Open tsugua opened 7 years ago

tsugua commented 7 years ago

When trying to add developer ID to a Mac app. I have the developer certificates in my Keychain but RM doesn't seem to be finding them. The error says the certificate can only be revoked by developer support.

 Error None of the available certificates (1) is installed on the local machine. Revoking...
rake aborted!
Spaceship::Client::UnexpectedResponse: {"responseId"=>"f040e3d3-2cb2-4a54-9e1d-c28bb6c16c69", "resultCode"=>7475, "resultString"=>"This certificate can only be revoked by Apple Developer Program Support.
https://developer.apple.com/support", "userString"=>"This certificate can only be revoked by Apple Developer Program Support.
https://developer.apple.com/support", "creationTimestamp"=>"2017-01-03T22:44:48Z", "protocolVersion"=>"QH65B2", "userLocale"=>"en_US", "requestUrl"=>"https://developer.apple.com/services-account/QH65B2/account/mac/certificate/revokeCertificate.action", "httpCode"=>200}
MarkVillacampa commented 7 years ago

I assume your certificate is of type :developer_id. Those certificates can indeed only be revoked by Apple, cannot be manually revoked.

Maybe we should add special handling for that type, and don't revoke the old certificate. Instead remind the user to install the certificate and private key from the other computer, or offer to create a new one.

You say the certificate is in the keychain, but is the private key in the keychain too?

tsugua commented 7 years ago

Yes it is a :developer_id certificate. The private key also seems to be in the keychain. I think the error message might be useful. Just direct the user to the Apple Portal.

Image of certificate in keychain: https://db.tt/i42tQuai28

MarkVillacampa commented 7 years ago

Interesting. Can you try manually downloading the certificate from the Provisioning Portal, installing it in the keychain, and making sure it's not a different certificate?

If everything seems fine I will prepare a script for you to run on your machine to better diagnose what's going on.

tsugua commented 7 years ago

It definitely is the same certificate. I deleted and re-installed it and it has the same info.