Impossible to notarize my .pkg ? Product sign: error: Could not find appropriate signing identity for "Developer ID Installer: **** (******)"

Code Signing Certificates, Identifiers & Profiles
Medialog33 OP
Created May ’21
Replies 9
Boosts 0
Views 1.9k
Participants 2
Hello,

I have a problem to notarize my .pkg.

Indeed, I have a certified certificat in .pfx format and I have a Apple Developer Program account.

1 - in the key chain, I request a certificate from a certificate authority in Keychain to have a .csr

2 - I install the .csr to have a .cert than I put in keychain to have a valide certificate

3 - I execute this command :

  • productsign --sign "Developer ID Installer: Name_of_developer_ID (Number_of_DeveloperID)" name_uncertfied.pkg name_certified.pkg

Finaly, I get that answer : Product sign: error: Could not find appropriate signing identity for "Developer ID Installer: ** (****)" then that there are a valide certificate with wrote " Developer ID installer : Name_of_developper_ID (Number_of_DeveloperID).
Moreover, when I execute this command :

  • security -v find-identity -p codesigning

My certificate don't appears in matching identities then he is in my Keychain et I don't know why ...

My Question is, How I can notarize my .pkg ?


Answered by Medialog33 in 675386022
Yes, with your command I find my certificate in "valid identities" but I can't, already, signed my package (the .pkg's file) with this certificate.

How I can do this ? I used this command : productsign --sign "Developer ID Installer: Name_of_developer_ID (Number_of_DeveloperID)" name_uncertfied.pkg name_certified.pkg

and I have this answer : Product sign: error: Could not find appropriate signing identity for "Developer ID Installer: (**)" 

Thanks for your help.
Replies  9
Boosts  0
Views  1.9k
Participants  2
DTS Engineer OP
Apple
May ’21

Moreover, when I execute this command :

security -v find-identity -p codesigning

My certificate don't appears in matching identities then he is in my
Keychain et I don't know why

That makes sense. You’ve told find-identity to filter on code signing identities and a Developer ID Installer signing identity is not used to sign code, it’s used to sign installer packages. If you run this:

Code Block  
% security find-identity


what do you see?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
1
Medialog33 OP
May ’21
Accepted Answer
Yes, with your command I find my certificate in "valid identities" but I can't, already, signed my package (the .pkg's file) with this certificate.

How I can do this ? I used this command : productsign --sign "Developer ID Installer: Name_of_developer_ID (Number_of_DeveloperID)" name_uncertfied.pkg name_certified.pkg

and I have this answer : Product sign: error: Could not find appropriate signing identity for "Developer ID Installer: (**)" 

Thanks for your help.
1
DTS Engineer OP
Apple
May ’21
Are you running productsign in the same Terminal window as you ran security find-identity?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
Medialog33 OP
May ’21
Yes I run productsign in the same Terminal Window as I run security find-identity but nothing change...



0
Medialog33 OP
May ’21
Now I use pkgbuild to create my own pkg with a command line but I have, again, the same error
0
DTS Engineer OP
Apple
May ’21

Yes I run productsign in the same Terminal Window as I run security find-identity

OK. Try this:

  1. Run security find-identity -v and find the identity you want.

  2. Note down its hash (the hex string in the second column).

  3. Pass that hash to the --sign parameter of productsign.

What do you see?

IMPORTANT In step 1 I’m filtering for valid identities. If your desired identity isn’t in this list, that suggests that it’s somehow invalid.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
Medialog33 OP
May ’21
I have again the same error, I used the long hex string before "Developer ID ...." when I execute your command
0
Medialog33 OP
May ’21
I have a new message, indeed, I copy/paste the Command Security find ID (Developer ID's) on my productsign command et Now I have this message : An application signing identity (not an installer signing identity) is required for signing bundle-style products.

Do you have solution for this ?
0
DTS Engineer OP
Apple
May ’21
OK, let’s start with some basics. When you run this command in Terminal, what does it print?

Code Block  
% security find-identity


Please put the text in a code block (using the <> button) to make it easier to read.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
Impossible to notarize my .pkg ? Product sign: error: Could not find appropriate signing identity for "Developer ID Installer: **** (******)"
First post date Last post date
 
 
Q