Issues with Private Key in Keychain Access

Question

Created Mar ’22

Replies 3

Boosts 0

Views 2.3k

Participants 2

I am attempting to build a package for distribution via MDM for our MacOS environment. The aforementioned package is of a third-party application that is not available in the app store, and was not signed by the original developer. I have gone through all of the steps of requesting a certificate from my Mac and Installing the Developer ID Installer certificate to my keychain, but when i run the productbuild command in Terminal referencing the correct certificate, it returns the following error: productbuild: error: Cannot write product to (removed filepath). (Could not find appropriate signing identity for “Developer ID Installer: (removed certificate identifier) ”.) I have removed all pertinent keys and certificates and started fresh with the process again multiple times as well as attempted the process from another device. Does anyone have ideas as to what could be going wrong or if there is a better way I should do this?

Boost

Answer 1

DTS Engineer OP

Apple

Mar ’22

Are you running this command from within Terminal? Or, say, over SSH?

What does the following print?

% security find-identity

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

Deuce OP

Mar ’22

@eskimo, sorry about that. I've added a screenshot this go around. Hope this is easier to view. I'm not sure if any of the identifiers will need to be fully available, but left snips of the end to show that some share the same keys. Screen Shot 2022-03-24 at 4.54.12 PM.png

0

Answer 3

DTS Engineer OP

Apple

Mar ’22

In future, the best way to include a Terminal transcript is:

Put it in a reply, not in the comments. Comments are intended for short notes, and Terminal transcripts aren’t that (-:
Put it in a code block, using the Code Block button (which adds triple backquote delimiters).

Having said that, I was able to get the info I needed from your screen shot so… yay!

Looking at your identity list I see two things:

You have multiple Developer ID Installer identities. This is problematic, because Developer ID identities are precious. See my posts on this thread for more.
Having said that, the identities do show up in the Valid identities only list, which is a good sign.

As to what’s causing your specific problem, it could be that the duplicates are confusing productbuild. Pick an identity from the Valid identities only list, find the SHA-1 hash next to it, and pass that to productbuild. For example, given this:

% security find-identity
…
  Valid identities only
…
  9) C32E0E68CE92936D5532E21BAAD8CFF4A6D9BAA1 "Developer ID Installer: Quinn Quinn (SKMME9E2Y8)"
…

Rather than doing this:

% productbuild --sign "Developer ID Installer: Quinn Quinn (SKMME9E2Y8)" …

Do this instead:

% productbuild --sign C32E0E68CE92936D5532E21BAAD8CFF4A6D9BAA1 …

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1