I think there's something broken with certificates or Xcode that's preventing me to sign a new version of a Mac app I've made.
First, I know my "login" keychain password. I can use this password to export a .p12 file for my "Apple Development: {email} (CLW499436V)" item in my login keychain.
Second, I can use security find-identity -v -p codesigning
to see my signing identities. It shows two of them. They have a different initial number, and then the same string "Apple Development: {email} (CLW499436V)".
The behavior using codesign -vf --sign SIGNING_ID ./test.app
is different for each one of them.
-
One requests the signature with the following message: I can input my "login" keychain password, which I know, and all is good
-
The other uses the following message: It requires "the keychain password", which I have no clue what it is.
Now, in Xcode, if I go to the Build Settings/Signing, I can set my "Coding Signing Identity". Opening the dropdown I can see a section named "Certificates in Keychain", and there's one "Apple Development: {email} (CLW499436V)". I don't know which one is that. Anyways, if I select that, going to "Signing & Capabilities" I see an error that tells me to select "Apple Developer" in the previous setting.
When I do that, however, it seems Xcode is trying to sign the app with the certificate that request a password I don't know.
I don't think I had this problem in the past, so I'm not sure how I've reached this situation. I also don't seem to be able to remove certificates and create new ones because I'm not subscribed (paying) to the Apple Developer program. Maybe there's a way to remove them that I have missed?
How can I go back to having Xcode automatically sign my app?