codesign command fails with errSecInternalComponent

Code Signing Certificates, Identifiers & Profiles
Peter_Si OP
Created Aug ’24
Replies 4
Boosts 0
Views 396
Participants 2

I’m facing the dreaded codesign command fails with 'errSecInternalComponent' and looking for some guidance.

I have removed the “Apple World Wide Developer Relations Authority” certificate that expired in 2023 from both the Login and System Keychain and have downloaded the latest intermediate certificates I found. I have verified all the Trust Settings are configured to “Use System Default”.

I did the basic codesign check suggested in an earlier post [https://forums.developer.apple.com/forums/thread/712005]:

% security find-identity -p codesigning

Policy: Code Signing Matching identities

  1. 675CE18312BFBE2735918BA897908D20DB0A774D "Apple Development: Peter Sichel (537G2NTM55)" 1 identities found

Valid identities only

  1. 675CE18312BFBE2735918BA897908D20DB0A774D "Apple Development: Peter Sichel (537G2NTM55)" 1 valid identities found

% cp "/usr/bin/true" "MyTrue"

% codesign -s "Apple Development" -f "MyTrue"

MyTrue: replacing existing signature MyTrue: errSecInternalComponent

——

It seems I’m still missing something. What else can I check to debug the problem?

Answered by Peter_Si in 800795022

After learning much about code signing and reviewing the problems and solutions in the Apple Dev forums I determined the "Apple Development" signing identity Xcode generated automatically failed to properly install in my Login Keychain so I manually generated a new one which is working.

Replies  4
Boosts  0
Views  396
Participants  2
CameronP OP
Aug ’24

Always call codesign with the SHA-1 hash of the valid certificate

# List valid code signing certs
security find-identity -v -p codesigning
# Sign with a specific certificate
codesign -s <sha-1> -f binary
0
CameronP OP
Aug ’24

The other thing to check is to make sure the keychain that certificate in is unlocked.

# Get the path to the keychain
security list-keychains
# Unlock the keychain
security unlock-keychain -p <password> /path/to/keychain
0
Peter_Si OP
Aug ’24

Thanks for the quick response. The underlying problem is getting Xcode to build my app successfully. This was working until I unwittingly damaged my Login Keychain and had to rebuild it. The basic test above isolates the problem to code signing in general as opposed to some setting in Xcode. What changed is I had to reset my Login Keychain so some piece of information may have been lost but neither codesign nor "automatically manage signing" in Xcode provide any clue in this case.

0
Peter_Si OP
Aug ’24
Accepted Answer

After learning much about code signing and reviewing the problems and solutions in the Apple Dev forums I determined the "Apple Development" signing identity Xcode generated automatically failed to properly install in my Login Keychain so I manually generated a new one which is working.

0
codesign command fails with errSecInternalComponent
First post date Last post date
 
 
Q