codesign: "A timestamp was expected but was not found"

Hello,


My CI builds are failing regularly since July 1st with this codesign error: "A timestamp was expected but was not found.".


The Mac app has a few frameworks which are properly signed, and sometimes it gets through the signing process but fails at a seemingly random code signing command with this error.


I have checked and the signing certificate (Developer ID) expires in 2017. I also made sure that the CI servers had their time set automatically using the time.apple.com servers to prevent clock drift.


Short of disabling timestamps with --timestamp none in the codesign command, is there anything I can do? Am I tied to Apple's timestamp servers' whims?


Thanks for any insight,

Philippe

Up vote post of philippec-ls Down vote post of philippec-ls
9.2k views
Posted by
philippec-ls
Reply
Add a Comment

Accepted Reply

[Updating for posterity]


We finally got this resolved internally. Turns out that some firewall rules were implemented without our knowledge a few days prior, and those rules started to drop only some of the replies from Apple's code-signing servers, leading to the abovementioned failures.


The intermittent nature of the failures made us not believe it was a networking issue, but in fact it was.


So in our case, we had to audit our corporate firewall and make sure that our own networking was OK. If you get these spurious errors, I suggest you do the same.

Posted by
philippec-ls
Up vote reply of philippec-ls Down vote reply of philippec-ls
Post marked as solved
Add a Comment

Replies

[Updating for posterity]


We finally got this resolved internally. Turns out that some firewall rules were implemented without our knowledge a few days prior, and those rules started to drop only some of the replies from Apple's code-signing servers, leading to the abovementioned failures.


The intermittent nature of the failures made us not believe it was a networking issue, but in fact it was.


So in our case, we had to audit our corporate firewall and make sure that our own networking was OK. If you get these spurious errors, I suggest you do the same.

Posted by
philippec-ls
Up vote reply of philippec-ls Down vote reply of philippec-ls
Post marked as solved
Add a Comment

Hello;

if you are completely blocked from internet via firewall , what address and port and/or application must be opened to allow successfull signing a package please?

Posted by
Baudewijn Vermeire
Up vote reply of Baudewijn Vermeire Down vote reply of Baudewijn Vermeire
Add a Comment

Nobody?

Posted by
Baudewijn Vermeire
Up vote reply of Baudewijn Vermeire Down vote reply of Baudewijn Vermeire
Add a Comment

We've recently started seeing this problem.


It's happening on 3 CI machines which share a single location - machines in a different location don't suffer the same problem, which does suggest that it's a networking / firewall issue.


Can you give any clues as to what you had to do to your firewall / what the networking issue was? We aren't directly in control of the firewall for the affected machines, so it would be good to know what changes to ask for...

Posted by
elegantchaos
Up vote reply of elegantchaos Down vote reply of elegantchaos
Add a Comment

I too got this problem today and I haven't made any changes to my network configuration that I'm aware of.

Posted by
Aderstedt
Up vote reply of Aderstedt Down vote reply of Aderstedt
Add a Comment

We experience such problems from time to time. In Apr 24/25 there were too many errors, through.

Posted by
yoprst
Up vote reply of yoprst Down vote reply of yoprst
Add a Comment

Moving to a completely different network did the trick for me (switching from my regular network connection to tethering off my iPad).

Posted by
Aderstedt
Up vote reply of Aderstedt Down vote reply of Aderstedt
Add a Comment