Developer ID code sign Error

Code Signing General
Sandhya OP
Created Aug ’17
Replies 4
Boosts 0
Views 1.7k
Participants 2

Hi,

We are unable to codesign our Mac app using Developer Id Application certificate. This was workig fine till last week.

If we set timestamp option to none everyting works fine. As we are distributing this app to public, can not use timestamp=none option.

This error occurs only if app bundle has any framework or dylib. As we use swift in our application, swift dylibs will be emebeded with in the app.

I am using Xcode 8.3.3 and Mac OS 10.12.4. I have also attached error logs here.

Can anyone help me resolve this?




Test-MBP$ codesign -s "SIGNING_IDENTITY” —deep  test123.app --force -o library

test123.app: replacing existing signature

test123.app: signature too large to embed (size limitation of on-disk representation)

In subcomponent: test123.app/Contents/Frameworks/libswiftCore.dylib
Answered by DTS Engineer in 256620022

This isn’t really my field but your problem looks similar to one that’s been reported to DTS a few times. According to the colleague I talked to (DTS’s expert on code signing issues) there’s been recent changes to how Apple’s timestamp server works and that seems to be triggering the issue. The folks responsible know about this problem but, for the moment, you might be able to work around it by adding 

--signature-size=12000
to your 
codesign
command.

Please try this out and let us know how you get along.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Replies  4
Boosts  0
Views  1.7k
Participants  2
DTS Engineer OP
Apple
Aug ’17

This is 

errSecCSCMSTooLarge
. I don’t know a lot about this error but there seems to be two likely causes, based on the code signature’s destination:

  • If the code signature is going into an extended attribute, you get this failure if the extended attribute is too large. See this code in Darwin.

  • If the code signature is going into a Mach-O file, then something has gone wrong with the 

    codesign_allocate
    mechanism. See this code in Darwin.

Given that you’re signing a Mach-O it seems likely that you’re hitting the second case. Alas, I don’t have enough experience with this to offer any further advice. If you get completely stuck then I recommend you open a DTS tech support incident so you can discuss this with DTS’s code signing expert.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Sandhya OP
Aug ’17

Thank you, However, my surprise is everything was working fine until last week and suddenly we are started getting this error. We also created new Developer Certificate but no luck. Our Mac app store certificate signing is working fine.

0
DTS Engineer OP
Apple
Aug ’17
Accepted Answer

This isn’t really my field but your problem looks similar to one that’s been reported to DTS a few times. According to the colleague I talked to (DTS’s expert on code signing issues) there’s been recent changes to how Apple’s timestamp server works and that seems to be triggering the issue. The folks responsible know about this problem but, for the moment, you might be able to work around it by adding 

--signature-size=12000
to your 
codesign
command.

Please try this out and let us know how you get along.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
Sandhya OP
Aug ’17

Thanks a lot. This option worked for us.

0
Developer ID code sign Error
First post date Last post date
 
 
Q