It looks like doing this has made some changes in my normal user. Here's what I see now running security find-identity -v -p codesigning:
$ security find-identity -v -p codesigning
1) {SOME_NUMBER} "Apple Development: dangonrei@gmail.com (CLW499436V)"
1 valid identities found
I used to have two here with a different SOME_NUMBER value and the exact same text.
Now my keychain looks like this:
And here's my certificates within Xcode:
So now, in Build Settings/Signing/Code Signing Identity, I can select Apple Development, and in Signing & Capabilities now I see the following:
When I archive the app, it now requests the password for the "login" keychain, and it looks like all the signing process is taken care of by Xcode successfully.
So, I think it's fixed?
The only two things now, which are more a housekeeping issue than an actual problem, would be to remove the certificate with the missing private key, and all the keychains in System named "Apple development:...". I have no clue how to remove the certificate, and the keychain has the "Delete Keychain ..." option greyed out, so I'm not sure how to do that either. How can I do it?
Post
Replies
Boosts
Views
Activity
Here's what I get from running security list-keychains in the new account:
$ security list-keychains
"/Users/test/Library/Keychains/login.keychain-db"
"/Library/Keychains/System.keychain"
And these are the certificates I can see on Xcode after signing in to my developer account:
I've tested the option of sandboxing the app and signing it. I enabled app sandbox via Target -> Build Settings/Signing/Enable App Sandbox = Yes
Using this approach I've found the database used is the existing one from the unsigned previous version. This is true for the new version, both signed and unsigned.
The log.txt file however, is still created at ~/Documents for the new version signed, and ~/Library/Containers/com.dgrcode.{appName}/Data/Documents for the new version unsigned.
I'm guessing fixing that should be fairly easy, but I want to make sure this approach makes sense. Thoughts?
Alright so I think my settings in Xcode would make the app not sandboxed, but because they were unsigned they are sandboxed by force. Does that make sense?
That would explain why after signing the app it's no longer sandboxed.
Why are you signing them manually?
I am signing manually with codesign -v --sign because somehow my Xcode is messing with my certificates (trying to solve it here).
To be clear, once you do that there’s no hassle free forward path for your users
What if I sandbox and sign my app? Would that continue using the same container but now with a signed app? That way my users can have both a signed app without security warnings and not lose their data
Here's what I get from running that command:
"/private/var/folders/rx/l1xnfmcd2452_3vtnr30pb7m0000gn/T/Apple Development: Daniel González Reina (Daniel González Reina)~~~vOqA6L/Apple Development: Daniel González Reina (Daniel González Reina).keychain"
"/private/var/folders/rx/l1xnfmcd2452_3vtnr30pb7m0000gn/T/Apple Development: Daniel González Reina (Daniel González Reina)~~~eop6Yd/Apple Development: Daniel González Reina (Daniel González Reina).keychain"
"/private/var/folders/rx/l1xnfmcd2452_3vtnr30pb7m0000gn/T/Apple Development: Daniel González Reina (Daniel González Reina)~~~xXdUwg/Apple Development: Daniel González Reina (Daniel González Reina).keychain"
"/private/var/folders/rx/l1xnfmcd2452_3vtnr30pb7m0000gn/T/Apple Development: Daniel González Reina (Daniel González Reina)~~~PGpNVn/Apple Development: Daniel González Reina (Daniel González Reina).keychain"
"/Users/daniel/Library/Keychains/login.keychain-db"
"/Library/Keychains/System.keychain"
And here's what I see in the Keychain Access app.
It looks like a few more have been created since I posted my question yesterday. I think they might get created when I go to Xcode preferences/Accounts/Manage Certificates... and I click on create a new one. I did that a few times yesterday trying to understand what was going on, but I got an error every time. Here's what I see under "Manage Certificates..."
How can I go back to a normal state?