8 Replies
      Latest reply on Jul 1, 2019 7:23 AM by KMT
      Claude31 Level 8 Level 8 (6,555 points)

        I was updating a Mac OS App.

         

        As I had to change my appleID password, I was asked to recreate the signing information.

         

        I may not remember everything, but at some point I was required revoke signing certificate ; then I was asked to enter keychain.

        At the end I refused to access keychain.

         

        And now, I'm locked, unable to compile the app, getting the following error:

         

        error: Failed with exit code 1

         

        here is an extract of the log

         

        Probing signature of /Users/me/Library/Developer/Xcode/DerivedData/Test_For_XCode10_3_OSX-hgoylqhnqqltefdmpqegbnxnssog/Build/Products/Release/Test For XCode10_3 OSX.app/Contents/Frameworks/libswiftDarwin.dylib

        /usr/bin/codesign -r- --display /Users/claudericaud/Library/Developer/Xcode/DerivedData/Test_For_XCode10_3_OSX-hgoylqhnqqltefdmpqegbnxnssog/Build/Products/Release/Test For XCode10_3 OSX.app/Contents/Frameworks/libswiftDarwin.dylib

        Codesigning /Users/me/Library/Developer/Xcode/DerivedData/Test_For_XCode10_3_OSX-hgoylqhnqqltefdmpqegbnxnssog/Build/Products/Release/Test For XCode10_3 OSX.app/Contents/Frameworks/libswiftDarwin.dylib

        /usr/bin/codesign --force --sign 2502A0C5446D7D46C14F1972CF87507125827533 --verbose /Users/me/Library/Developer/Xcode/DerivedData/Test_For_XCode10_3_OSX-hgoylqhnqqltefdmpqegbnxnssog/Build/Products/Release/Test For XCode10_3 OSX.app/Contents/Frameworks/libswiftDarwin.dylib

        /Users/me/Library/Developer/Xcode/DerivedData/Test_For_XCode10_3_OSX-hgoylqhnqqltefdmpqegbnxnssog/Build/Products/Release/Test For XCode10_3 OSX.app/Contents/Frameworks/libswiftDarwin.dylib: replacing existing signature

        /Users/me/Library/Developer/Xcode/DerivedData/Test_For_XCode10_3_OSX-hgoylqhnqqltefdmpqegbnxnssog/Build/Products/Release/Test For XCode10_3 OSX.app/Contents/Frameworks/libswiftDarwin.dylib: errSecInternalComponent

         

        I have tried to create a new MacOS project, same issue.

         

        However, I can still compile IOS projects.

         

        So I suspect I have something to clear in my MacOS certificates, but would need advice to avoid creating more mess.

        What should I change ? How to restore access to the keychain if needed ?

         

        Thanks

        • Re: Failed to sign MacOS App
          Claude31 Level 8 Level 8 (6,555 points)

          It seems even worse.

           

          For some reason, probably by mistake, I revoked the certificate

          You have revoked your certificate, so it is no longer valid.

          Certificate: Mac Development

           

          I went to XCode preferences, trying to recreate the certificate, but then, when I click "+", I get:

          The user name or passphrase you entered is not correct.

           

          So, trying the solution proposed here:

          h ttps://github.com/desktop/desktop/issues/3625

          I tried to lock session keychain and unlock.

          I could lock, but impossible to unlock: get the spinning ball without any action.

           

          Really need help.

            • Re: Failed to sign MacOS App
              KMT Level 9 Level 9 (14,815 points)

              Have you looked at the keychain via Keychain Access?

               

              Might want to houseclean...delete expired/revoked certs, check which ones related to mac dev/dist are current, if any.

               

              See if there is any mismatch via Account/Member Center, C,I&P.

               

              Be sure to backup before making any further changes. Do you have a backup of the keychain you can restore?

               

              I think, tho, this is now about iCloud and/or 2Fa.

               

              I assume you are only working with one dev account and one user, you.

               

              Once/if you get certs and keychain in order, I'd restart the computer and then run Xcode. Confirm your dev account in prefs, make a new mac app to test, confirm the mac is authorized as a test device in Organizer/Devices. Don't be in a hurry - the backend signing servers always need time to do their thing and communicate to Xcode.

               

              Still no joy, use a sterile macOS user account and try there - if it works for mac apps ok, compare it's keychain to the original user's keychain contents.

               

              Good luck.

                • Re: Failed to sign MacOS App
                  Claude31 Level 8 Level 8 (6,555 points)

                  Thanks so much KMT for the help.

                   

                  First, a basic question: how to back up the whole keychain ?

                   

                  I am presently backing up the whole drive, in case. As I had some trouble after restart to login on the Mac !

                   

                  Have you looked at the keychain via Keychain Access?

                   

                  Yes, In session keychain, I see

                  - a MacDeveloper cert, labelled as session keychain, expring in 1 year June 29 2020 ;

                  - when I unfold the item, I see private key reference.

                  - A second cert named member labelled as non trusted (maybe because a few hours ago I refused access to keychain ?) expiring June 28, 2020

                   

                  In keyChain app, I did lock the Session (causing me trouble later, impossible to unlock). But,

                  Since then, I have restarted the Mac, and session keychain is unlocked again (ouf!)

                  So, I will try (after backup) to create certs again…

                   

                  Might want to houseclean...delete expired/revoked certs, check which ones related to mac dev/dist are current, if any.

                  Should I do it in keychain access ? Or in XCode ?

                   

                  See if there is any mismatch via Account/Member Center, C,I&P.

                  I'll do those next steps once backup is complete (a few hours !) and report what I get.

                   

                  I assume you are only working with one dev account and one user, you.

                  Yes.

                    • Re: Failed to sign MacOS App
                      KMT Level 9 Level 9 (14,815 points)

                           > how to back up the keychain ?

                       

                      I just rely on a Time Machine backup that includes all user accounts.

                       

                           > does that men that it should be unliocke now ?

                       

                      Observe it's icon in Keychain Access.

                       

                           >Should I do it in keychain access ? Or in XCode ?

                       

                      I'm refering to Keychain Access at this step. I'd not get too creative in Xcode right now. Since you revoked the macOS dev/dist cert, I'd expect the keychain to show it as invalid now.

                       

                      I'd want the Keychain and the backend to both be happy and in agreement first, then go after Xcode's prefs/accounts, if needed.

                        • Re: Failed to sign MacOS App
                          Claude31 Level 8 Level 8 (6,555 points)

                          Thanks again.

                           

                          I do not use time machine. So, I need to backup keychain manually…

                          I am copying the Library in user folder (600 000 thousand files…), where there is a keychains folder. Hope that's OK.

                            • Re: Failed to sign MacOS App
                              KMT Level 9 Level 9 (14,815 points)

                              If you're doing this manually...

                               

                              1. Save the keychain folder (/Users/[UserName]/Library/Keychains) on an external drive or in the cloud, etc.
                              2. If you need to use it, replace existing "/Users/[UserName]/Library/Keychains" with the data you saved in the step 1

                               

                              Waiting for 600k items seems a bit much just to deal w/your current issue , but having a full backup of /Users/[UserName]/Library can't hurt, I guess.

                                • Re: Failed to sign MacOS App
                                  Claude31 Level 8 Level 8 (6,555 points)

                                  Seems I got out of it.

                                   

                                  In fact, probably what fooled me is that XCode asked several times: please enter the password of your keychain. I got this dialog 4 times, answered "always authorize", but kept getting a new dialog, and finally it was OK.

                                   

                                  Your friendly help was really comforting.