I've been distributing my Math Education app (Java-based) as a downloadable .dmg. My sw manufacturing process was working well on my Intel-iMac a year ago (signing, notarization, stapling).
I need to support Apple Silicon, so I replicated the SW manuf. stack on my M2 MacBook, including putting my Developer and Installer Certificates in the Keychain Access. I get through building the M2,M2,M4 .dmg installer file just fine.
But the Codesign is failing. It should be prompting me for my MacOS password (it does this in the Intel-Mac process), but fails this command:
codesign --sign "Pierre Bierre (SL7L4YU8GT)" --force --options runtime --verbose --timestamp ~/DFG2D_MacOS_Manufacturing/MacOSInstallers/DFG2D_Mac_J17010_295
The response was: error: The specified item could not be found in the keychain.
The signer reference is correct, and works fine on the Intel-Mac codesign process.
What could explain why the same script fails in the M2 environment? Does codesign normally prompt for the MacOS user password ? Why would that fail?
Finds all my certificates in the Keychain on the M2 rig
But what does find-identity show?
For the exact command, see Creating distribution-signed code for macOS. It, and Packaging Mac software for distribution, are key references here.
I suspect that you transferred the certificates but didn’t transfer the corresponding private keys, leaving you with a certificates but no digital identities. That’s by far the most common cause of problems like this.
Lost private keys are particularly bad when you’re using Developer ID signing. I talk about that a lot in The Care and Feeding of Developer ID.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"