Authority unavailable when signing in github action
Closed this issue · 2 comments
My signed app has Authority=(unavailable) and can' be openend.
I run the rcodesign command in a Github action, but it works local and in ubuntu container.
The logs look ok, got any advice for me?
command
rcodesign sign --certificate-der-file "developerID_application.cer" --pem-file "privatekey.pem" --code-signature-flags
log
runtime ./build/mac/$EXPORT_NAME.app
runtime ./build/mac/Application.app
reading PEM data from privatekey.pem
reading DER file developerID_application.cer
registering signing key
automatically registered Apple CA certificate: Developer ID Certification Authority
automatically registered Apple CA certificate: Apple Root CA
using time-stamp protocol server http://timestamp.apple.com/ts01
automatically setting team ID from signing certificate: ....
adding code signature flag CodeSignatureFlags(RUNTIME) to main signing target
signing ./build/mac/Application.app in place
signing bundle at ./build/mac/Application.app
signing bundle at ./build/mac/Application.app into ./build/mac/Application.app
signing main executable Contents/MacOS/List
creating cryptographic signature with certificate Developer ID Application: .....
I'm guessing Authority=(unavailable) comes from codesign's output and that seemingly implies the signing certificate's issuing certificate isn't recognized found/recognized by Apple tooling.
Yet the logs you pasted indicate we're automatically adding the Developer ID Certificate Authority and Apple Root CA certificates to the signature. So I'm not sure what's going on.
I recommend signing the application using Apple's tooling and then using rcodesign diff-signatures to compare Apple's signature to this tool's. If you paste that output here or send me an email with the (private) output, I can take a look. https://gregoryszorc.com/docs/apple-codesign/stable/apple_codesign_debugging.html has more instructions.
I recreated my setup and now it works. Can't say what it was.