Greg, you’ve been extremely helpful in your responses and I really appreciate it. Not sure how to resolve this. I re-added my certificates to my keychain and when I add the account ID to xojo to sign the app, I get the following screen. I’m quite sure this is an internal problem with keychain and I’d like to delete the whole thing and re-create it, but I’m not sure that would even fix it. Any ideas?
I did add both the name and ID to the sign field in xojo.
Could you show us a screenshot of what’s in the DeveloperID field of the Sign Step in your Xojo Project? That dialog makes it seem that what you’ve put in there is simply:
PRO-WARE, LLC
where what you really need is the full string:
Developer ID Application: PRO-WARE, LLC (##########)
The error you are seeing is very similar to what I get when I just enter my name instead of the whole string:
Well something has changed, but as I said before, everything in your bundle needs to be signed with the same certificate(yours) or you’ll keep getting errors.
Greg, we have our own app to code sign and it now generates this error when trying to code sign. Naturally, it is not code sign in the build process, so I tried to run our app to see if it would code sign and here is the error it generates. Not sure if this provides any enlightenment to the issue.
My guess is that you’re missing one of the Apple WWDR intermediate certificates. I just went through this myself when I was doing the work on the web MapKit JS control because Xcode refused to download the updated certs.
It would be helpful if you could do a verbose manual sign on your app though just to see what the full errors are. IIRC:
codesign -vvvv -s "Developer ID Application:..." --force <path to app bundle> --deep
Now technically you shouldn’t use --deep any more, but for the purposes of this experiment, it should tell us what we need.
Ultimately you really should be iterating over each of the dylibs and frameworks that are in the Frameworks directory and any binaries that are in the Helpers directory within the bundle and then signing the bundle itself, without the --deep option.
P.S., please copy & paste the result into a code block here. The screenshots are less than optimal for analysis.
Greg, I intercepted the first code sign command in our app and just ran it in terminal and then did a screenshot of the results of that command. Looks like the same message I provided before.
Thomas, thank you for the link. It actually contained the fix that worked for me. It’s at the very end of the thread.
So here is what I did. I removed my account from XCODE. Opened Keychain Access and set all the Trust settings to “Use System Defaults”. Voila, I am now able to code sign my Mac apps.
Mine were set to “Always Trust” and I guess that’s not what it should be.