Enhance macOS build scripts with keychain management and error handling
This commit introduces functions to ensure the System keychains are included in the user keychain search list, addressing common codesigning errors related to keychain trust chains. Additionally, it adds preflight checks for codesigning and installer identities, improving error reporting and guidance for developers. The README_MAS.md is updated to include troubleshooting steps for keychain-related issues, enhancing the overall usability of the macOS build process.
This commit is contained in:
@@ -80,6 +80,24 @@ If there’s no private key under the certificate, it will not be usable for sig
|
||||
|
||||
## Step 4 — Verify identities from the CLI
|
||||
|
||||
### Common failure: errSecInternalComponent / chain-to-root warnings
|
||||
|
||||
If you see errors like:
|
||||
|
||||
- `Warning: unable to build chain to self-signed root for signer "Apple Distribution: ..."`
|
||||
- `errSecInternalComponent`
|
||||
|
||||
This is almost always a **keychain search list / trust chain** issue.
|
||||
|
||||
Fix (safe, common): ensure the System keychains are included in the user search list:
|
||||
|
||||
```bash
|
||||
security list-keychains -d user
|
||||
security list-keychains -d user -s "$HOME/Library/Keychains/login.keychain-db" "/Library/Keychains/System.keychain" "/System/Library/Keychains/SystemRootCertificates.keychain"
|
||||
```
|
||||
|
||||
Then re-run the build/sign script.
|
||||
|
||||
```bash
|
||||
security find-identity -p codesigning -v
|
||||
security find-identity -p basic -v
|
||||
|
||||
Reference in New Issue
Block a user