codesigning the library when I have multiple iPhone Developer" identities from multiple teams.

Mike Vosseller's Avatar

Mike Vosseller

25 Oct, 2013 12:42 AM

I followed your integration instructions but I'm having a problem signing the library. In particular I used the build phase script you provided for signing but it doesn't seem to work because (I think) I have multiple "iPhone Developer" identities from multiple teams.

Looks like your build phase script expands to something like this:
codesign -fs "iPhone Developer" /Path/to/app/libReveal.dylib

I then get an error message like this:
iPhone Developer: ambiguous (matches "iPhone Developer: Michael Vosseller (4F3XGZV3PV)" and "iPhone Developer: Michael Vosseller (786446HLR5)" in /Users/mpv/Library/Keychains/login.keychain)

Those two identities are from two distinct teams.

If I change the script to hardcode the full identity name it will works.
If I remove all but one of the "iPhone Developer" identities from my keychain it also works.

Any ideas on how to fix this?

Thanks

  1. Support Staff 1 Posted by Sean Woodhouse on 25 Oct, 2013 01:23 AM

    Sean Woodhouse's Avatar

    Hey Mike, I'll try to reproduce here.

  2. Support Staff 2 Posted by Sean Woodhouse on 25 Oct, 2013 06:00 AM

    Sean Woodhouse's Avatar

    I've reproduced the issue here. Just seeing if I can find a sane way to resolve the signing identity without baking it in to the script.

    FYI. you only need to sign the Reveal dynamic library if you're intending to inspect your app on device AND you're not connected to the debugger. If you're running from the debugger it works fine without signing.

    Static linking might also be an alternative for you depending on how you want to integrate the library... but let me see if I can get this sorted.

  3. Support Staff 3 Posted by Sean Woodhouse on 27 Oct, 2013 11:08 PM

    Sean Woodhouse's Avatar

    Looking in to this further it seems Apple suggest deleting duplicate signing identities, which isn't that helpful when you're a member of multiple teams. They also suggest you can create multiple keychains and specify which keychain to search when running codesign using the --keychain parameter.


    https://developer.apple.com/library/ios/documentation/IDEs/Conceptu...

    Your Keychain Contains Duplicate Code Signing Identities

    You get one of these error messages when there are duplicate code signing identities in your keychain, such as two development identities or two distribution identities (your keychain must contain at most one code signing identity of each type):

    Build error "iPhone Developer: <your_name> (XYZ123ABC): ambiguous (matches "iPhone Developer: <your_name> (XYZ123ABC)" in /Library/Keychains/System.keychain and "iPhone Developer: <your_name> (XYZ123ABC)" in /Users/../Library/Keychains/login.keychain)"
    
    [BEROR]CodeSign error: Certificate identity 'iPhone Distribution: <your_name>' appears more than once in the keychain. The codesign tool requires there only be one.
    

    To address these errors, try deleting the duplicate code signing identities from your keychain, as described in “Removing Signing Identities from Your Keychain.”

  4. 4 Posted by Michael Vossell... on 29 Oct, 2013 02:59 AM

    Michael Vosseller's Avatar

    Thanks Sean. I came up with a different solution that works reasonably well.

    First I created a new configuration file called
    "code-signing-identities.txt". This file maps usernames to code signing
    identity names.

    Next I updated the build phase script to check this file for the current
    user. If it finds an entry then it uses that identity to sign the library.
    If it does not find an entry then it falls back to the default "iOS
    Developer" identity.

    This means that only developers who have multiple "iOS Developer"
    identities need to worry about any of this. And all they need to do is add
    an entry for themselves pointing to the correct identity to use for the
    current project.

    Below is my updated build script and my code-signing-identities.txt file in
    case it could be useful to anyone else.

    Thanks for you help,
    mike

    BUILD PHASE SCRIPT:

    set -e

    LIB_FILE_NAME=libReveal.dylib
    LIB_SRC_DIR=$SRCROOT/MyApp/third-party/Reveal
    LIB_OUT_DIR=${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}

    if [ "$CONFIGURATION" == "Debug" ]; then

        # copy the reveal library to the app bundle
        cp $LIB_SRC_DIR/$LIB_FILE_NAME $LIB_OUT_DIR/$LIB_FILE_NAME

        if [ -n "${CODE_SIGN_IDENTITY}" ]; then

            # sign the reveal library. signing is required to load a dylib when
    the debugger is not attached.
            # note that by default signing will fail here if you have multiple
    "iPhone Developer" code signing
            # identities in your default keychain (e.g. multiple teams). As a
    workaround you can specify
            # the right identity to use in the file code-signing-identities.txt
    file
            IDENTITY=""

            if [ "$USER" ]; then
                IDENTITY=`grep "^$USER=" code-signing-identities.txt | cut
    -d'=' -f2`
            fi

            if [ "${IDENTITY}" == "" ]; then
                IDENTITY=$CODE_SIGN_IDENTITY
            fi

            codesign -fs "${IDENTITY}" "${LIB_OUT_DIR}/${LIB_FILE_NAME}"
       fi

    fi

    code-signing-identities.txt:

    mpv=iPhone Developer: Michael Vosseller (4F3XGZV3PV)

  5. Support Staff 5 Posted by Sean Woodhouse on 29 Oct, 2013 04:51 AM

    Sean Woodhouse's Avatar

    Thanks for posting your solution Mike. Hopefully it'll help others experiencing the same problem.

    Cheers

    Sean

  6. Sean Woodhouse closed this discussion on 29 Oct, 2013 04:51 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac