I’ve recently added the code signing identities for a client to my dev Mac. Some old code signing scripts then failed to run:
🛑 Apple Development: ambiguous (matches “Apple Development: Christian Tietze (xxxxxxxxxx)” and “Apple Development: Christian Tietze (xxxxxxxxxx)” in /Users/myuser/Library/Keychains/login.keychain-db)
Never encountered that before, to be frank.
Turned out that the script was using the
$CODE_SIGN_IDENTITY environment variable, which is just the string “Apple Development”. ⌘F looking through the other environment variables at my disposal, I found
$EXPANDED_CODE_SIGN_IDENTITY, which is a hash, and
$EXPANDED_CODE_SIGN_IDENTITY_NAME, which is the expanded form that the error message quoted above uses.
I tried both, and both work. The
codesign man pages say as much: either provide a partial matching string, which only works if there’s just one match, or a complete form, or 4 characters of a hash. The
$EXPANDED_CODE_SIGN_IDENTITY is more than 4 characters long, but that’s looking like the hash.
The failing script must be pretty ancient, because all my notes with copypasta inside that involve code signing use
Receive new posts via email.