I have a very annoying codesign problem: I have 2 Mac machines (M1, M2) and 2 Developer Certificates (C1, C2). Although keychains look similar on M1 and M2, I have the following results with codesign:
- codesign(M1, C1) ok
- codesign(M1, C2) nok
- codesign(M2, C1) nok
- codesign(M2, C2) ok
So when I build successfully my project on M1 with C1, I cannot transfer the repository to M2 and build again with C1, I must change to C2 to be successful.
On error codesign returns error message 'CSSM_SignData returned: 8001094A' followed by 'unknown error -2070=fffff7ea'.
To sign your app on a machine, the certificate must have been requested from that machine only. So you can not build with C1 on M2 and vice versa.
Unfortunately, this info goes into project.pbxproj, which is critical and must be maintained by version control. I don't think there is any way to avoid putting this kind of machine specific info in version control.
There is one option of "Automatic Profile Selector" when you pick the certificate to sign, though. I have not yet tested it on separate machines, but it sounds like it will pick the right certificate for right machine automatically. But if thats not the case, then you will have to manually select the certi each time.
The way my team does this is- we have different macs for developers and we do all our signing stuff from one particular mac.
you can export the certificates from keychain in .p12 format and install them on another system. If you install the .cer file on different machine it will not work! try exporting them and installing on other system.
