In the past, I had to codesign a .dmg file.
The old certificate has since expired, and I have a new one to sign with. No problem, right? Do what I did last time? Yes. I exported the new certificate chain and private key as a .pfx file, in windows. It would seem I can import that directly into the OS X keychain tool, without converting to .p12 first. So I did.
When it comes time to actually codesign, first try says it can't determine which certificate to use. So I put the old certificate chain and private key into one keychain (2011), and the new ones in another (2012), and try again:
so...
codesign -s "Identifier Name" --keychain 2012.keychain --verbose --dryrun somefile.dmg
Returns...
somefile.dmg: signed []
BUT!
codesign -s "Identifier Name" --keychain 2012.keychain --verbose somefile.dmg
Returns...
somefile.dmg: Argument list too long
And just to be sure...
codesign -d --verbose somefile.dmg
Reveals...
somefile.dmg: code object is not signed
And for kicks and giggles,
codesign -s "Identifier Name" --keychain 2011.keychain --verbose somefile.dmg
Reveals...
somefile.dmg: signed generic [somefile.dmg]
tl;dr I can still sign things ok with my expired certificate, but when I try to do so with the new one, it works on a dryrun, but when I try to sign for real, the command returns "argument list too long".
I've been trying to figure this out for about two weeks now I kid you not, and as far I can find from searching, there is nothing to be found on this mysterious error message.
Any ideas as to what is going on, or what more I can do?
Thanks,
-Lunpa