Having issue with allowing codesign to use my keychain

Asked 12/11, 2015 at 9:3 Answered 2/3, 2016 at 4:0

Solved ios iphone xcode code-signing keychain

I am using El Capitan and Xcode 7.1 , I am trying to build and archive my application to upload to app store . After compiling this alert pops up :

but Always Allowand Allow buttons do not work at all ,but Deny cancels the alert! how should I fix this issue ? I am using new iMac and transferred all data from my older mac to this new one . This issue even happens with Safari , when a website wants to access password from keychain .

This is console log :

SecurityAgent[1476]: Ignoring user action since the dialog has received events from an untrusted source

I have looked into this question but I am not sharing anything !

Faludi answered 12/11, 2015 at 9:3 Comment(1)

Have you modified the content of Xcode.app by any chance ? It might've broken the Xcode signature and therefore the app would be not trusted, I suggest to try to remove it and perform a fresh install. – Allness 12/11, 2015 at 9:57

Found the solution :

Third-party utilities such as Alfred, TextExpander, or MagicPrefs might appear to take "control" of the window as far as the OS is concerned. You can find the culprit by disabling them all, and turning them on one by one until you find one (or more) which affects Keychain in that manner. Credit : https://apple.stackexchange.com/questions/212622/keychain-wont-let-copy-passwords-after-10-11-1-update

In my case I just uninstalled MagicPref application and the problem solved

Faludi answered 12/11, 2015 at 9:58 Comment(3)

Same helped me as well. Disabled MagicPrefs and everything works well. – Mirthless 13/11, 2015 at 23:9

Also Smooth Mouse affects this. You need to kill SmoothMouseDaemon in order to be able to allow. BUT dialog that already is opened will still be unresponsive, you'll be able to allow only when it will appear again. – Reid 9/12, 2015 at 5:55

I had the same problem using Synergy. Killing it allows me to press "Always allow" – Diedrediefenbaker 13/5, 2016 at 12:37

Not sure if you already figured this out but I faced this exact issue the other day. Is your Xcode build box remote? Is ARD/VNC enabled? Apple recently released an update for CVE-2015-5943 'A malicious application can programmatically control keychain access prompts' that made it so the always allow/allow buttons didn't work is VNC/ARD is used. The other thing that can cause that error to come up is apps that modify system input like Smoothmouse or MagicPrefs.

You can get around this by re-importing the private key and trusting the codesign binary on import. If you don't have the original private key .p12 file, you may be able to export it from your Keychain. You'll want to remove the private key from the keychain before reimporting (make sure you have the private key backed up somewhere first!!).

To import and trust the codesign binary, you can use this command.

security import /tmp/my-cert-path.p12 -k /Users /xcodeuser/Library/Keychains/login.keychain -P mysupercoolprivatekeypassword -T /usr/bin/codesign

If you need to keep adding trusted apps to the private key, I would definitely make sure to keep your developer private keys backed up elsewhere from here on out. If you lose the private key and cannot export from Keychain Access, think you may need to regenerate it if you don't have local access to the box (we use a remote hosted Mac Mini).

The log entry you posted is the correct one.

SecurityAgent[1476]: Ignoring user action since the dialog has received events from an untrusted source

'About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks' https://support.apple.com/en-us/HT205375

Other folks facing same issue:

El Capitan + Xcode 7.1 not letting me allow enterprise signing

https://superuser.com/questions/1004881/osx-10-11-1-keychain-access-does-not-allow-change-to-access-permission

http://nerdanswer.com/answer.php?q=1181710

Laurasia answered 21/12, 2015 at 2:51 Comment(6)

I have been trying this security import command on El Cap, and it seems to ignore my request to import and trust the key for codesign. Any tricks to making it honor the trust option (tried both -T and -A)? I am running this command on a terminal via VNC because I don't have physical access to the machine. – Hearten 23/12, 2015 at 16:16

@PaulBuchanan that's the situation i was working through, did you remove the existing keychain item before you tried importing again? The command only worked for me when i deleted the keychain item first, it wouldn't update it if the item already existed. – Laurasia 25/12, 2015 at 9:40

Just one update to this Owen, I found that you have to specify the apps on the private key, not the certificate. Like so:

security import ~/Desktop/<exported-certificate>.p12 -k "/Users/<user>/Library/Keychains/login.keychain" -t priv -P <password> -T /usr/bin/codesign -T /Applications/Utilities/Keychain\ Access.app

. So just delete the private key that shows up underneath the certificate, then do the import again to add new apps. – Trinitytrinket 15/1, 2016 at 23:30

The latest version of El Capitan 10.11.4 beta 7 has fixed this problem, so you can allow access to a certificate in the keychain again even when you are logged in via VNC. – Faultfinding 18/3, 2016 at 16:28

Awesome, thanks for the heads up @Pegolon. Glad to hear it. – Laurasia 20/3, 2016 at 12:30

Another tip, don't put sudo in front of your command if importing to login keychain. – Pulsatile 6/7, 2016 at 19:42

-1

I had the same issue, and I looked for a really long time. I actually found this answer while having a similar issue on a pop up box on Microsoft word that wouldn't work.

The fix that I used is to restart the computer and power it on in safe mode (https://support.apple.com/en-us/HT201262), open up Xcode (you may need to install components), and try Archiving it again. This time, when you click always allow, it should work.

Hope this helps!

Contraception answered 2/3, 2016 at 4:0 Comment(0)

Recommended topics

Hot tags