Xcode Command /usr/bin/codesign failed with exit code 1 : errSecInternalComponent
-
21-12-2019 - |
Question
I am trying to add new provisioning profile to my Xcode, to test an app on the device. Here are the steps I followed:
Deleted all certificates and provisioning profiles
Create/Add IOS Dev Certificate
Add My IOS Device Online
Create IOS Provisioning Profile
Add IOS Provisioning Profile
Clean App
Build Then Run App
Set Codesigning nd Provisioning Profile In Build Settings
Lots of Googling > to no successes
Here is the error I get:
CSSM_SignData returned: 800108E6
/Users/alexpelletier/Library/Developer/Xcode/DerivedData/MyExpense-efnqzvoqwngzcmazaotyalepiice/Build/Products/Debug-iphoneos/MyExpense.app: errSecInternalComponent
Command /usr/bin/codesign failed with exit code 1
Solution
Open Keychain Access, then in the File menu select Lock All Keychains.
Then go back to Xcode and clean and rebuild. It will prompt you for your password again to unlock the keychain.
After this, assuming you have no other compile issues, it will succeed!
OTHER TIPS
It seems like a bug in the code signing mechanism, restarting your mac should solve the problem
This occurs when the login keychain is locked. To unlock the login keychain, run:
security unlock-keychain login.keychain
Then try the build or code-signing operation again. The error code in question is described in Apple's docs as an internal error, so it's entirely possible this occurs in other cases too.
Had the same issue on High Sierra
/Xcode 9.4.1
, all attempts to sign ended in errSecInternalComponent
- Go to Keychain Access
- Go to the login keychain
- Select the category "My Certificates"
- Find the certificate you're signing with and expand it to see the key.
- Double click the key
- Go to the "Access control" tab.
- Update key access control to "Allow all applications to access this item"
Alternatively:
run codesign command on mac terminal and "Always allow" /usr/bin/codesign access to key
If trying to sign from ssh/CI you also need to run
security unlock-keychain login.keychain
before trying to sign app bundle
I have met the same problem, I restart my macOS,and it works.
In China,we have a saying between developers:
Little problems,just restart.Big problems,should reinstall.
Sometimes,the above saying will greatly help you!
In case it helps someone else, I encountered an errSecInternalComponent
error with codesign
because I was running it over an ssh session to my macOS machine. Running the same command from a terminal window on the macOS machine itself worked.
Presumably this is because codesign
needs access to the private key from the login keychain.
Running security unlock-keychain login.keychain
(as explained by cbracken's answer) from the same session also should work.
If trying to sign from ssh run command:
security unlock-keychain login.keychain
before trying to sign app bundle
or from UI
Update key access control to "Allow all applications to access this item"
Thx to @Equilibrium and @Jon McClung
I ran security unlock-keychain login.keychain
and my login password didn't work. So I rebooted, and then just ran Xcode again and it worked. Running the command works as well. Strange issue.
Just try it once using mac terminal but not from ssh session
security unlock-keychain login.keychain
And choose always allow in the prompted dialog. And then you could xcodebuild in the remote session.
As pointed out by @Equilibrium in one of the comments, if you are in command line env. like Jenkins(my case), you might need to pass the password to the security-unlock command mentioned in the solutions.
So instead of using,
security unlock-keychain login.keychain
use:
security unlock-keychain -p <login-keychain-password> <path-to-login-keychain>
where path-to-login keychain can be $HOME/Library/Keychains/login.keychain(my case) or simply login.keychain
for anyone that encountered this issue from jenkins and ssh:
high possibility that you have not granted access to the private key in keychain, i tried but not sure why all of these are not working:
- security import .p12 file with -A or -T /usr/bin/codesign
- security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{password} #{keychainPath}
- change all provisioning profile to [UUID].mobileprovision and copy them to '~/Library/MobileDevice/Provisioning\ Profiles' on jenkins server
- clean derived data and reboot jenkins server
- make sure default keychain is login keychain and unlocked it.
finally resolved by:
1.ssh [user]@[jenkinsServerIP] -L 5900:localhost:5900, log into jenkins server
2.open 'vnc://localhost'
this will launch a remote screen, if your jenkins server allow this...
then open keychain.app to grant access of /usr/bin/codesign to the private key
good luck
Right clicking on the private key associated with the codesigning cert in the keychain, and then clicking on 'allow all applications' instead of relying on a prompt fixed it for me, since the build was happening via ssh.
I had to:
1) delete the certificate associated to the project
2) Back to the Xcode and revoke the app certificate
3) The Xcode require a new certificate
4) Lock all KeyChain
5) Clean the project
6) Rebuild
That's it. Hope it helps to anyone.