I am encountering a issue with Travis when it comes to importing a macOS cert and signing a PKG file. I have imported the cert successfully in the CI and the “identity” is visible through
security find-identity. I am using the correct macOS cert type, Developer ID: Installer, to sign the MSI.
Now onto the issue. When signing a PKG, the command becomes stuck at, “pkgbuild: adding certificate Apple Root CA”. There is no error or other output than this, the command never terminates. This would cause the CI to timeout.
Restarting the build in debug mode and ssh into the CI and running all the commands prior to signing a PKG, the issue still happens. Thinking maybe a intermediary cert is missing, i imported the 2 certs into the keychain(Apple Root CA, Apple Worldwide Developer…) yet the issue persists.
The way i am importing these certs is exporting them from my local machine as base64 string, encypting them using the travis CLI and decrypting them on the CI and importing them like this:
KEY_CHAIN=build.keychain INSTALLER_CERT=installer.p12 base64 --decode ./scripts/Travis/certs/macOS-cert-installer.txt > $INSTALLER_CERT security create-keychain -p travis $KEY_CHAIN security default-keychain -s $KEY_CHAIN security unlock-keychain -p travis $KEY_CHAIN security import $INSTALLER_CERT -k $KEY_CHAIN -P $MACOS_PRODUCTION_CERT_INSTALLER_PASSWORD -T /usr/bin/codesign security set-key-partition-list -S apple-tool:,apple: -s -k travis $KEY_CHAIN
The weird part is that i can sign a .app file just fine. I am importing 2 certificates in my build(the script above just shows importing 1).
Is this a possible bug, known issue? Is this how we sign PKG/installer files in travis?
Thanks in advance for your time,