Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Certificate installation fails (due to wrong order of parameters?) #244

Closed
phirk opened this issue Dec 21, 2021 · 0 comments
Closed

[BUG] Certificate installation fails (due to wrong order of parameters?) #244

phirk opened this issue Dec 21, 2021 · 0 comments

Comments

@phirk
Copy link

phirk commented Dec 21, 2021

Describe the Bug

Trying to install certificates fails:

certificate 'Apple Worldwide Developer Relations Certificate Authority certificate' do
  certfile "#{certificates_path}/AppleWWDRCAG3.cer"
  keychain '/Users/phirk/Library/Keychains/login.keychain-db'
  apps ['/usr/bin/security', '/usr/bin/codesign']
end

Error Message

    Mixlib::ShellOut::ShellCommandFailed
    ------------------------------------
    execute[install-certificate] (/Users/phirk/.chef/cache/cookbooks/macos/resources/certificate.rb line 23) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
    ---- Begin output of ["/usr/bin/security", "add-certificates", "/Users/phirk/certificates/AppleWWDRCAG3.cer", "-k", "/Users/phirk/Library/Keychains/login.keychain-db"] ----
    STDOUT:
    STDERR: security: SecCertificateAddToKeychain: A default keychain could not be found.
    security: open -k: No such file or directory
    security: SecCertificateCreateFromData: Unknown format in import.
    ---- End output of ["/usr/bin/security", "add-certificates", "/Users/phirk/certificates/AppleWWDRCAG3.cer", "-k", "/Users/phirk/Library/Keychains/login.keychain-db"] ----
    Ran ["/usr/bin/security", "add-certificates", "/Users/phirk/certificates/AppleWWDRCAG3.cer", "-k", "/Users/phirk/Library/Keychains/login.keychain-db"] returned 1

Chef Exception

Error executing action run on resource 'execute[install-certificate]'

Observation

It seems that the order add-certificates certificate -k keychain is wrong, as it fails on the command line too:

sh-3.2# /usr/bin/security add-certificates /Users/phirk/certificates/AppleWWDRCAG3.cer -k /Users/phirk/Library/Keychains/login.keychain-db
security: SecCertificateAddToKeychain: A default keychain could not be found.
security: open -k: No such file or directory
security: SecCertificateCreateFromData: Unknown format in import.

However, the swapped order add-certificates -k keychain certificate does seem to work:

sh-3.2# /usr/bin/security add-certificates -k /Users/phirk/Library/Keychains/login.keychain-db /Users/phirk/certificates/AppleWWDRCAG3.cer
sh-3.2#

The machine the certificate should install on is running macOS 11.6 (20G165).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jazaval @phirk