sign_update pem invalid macOS High Sierra

[simonmitchell]

I have recently been trying to update a Mac app which I haven't been working on for a while. When I try and run sign_update I get this error:

unable to load key file
140736175084424:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/pem/pem_lib.c:704:Expecting: ANY PRIVATE KEY

I have tried the old private pem file I had, one newly generated using generate_keys and the one bundled with the example project. All of them throw this error in the console, and I also get an error when trying to open them in keychain.app.

[simonmitchell]

I'm guessing the fact the old private key and the one in the example project don't work (And the keychain doesn't like these files either) suggest this is an issue with macOS high Sierra, and more specifically libressl

[kornelski]

We've got multiple reports about signatures failing. There's certainly something flaky about it. My personal key does work, so it may be a bug or broken support for some key size or other property of the key.

Sorry for the annoyance it causes. Long term we'll be moving to more modern signature scheme. I'm not sure what do about it short term, other than hope Apple fixes it :(

[simonmitchell]

Sad times ☹️ And good old Apple, I sometimes wonder if they've ever heard of tests...

It's no worries, I ended up looking at the bash script and manage to get a signature in the end 👍