Skip to Content
Technical Articles
Author's profile photo Stan Stadelman

SDK 5.0: Handling Ambiguous Apple Developer Identity

When running the framework signing script distributed with SAP Cloud Platform SDK for iOS, some developers with multiple Apple Developer Team accounts may encounter the issue:

Apple Development Identity is Ambiguous. Multiple Certificates are found in your keychain for identity Apple Development

The brute force solution is to delete the non-essential conflicting Apple Development certificates from your macOS Keychain.  But, if you have distributed apps using the signing certificate and cannot revoke it, or frequently switch accounts, you should not delete the certificate.

In this case, the best solution at this time is to specify the specific certificate which should be used by the ‘codesign’ tool directly.  To do this, open the Keychain Access system app, and select the certificate you should use for signing.

Double-click on it, then scroll to the bottom of the details to grab the SHA-1 fingerprint.

Then in the python script, modify the line (79) where the ‘codesign’ command is called, to take the fingerprint as a string, instead of the script-derived signing identity.

if self.sdk.startswith('macosx'):

    binaryPath = frameworkPath + "/" + framework + ".framework/Versions/A"

    print "Signing binaries on path : " + binaryPath

    codesignCommand = ["codesign", "--timestamp", "--options=runtime", "--verbose=2", "--force", "--sign" , "43 47 20 5E D6 A7 BF 00 00 00 00 00 00 00 00 EB 67 1F 50 C3", binaryPath]

You should be able to build for Mac target, without a script error.

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Douglas Maltby
      Douglas Maltby

      Thanks Stan!

      I had downloaded the SDK 5.0, and the Tutorial App ran fine in the iPhone 11 Pro Max simulator and on my iPhone X.  https://developers.sap.com/group.ios-sdk-setup.html

      However, I was getting a generic sigabort (about @rpaths to frameworks) when trying to run the app with the target as "My Mac" with Catalyst. The error didn't indicate duplicate Apple Developer IDs.

      I had just today upgraded my Apple Developer account to a real paid developer ID, and I had 2 prior "regular" certificates in my keychain. After deleting those 2 older certificates, leaving only my current paid ID certificate, the Tutorial App ran directly in MacOS 10.15.3!

      Also note that I did NOT have to copy the SHA signature into the python script. AND that exporting the signing script from the SDK is NOT available on the SDK menu as it is shown in the 5.0 announcement blog screenshot. https://blogs.sap.com/2020/03/06/cp-sdk-for-ios-5.0-released/

      Great work on the SDK 5.0 and this helpful blog on overcoming the ambiguous Apple IDs!

      I also tweeted a reply to @SAPDevs post here: https://twitter.com/SAPdevs/status/1237544773684092930?s=20

       

       

      Author's profile photo Stan Stadelman
      Stan Stadelman
      Blog Post Author

      Hi Doug, I'm glad that you're up and live!

      Yes... I was informed that I was using a copy of the next patch build, which contains the Export Codesigning Script menu item.  It will be public shortly.

      I've seen the @rpath error message also, this is coming directly from Xcode, not from the SAP SDK. Typically the message also indicates that there is some sort of signing issue (I've seen a number of variants of "Could not load [framework]...found [similarly-named framework], which is incompatible for [reason]").

      The signing script is designed to work without intervention--the additional step of specifying the SHA-1 or certificate CN is only necessary for disambiguating duplicate certs.  It's interesting that it did not detect your older certs as duplicates... will track this.

      BR/Stan

       

      Author's profile photo Douglas Maltby
      Douglas Maltby

      Thanks Stan.

      I've recently been experimenting with iOS and Fiori development and had just completed Kevin Muessig's TechEd Dev garage tutorials with the 4.0.10 SDK. I had the same @path and code signing issues with those apps when trying to run outside the simulator, on my iPhone X with iOS 13.3.1. See my comments at bottom.

      https://blogs.sap.com/2020/01/28/ios-teched-missions-available-for-public/

      I tried to track back the issues and it seems this stack overflow thread says it's an issue with iOS 13.3.1 that's fixed in 13.4. https://stackoverflow.com/questions/60015309/running-ios-apps-causes-runtime-error-for-frameworks-code-signature-invalid

      Rather than wait on 13.4, I opted to bite the bullet and pay for the full Apple Dev experience, and the development code signing certificates. That seemed to do the trick after getting rid of the old dup certs. Now, all 3 of the demo apps I've built, SalesAssistant, MyDeliveries and TutorialApp are all able to be run on my iPhone X with no issues.

      Thanks again for the SDK, blog and help! Exciting stuff!

      Doug