This is being done from the command line of macOS 14 (Sonoma).
Can someone explain why a parameter doesn't seem to be processed correctly in the following function.
First, note that the following works fine (called directly from the command lilne), so it's not a keychain problem:
# [1] succeeds
codesign -f -vvvv --strict --deep --timestamp -s "Developer ID Application: My Company Inc. (123456)" --options runtime "/MyFolder/MyFile.dylib"
I can also call it from a function if I hard-code the "-s" argument in the function:
# [2] succeeds
function myFunc()
{ codesign ${1} -s "Developer ID Application: My Company Inc. (123456)" ${2}
}
myFunc "-f -vvvv --strict --verbose --deep --timestamp --options runtime" "/MyFolder/MyFile.dylib"
However, if I include the "-s" argument as a parameter, I get an error "Developer: no identity found":
#[3] error: "Developer: no identity found
function myFunc()
{ codesign ${1} ${2}
echo {1} = "${1}"
}
myFunc "-f -vvvv --strict --verbose --deep --timestamp -s \"Developer ID Application: My Company Inc. (123456)\" --options runtime" "/MyFolder/MyFile.dylib"
It's not a question of a keychain issue, because the codesign works in cases [1] and [2].
The result of the echo indicates that the parameter seems to be passed OK:
{1} = -f -vvvv --strict --verbose --deep --timestamp -s "Developer ID Application: My Company Inc. (123456)" --options runtime
I've tried backticks, escaping blanks, nada works.
Any ideas? BTW I need this because there are many files that need to be signed & verified, I'm trying to cut down on duplication.
Trying to put multiple arguments into a string in Bash is generally not a good idea. Sometimes the only way to make it work is to use eval, and that often just gives you more problems (some of which may be very unobvious). See Why should eval be avoided in Bash, and what should I use instead?.
In this case I'd avoid the problem by defining the (Bash) function like this:
function myFunc
{
codesign "${@:2}" "$1"
}
and calling it like this:
myFunc "/MyFolder/MyFile.dylib" -f -vvvv --strict --deep --timestamp -s "Developer ID Application: My Company Inc. (123456)" --options runtime
I.e. put the path of the file to be signed as the first argument and the arguments to codesign as the following, all separate, arguments. Any arguments that work with codesign itself are guaranteed to work when provided as arguments (2 and following) to myFunc.
Note that if the intention in using a function like this is to make it easy to use different sets of options with codesign for different files, then it is important to keep lists of options in arrays instead of strings. This code demonstrates how to use an array to build up the full list of options in stages before calling the function:
codesign_opts=( -f -vvvv --strict --deep --timestamp )
codesign_opts+=( -s "Developer ID Application: My Company Inc. (123456)" )
codesign_opts+=( --options runtime )
myFunc "/MyFolder/MyFile.dylib" "${codesign_opts[@]}"