setup_local.sh fails without -legacy in generate_selfsigned_certificate.sh

[GabeKuslansky]

Describe the bug

When running scripts/codesign/setup_local.sh I get this error MAC verification failed during PKCS12 import (wrong password?). Adding -legacy to the final openssl command in generate_selfsigned_certificate.sh fixes this error. I'm not sure which OS versions need this flag, as I assume older versions worked just fine without it, but it's possible new Mac versions going forward may need this.

Screenshots / video

Steps to reproduce the bug

1. Run scripts/codesign/setup_local.sh on Sonoma 14.2.1

Your environment

• AltTab version: 6.65.0
• macOS version: 14.2.1
• Other relevant info: e.g. using external keyboard, multiple monitors, etc
  This is a work MacBook Pro with custom configuration, may not happen on a personal machine

[lwouis]

Hi,

I was not able to reproduce the issue. I'm on macOS v14.1.1.

$ openssl version
LibreSSL 3.3.6

$ scripts/codesign/setup_local.sh
+ certificateFile=codesign
++ openssl rand -base64 12
+ certificatePassword=iJ0RNAf4eKtpS9gC
+ scripts/codesign/generate_selfsigned_certificate.sh codesign iJ0RNAf4eKtpS9gC
+ certificateFile=codesign
+ certificatePassword=iJ0RNAf4eKtpS9gC
+ cat
+ openssl genrsa -out codesign.key 2048
Generating RSA private key, 2048 bit long modulus
..........................................................................................................................................................................................................................+++++
...............................................................................+++++
e is 65537 (0x10001)
+ openssl req -x509 -new -config codesign.conf -nodes -key codesign.key -extensions extensions -sha256 -out codesign.crt
+ openssl pkcs12 -export -inkey codesign.key -in codesign.crt -out codesign.p12 -passout pass:iJ0RNAf4eKtpS9gC
+ scripts/codesign/import_certificate_into_main_keychain.sh codesign iJ0RNAf4eKtpS9gC
+ certificateFile=codesign
+ certificatePassword=iJ0RNAf4eKtpS9gC
+ security import codesign.p12 -P iJ0RNAf4eKtpS9gC -T /usr/bin/codesign
1 identity imported.
+ security add-trusted-cert -d -r trustRoot -p codeSign codesign.crt

I'm wondering if perhaps you have installed a custom version of openssl, or some other dependency used by the setup_local.sh script.

Thank you

[GabeKuslansky]

I'm wondering if perhaps you have installed a custom version of openssl, or some other dependency used by the setup_local.sh script.

There may very well be something else at play as you suggested, since this is happening on a pre-configured work machine. I just checked:

openssl -v
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)

I'm unsure how to check the version of security, that's the only other dep I'm seeing.