While building one of my Mac apps this morning, codesign failed with the error “CSSMERR_TP_NOT_TRUSTED.” Apparently this has been happening since last night. Rich Siegel says that there’s a problem with Apple’s timestamp server and that you can work around it by adding --timestamp=none to codesign’s arguments; this disables the use of timestamp services. This is better than disabling code signing entirely, but you can’t ship an app built this way. I wonder how many people realized that even if you’re using Developer ID certificates and Gatekeeper rather than the Mac App Store, you’re still dependent on Apple’s servers to be able to ship your app. Luckily, in this case, the server is back up now.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.