From e72864b44d14247cf63b93b0ef11ecfdc9b3a4e4 Mon Sep 17 00:00:00 2001
From: Ozgur Ersoy <git@moersoy.com>
Date: Sun, 13 Apr 2025 21:41:13 +0200
Subject: [PATCH] fix(workflows): update macOS build workflow to check
 certificate formats and import with correct flags

---
 .gitea/workflows/test-macos-build.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/test-macos-build.yml b/.gitea/workflows/test-macos-build.yml
index aaa10cbe..124fcb8a 100644
--- a/.gitea/workflows/test-macos-build.yml
+++ b/.gitea/workflows/test-macos-build.yml
@@ -116,13 +116,19 @@ jobs:
           curl -s -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
           curl -s -o DeveloperIDG2.cer https://www.apple.com/certificateauthority/DeveloperIDG2.cer
           
+          # Check certificate formats - for debugging
+          echo "Certificate formats:"
+          file AppleWWDRCAG3.cer
+          file DeveloperIDG2.cer
+          file certificate.p12
+          
           # Import Apple root certificates properly
-          # Use -T to restrict access to codesign instead of -A (which is insecure)
+          # Apple DER certificates need to be imported with -f der flag
           echo "Importing Apple WWDRCA certificate..."
-          security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f openssl
+          security import AppleWWDRCAG3.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der
           
           echo "Importing Developer ID certificate..."
-          security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f openssl 
+          security import DeveloperIDG2.cer -k "$KEYCHAIN_PATH" -T /usr/bin/codesign -f der
           
           # Import developer certificate with proper parameters
           echo "Importing developer certificate..."