Upgrading existing Tauri v1 application to v2, stuck on macOS code signing.

[mikew]

I'm signing via a self-signed certificate, which has worked well enough so far with Tauri v1. Tauri v2, however, can't sign the application.

I'm using the same environment variables in CI with the v2 builds as I was with v1, but I only get this error:

failed to bundle project: failed to resolve signing identity
       Error failed to bundle project: failed to resolve signing identity

I've tried

• APPLE_SIGNING_IDENTITY="<my email>"
• APPLE_SIGNING_IDENTITY="<my name>" (what the certificate lists itself as in Keychain Access)
• APPLE_SIGNING_IDENTITY="-" (recommended in some issues)

[mikew]

I should mention, I'm able to pass code signing with just APPLE_SIGNING_IDENTITY="-" (removing the other APPLE_ env vars is mentioned nowhere in the docs), but then the signatures of the app are different.

Before:

$ codesign -vv -d /Applications/WADPunk.app
Executable=/Applications/WADPunk.app/Contents/MacOS/WADPunk
Identifier=com.mikewhy.wadpunk
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=38548 flags=0x10000(runtime) hashes=1198+3 location=embedded
Signature size=1767
Authority=Mike Wyatt
Signed Time=Jun 10, 2025 at 9:38:15 PM
Info.plist entries=14
TeamIdentifier=not set
Runtime Version=14.5.0
Sealed Resources version=2 rules=13 files=2
Internal requirements count=1 size=96

After:

$ codesign -vv -d ./src-tauri/target/release/bundle/macos/WADPunk-aarch64.app
Executable=/Users/mike/Work/wadpunk/src-tauri/target/release/bundle/macos/WADPunk-aarch64.app/Contents/MacOS/WADPunk
Identifier=com.mikewhy.wadpunk
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=46868 flags=0x10002(adhoc,runtime) hashes=1458+3 location=embedded
Signature=adhoc
Info.plist entries=14
TeamIdentifier=not set
Runtime Version=15.4.0
Sealed Resources version=2 rules=13 files=2
Internal requirements count=0 size=12

[FabianLars]

Do you get a better error if you run it with the --verbose flag? (if you use npm make sure to append another -- so it's npm run tauri build -- --verbose).

v2 handles macos code signing completely different (mainly because of ios iirc) and self signed certificates weren't ever officially supported so i assume they were not thought of or tested when the big changes happened.

i don't know that much about the implementation so if you want to look into it yourself, the issue is that this function here

tauri/crates/tauri-macos-sign/src/keychain/identity.rs

Line 84 in 0f0d6a4

pub fn list(keychain_path: &Path) -> Result<Vec<Team>> {

returns no entries for the used keychain.