I am using Travis CI to automatise deploy process of my macos application.
So I have selected to run OSX Mojave 10.14 on travis VM.
In order to sign my application I have created custom keychain using these lines:
security create-keychain -p "password" $KEYCHAIN
security default-keychain -s $KEYCHAIN
security unlock-keychain -p "password" $KEYCHAIN
security import ${CERTIFICATE} -k ~/Library/Keychains/${KEYCHAIN} -P $PASS -A /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k "password" $KEYCHAIN
However when I reach sign stage build hangs and I always see same error as output:
No output has been received in the last 10m0s, this potentially indicates a stalled build or something wrong with the build itself.
Check the details on how to adjust your build configuration on: https://docs.travis-ci.com/user/common-build-problems/#Build-times-out-because-no-output-was-received
Has someone seen this error?
Could someone help me to understand what is going on? Or at least to tell me how to debug to see the problem. I have read that could be related to the fact that system is waiting for user to enter password but according to some post I have read line security-set-key-partition ... should fix that
Any clue?
Thanks in advance
your last line should read
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "password" $KEYCHAIN
as answered here https://stackoverflow.com/a/40870033/1972627
hope that helps 🙂
Related
I'm working with Github actions lately and facing trouble while importing .p12 certificate to build.keychain and getting error as follows:
/Users/runner/work/_temp/47c4b40a-b302-4da8-a26c-562eaae4c0ee.sh: line 1: ./provisioning/import_provisioning.sh: Permission denied
Error: Process completed with exit code 1.
After struggling for many hours I even tried to run this script manually on my terminal and everything seems to be working fine! I rechecked whether my passwords are wrong or whether i'm not able to access it or not! But i think i able to access my github secret properly, Any Idea why this may happening!
Here is my shell script file
import_provisioning.sh
gpg --quiet --batch --yes --decrypt --passphrase="$PROVISIONING_PASSWORD" --output provisioning/AppStoreCertificates.p12 provisioning/AppStoreCertificates.p12.gpg
gpg --quiet --batch --yes --decrypt --passphrase="$PROVISIONING_PASSWORD" --output provisioning/demo.mobileprovision provisioning/demo.mobileprovision.gpg
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
echo "List profiles"
ls ~/Library/MobileDevice/Provisioning\ Profiles/
echo "Move profiles"
cp provisioning/*.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/
echo "List profiles"
ls ~/Library/MobileDevice/Provisioning\ Profiles/
security create-keychain -p "" build.keychain
security import provisioning/AppStoreCertificates.p12 -t agg -k ~/Library/Keychains/build.keychain -P "$PROVISIONING_PASSWORD" -A
security list-keychains -s ~/Library/Keychains/build.keychain
security default-keychain -s ~/Library/Keychains/build.keychain
security unlock-keychain -p "" ~/Library/Keychains/build.keychain
security set-key-partition-list -S apple-tool:,apple: -s -k "" ~/Library/Keychains/build.keychain
And just in case you're not getting it properly you can check github repo for reference https://github.com/dheerajghub/GithubPipeline/blob/master/provisioning/import_provisioning.sh
I just found out that the problem was in the file permission so i set file permission and everything thing seems to be working fine!
git update-index --chmod=+x provisioning/import_provisioning.sh
git commit -m "Changing file permissions"
I'm following up this doc for github actions using fastlane.
As per doc's example, I tried
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
security import $DEV_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
But in logs i'm getting this
▸ security: SecKeychainItemImport: Unknown format in import.
▸ security: SecKeychainItemImport: Unknown format in import.
Hence I'm getting this error:
No signing certificate "iOS Development" found: No "iOS Development"
signing certificate matching team ID "XXXXXXXXX" with a private key
was found. (in target 'MyCICDAppDemo' from project
'MyCICDAppDemo')
Let me know what is wrong.
P.S.: Using manual code signin in xcode. And not want to try with match, sigh etc.
I'm receiving the error below while trying to build my iOS app. This error only occurs while building for the Release configuration. Also, I'm using CocoaPods for my third-party dependencies and these builds are running on Jenkins through SSH.
SecKey API returned: -25308, (null)/Users/iosbuilder/Library/Developer/Xcode/DerivedData/*/Build/Intermediates/ArchiveIntermediates/Production/InstallationBuildProductsLocation/Applications/*.app/Frameworks/AFNetworking.framework:
unknown error -1=ffffffffffffffff
Command /bin/sh failed with exit code 1
I've tried unlocking the keychain on the build server to make sure there isn't a UI block for keychain permissions, but the issue still persists...
Any idea why this is occurring and how I might fix the issue?
It is a keychain access issue. Solution is Here
With the code in the link you can try to execute that in shell on the build config of the project
You can use the security command to lookup the error code.
In this case, it says "User interaction not allowed".
This is typical if you're trying to sign your app via SSH, script of through Jenkins.
security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.
You need to do a security command to enable codesigning of your application through a non interactive shell:
security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private <your.keychain>
Here is a "complete" Jenkins / SSH friendly script to signing your app:
MY_KEYCHAIN="temp.keychain"
MY_KEYCHAIN_PASSWORD="secret"
CERT="certificate.p12"
CERT_PASSWORD="certificate secret"
security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Create temp keychain
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g) # Append temp keychain to the user domain
security set-keychain-settings "$MY_KEYCHAIN" # Remove relock timeout
security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Unlock keychain
security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -T "/usr/bin/codesign" # Add certificate to keychain
CERT_IDENTITY=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | sed -e 's/[^"]*"//' -e 's/".*//') # Programmatically derive the identity
CERT_UUID=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | awk '{print $2}') # Handy to have UUID (just in case)
security set-key-partition-list -S apple-tool:,apple: -s -k $MY_KEYCHAIN_PASSWORD -D "$CERT_IDENTITY" -t private $MY_KEYCHAIN # Enable codesigning from a non user interactive shell
### INSERT BUILD COMMANDS HERE ###
security delete-keychain "$MY_KEYCHAIN" # Delete temporary keychain
Shout out to Bochun Bai for spending 3 weeks with Apple support to finding the solution to the -25308 issue and posting it to https://sinofool.net/blog/archives/322
Just restarted my machine. And it worked.
▸ Check Dependencies
❌ Code Sign error: No code signing identities found: No valid signing identities (i.e. certificate and private key pair) were found.
I'm configuring Keychains in the following way:
security create-keychain -p travis ios-build.keychain
# Make the custom keychain default, so xcodebuild will use it for signing
security default-keychain -s ios-build.keychain
# Unlock the keychain
security unlock-keychain -p travis ios-build.keychain
# Set keychain timeout to 1 hour for long builds
security set-keychain-settings -t 3600 -l ~/Library/Keychains/ios-build.keychain
# Add certificates to keychain and allow codesign to access them
security import scripts/certs/apple.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
# security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import scripts/certs/distribution.p12 -k ~/Library/Keychains/ios-build.keychain -P {pass} -T /usr/bin/codesign
echo "list keychains: "
security list-keychains
echo " ****** "
echo "find indentities keychains: "
security find-identity -p codesigning ~/Library/Keychains/ios-build.keychain
echo " ****** "
# Put the provisioning profile in place
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp "scripts/certs/AdHoc.mobileprovision" ~/Library/MobileDevice/Provisioning\ Profiles/
cp "scripts/certs/AppStore.mobileprovision" ~/Library/MobileDevice/Provisioning\ Profiles/
Have someone ideas how to fix it?
Line:
# security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
Doesn't affect for result.
It's perfectly working script. Problem was in another thing in Travis CI.
But it needs uncomment line:
security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
.travis.yml is validated
Travis CI is build succeeded.
Xcode 7.1.1, Mac OSX El Capitan 10.11 Beta
fir:http://fir.im
Do these progress from : https://www.objc.io/issues/6-build-tools/travis-ci/#encrypt-certificates-and-profiles
** BUILD SUCCEEDED **
Then I try to deploy to fir,I received from Travis CI:
/Users/travis/build.sh: line 41: ./scripts/sign-and-upload.sh: Permission denied
I thought the file "sign-and-upload.sh" isn't been permission. So I give these files appropriate permissions:
before_install:
- chmod +x scripts/add-key.sh
- chmod +x scripts/remove-key.sh
But it still failed.
This is the add-key.sh:
#!/bin/sh
security create-keychain -p travis ios-build.keychain
security default-keychain -s ios-build.keychain
security unlock-keychain -p travis ios-build.keychain
security set-keychain-settings -t 3600 -l ~/Library/Keychains/ios-build.keychain
security import ./scripts/certs/apple.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import ./scripts/certs/dist.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import ./scripts/certs/dist.p12 -k ~/Library/Keychains/ios-build.keychain -P 123 -T /usr/bin/codesign
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp ./scripts/profile/$PROFILE_NAME.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/
You are right that sign-and-upload.sh needs execute permission. But your response was to change some different files! You need to add
- chmod +x scripts/sign-and-upload.sh