Jenkins jobs not working after revoking Distribution certificate in Remote Machine - jenkins

I have been facing an issue with Jenkins in building my iOS jobs. Recently our distribution certificate has been expired and we have revoked it and imported the same cert into Remote Machine. Since that moment my jenkins jobs are failing at the compile stage itself. Below is the error i'm getting from jenkins console.
/Users/jenkins/Library/Developer/Xcode/DerivedData/Companion-
dtiiwydzoavsrybgsztwqribsxtx/Build/Products/Release-
iphoneos/sample.app/Frameworks/KSCrash.framework:
errSecInternalComponent
Command PhaseScriptExecution failed with a nonzero exit code
** BUILD FAILED **
The following build commands failed:
PhaseScriptExecution [CP]\ Embed\ Pods\ Frameworks
/Users/jenkins/Library/Developer/Xcode/DerivedData/Companion-
dtiiwydzoavsrybgsztwqribsxtx/Build/Intermediates.noindex/
Companion.build/Release-
iphoneos/SampleProject.build/Script-15FB268A228A7C3900925F65.sh
Do i need to add that new certificate some where else ? What might be the issue ? Any help is appreciated.

This has solved my problem https://stackoverflow.com/a/52221673/1025976.
Solution for errSecInternalComponent error is : Go to Keychain -> My Certificates -> Select your Development or Distribution certficiate -> Expand it and double click on the private key -> Select "Allow all applications to access them" and save changes. This should solve the problem.

Related

Xcode 11.6 Command PhaseScriptExecution failed with a nonzero exit code

I'm trying to Archive my build in Xcode 11.6 running on macOS 10.15.5 and every time I get the same error "Command PhaseScriptExecution failed with a nonzero exit code".
In Signing & Capabilities option I've chosen Distribution provisioning profile on both tabs Debug and Release and I've disabled automatic signing.
I have 2 certificates: one for development and one for distribution.
Here is the error:
I've already tried Keychain lock and unlock. On Xcode 10 and macOS 10.14 this worked without any problems.
Can you help me please,
Robert
According to the error message, it seems there is a build script that tries to run another script called copy-www-build-step.sh, and gets a "Permission Denied" error. The most likely cause is simply that the script file does not have execute permissions (no files have this permission by default, and permissions are often lost when e.g. unzipping an archive).
This can be easily solved by running the following command in Terminal to enable execute permissions:
chmod +x /path/to/copy-www-build-step.sh

Not able to deploy flutter application to iOS Appstore

While Building the app for iOS Distribution in flutter I faced the below issue with the build, I tried many things available on google related to this issue but no resolution yet.
How am I supposed to deploy flutter application to iOS Appstore?
Warning: unable to build chain to self-signed root for signer "iPhone Distribution: Mark Davids (*********)"
/Users/mark/Downloads/chat_app-master 2/build/ios/Release-iphoneos/Runner.app/Frameworks/App.framework/App: errSecInternalComponent
Command PhaseScriptExecution failed with a nonzero exit code
note: Using new build system
note: Building targets in parallel
note: Planning build
note: Constructing build description
Encountered error while building for device.
This is a vague error, however my guess is its 1 of two things.
There is Flutter detritus that is blocking your build, which you can fix by running the flutter clean command
Your certificate is invalid. When dealing with this in the past I have found the easiest way to fix it is to open XCode, set the signing to none, purge your certificates and keys from your system, and then re-add them to the keychain.

Trying to archive my build gives a PhaseScriptExecution error

I can't archive my build it gives the next errorCommand:
PhaseScriptExecution failed with a nonzero exit code
I am not able to run the build in device while run using the provision profile. Is the issue related to a provision profile?
I've tried to reinstall all pods, but still I can't archive a build successfully.

Codesign returns unknown error after "replacing existing signature"

I am trying to build a Xamarin iOS app using xbuild on Jenkins. Sometimes the build fails during the codesigning process with an unknown error -1=ffffffffffffffff and sometimes the build succeeds. The provisioning profile is stored in a separate keychain jenkins.keychain (not the system or login keychain) that is referenced by Jenkins through the Keychains and Provisioning Profiles Plugin.
This is the console log of Jenkins:
Target _CodesignAppBundle:
Codesign Task
CodesignAllocate: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
DisableTimestamp: False
Entitlements: obj/iPhone/In-House/Entitlements.xcent
Keychain: <null>
Resources:
bin/iPhone/In-House/MyApp.app
ResourceRules: <null>
SigningKey: 123
ExtraArgs: <null>
IsAppExtension: False
Tool /usr/bin/codesign execution started with arguments: -v --force --sign 123 --entitlements /private/var/lib/jenkins/workspace/Master/Apps/iOS/obj/iPhone/In-House/Entitlements.xcent /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app
bin/iPhone/In-House/MyApp.app: error : /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: replacing existing signature
/private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: unknown error -1=ffffffffffffffff
Task "Codesign" execution -- FAILED
Done building target "_CodesignAppBundle" in project "/private/var/lib/jenkins/workspace/Master/Apps/iOS/MyApp.csproj".-- FAILED
As suggested in Codesign returned unknown error -1=ffffffffffffffff I added set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PW} ${KEYCHAIN_PATH} to my build script but it did not fix the issue.
Do you have any idea how to address this issue? Why is there an existing signature to be replaced?
Update 1 - We keep getting the error after:
switching from xbuild to msbuild version 15.3.0.0
setting jenkins keychain to "Allow all applications to access this item"
deleting the derived data folder
not using relative paths for security commands
A similar problem is described in the Apple forum.
What fixed the issue:
The keychain filename extension changed from *.keychain to *.keychain-db on macOS Sierra. The code signing error was caused by referencing the old keychain file while we were editing in fact the jenkins.keychain-db file containing updated certificates. Keychains with the new extension are rejected from the upload with Jenkins' keychain plugin. So we do not use the keychain plugin any longer and store the signing certificates inside the login.keychain-db. With this we can successfully build the app without the unknown error.
My resolution to this problem was ensuring that the Mac had proper permissions to use the new certificate. I was getting this code signing issue when trying to run a Jenkins job, but things ran properly on my local machine. When I tried manually code signing one of the Swift libraries (e.g. libswiftos.dylib), the Mac then asked for a password to be able to use the new certificate. Once I did that, the Jenkins job ran successfully.
Restarting the Mac could Fix the issue

Xcode 8 Fastlane build with TeamCity codesign failed with exit code 1

I've got a weird serious problem with Xcode 8.3.2 on macOS Sierra. I could build the app locally on build machine with fastlane or manually executing commands. Both development and ad-hoc build can be created locally.
$ fastlane <lane_name>
But when tried the same from TeamCity it throws following error.
[exec]/usr/bin/codesign --force --sign 5609CEE02FBF256EDBF60DB28C1A2995A2153B5B --entitlements /Users/<username>/Library/Developer/Xcode/DerivedData/<AppName>-frpvxgdtafatrrgbjqbbepgfzvak/Build/Intermediates/ArchiveIntermediates/SabaMeeting/IntermediateBuildFilesPath/<AppName>.build/Release-iphoneos/<AppName>.build/<AppName>.app.xcent --timestamp=none /Users/<username>/Library/Developer/Xcode/DerivedData/<AppName>-frpvxgdtafatrrgbjqbbepgfzvak/Build/Intermediates/ArchiveIntermediates/SabaMeeting/InstallationBuildProductsLocation/Applications/<AppName>.app
[exec] /Users/<username>/Library/Developer/Xcode/DerivedData/SabaMeeting-frpvxgdtafatrrgbjqbbepgfzvak/Build/Intermediates/ArchiveIntermediates/SabaMeeting/InstallationBuildProductsLocation/Applications/<AppName>.app: unknown error -1=ffffffffffffffff
[exec] Command /usr/bin/codesign failed with exit code 1
[exec]
[exec] ** ARCHIVE FAILED **
[exec]
[exec]
[exec] The following build commands failed:
[exec] CodeSign /Users/<username>/Library/Developer/Xcode/DerivedData/SabaMeeting-frpvxgdtafatrrgbjqbbepgfzvak/Build/Intermediates/ArchiveIntermediates/<AppName>/InstallationBuildProductsLocation/Applications/SabaMeeting.app
[exec] (1 failure)
TeamCity pulls the code and even executes the commands but fails.
Build Step: Command Line is set TeamCity with a custom script.
Tried following ways but not working:
Xcode Preferences ->Accounts->Delete already added account and add it again
Generated new Distribution and Developer Certificate and installed in KeyChain. New Provisioning Profiles and installed in Xcode.
Verified keychain access to private keys by "Allow all applications to access this item". Moved Certificates from login to System with access control to all.
Reinstalled xcode 8.3.2, restarted the machine.
Apple Worldwide Developer Relations Certificate Authority is installed.
Verified resource fork, finder information, or similar detritus not allowed in the app and derived data directory. https://developer.apple.com/library/content/qa/qa1940/_index.html
The project doesn't use CocoaPods.
Tried clearing DerivedData.
Any many more r&d. Any help will be appreciated.
How does your lane look like on your fastfile? Please share it...
My guess;
3 Verified keychain access to private keys by "Allow all applications to access this item". Moved Certificates from login to System with access control to all.
Teamcity is probably not accessing to your certificates and failing.
Try this;
Move certificates back to login from system.
Add following before your gym or whatever fastlane command is building the .ipa. This will let teamcity unlock and access to keychain.
lane :beta do |options|
unlock_keychain(path:"login.keychain", password:"yoursystempassword")
sh "security set-keychain-settings -t 3600 -l ~/Library/Keychains/login.keychain"
gym(scheme: "yourapp", workspace:"probably you dont have a wokrspace so no need")
end

Resources