I prayed to the twin gods of stack overflow and Google for many an hour, but for naught.
I have a dedicated build machine and I'm trying to setup CI on it. Obviously codesign fails to run, as the login keychain is locked.
Created a new keychain and moved the following to it:
iPhone Developer certificate
iOS Developer private key
Developer ID Certification Authority
Apple Worldwide Developer Relations...
Login via ssh to the server.
Run xcodebuild and it fails with Command CodeSign failed with a nonzero exit code
Run security unlock-keychain -p XXXXXX /Users/xxx/Library/Keychains/automation.keychain-db
Run xcodebuild and it still fails with Command CodeSign failed with a nonzero exit code
Run security unlock-keychain -p XXXXXX /Users/xxx/Library/Keychains/login.keychain-db
Run xcodebuild and it now passes successfully. What am I missing? What else should be in the automation keychain that isn't there?
Have you added your keychain to the search list? like
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g)
Related
Im trying to build ci/cd ios App with jenkins using ec2 mac instance of AWS.
I set up all my certificates/private key using the command
security import ./myfile.p12 or security add-certificate
I also added my Provisionning Profile successfully.
The build is running but at the final step Im getting an error during the codesign --force step. I read a lot of question over there but non of the solution provided worked for me..
Error details of the Build
For info: when I run security default-keychain command, I get as the default keychain : /Library/Keychains/System.keychain
And running :
security find-identity -v -p codesigning /Library/Keychains/System.keychain
gaves me result like:
XXXXXXXXXXXXXXXXXXXXX "iPhone Distribution: corp (Land) LTD."
XXXXXXXXXXXXXXXXXXXXX "iPhone Developer: John Doe (XXXXX)"
I already tried to lock/unlock my keychain without success..
Is anyone has an idea how to resolve this issue please ?
After a weeks of research, I just deleted all my certificates form the System.keychain (the corp one and the two of Apple authority - those who expire in 2023 and 2030 ) and reinstall them !
This made the job at the end
I'm trying to build Xcode project with Jenkins. Project for Xcode generated by Unity Engine.
I am able to build this project directly from Xcode GUI, but when trying to build project through Jenkins i'm getting following error at the end of build:
Signing Identity: "iPhone Developer: MyName MySurname (XXXXXXXXXX)"
Provisioning Profile: "iOS Team Provisioning Profile: *"
(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX)
/usr/bin/codesign --force --sign 37DF6AF254E5A4856B1BA024D199DEE3CE596A58 --entitlements /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Unity-iPhone.build/Release-iphoneos/Unity-iPhone.build/myapplication.app.xcent --timestamp=none /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app
/Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app: errSecInternalComponent
Command CodeSign failed with a nonzero exit code
** BUILD FAILED **
The following build commands failed:
CodeSign /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app
(1 failure)
Build step 'Xcode' marked build as failure
Finished: FAILURE
I tried to reproduce following command in terminal, and it woked fine without any errors:
/usr/bin/codesign --force --sign 37DF6AF254E5A4856B1BA024D199DEE3CE596A58 --entitlements /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Unity-iPhone.build/Release-iphoneos/Unity-iPhone.build/myapplication.app.xcent --timestamp=none /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app
It asked me for my password two times(and same password specified in Jenkins job settings for Xcode), and finished without any errors.
Keychain i used to sign project is unlocked with: security unlock-keychain login.keychain
The question is - what could be the reason of following behavior? How can i solve this problem?
Thanks in advance!
Jenkins is SSHing into the box and not receiving access to your keychain. Jenkins needs to unlock the keychain before performing the build. It looks like you already understand how to unlock your keychain via password prompt. You need to have Jenkins perform the unlock without a prompt.
Have Jenkins run the following before your build command:
security unlock-keychain -p <YourPassword> ~/Library/Keychains/login.keychain
If you'd rather not store the password in cleartext script area of your build, Jenkins offers various ways to store secrets and retrieve them as variables. Here's a decent write-up on doing that: https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
Alternatively:
security unlock-keychain -p `cat ~/.file_with_your_password` ~/Library/Keychains/login.keychain
I want to add my certificates and provisioning profile in my Project via Terminal/Using Shell script but I cant able to found any code for it.I also Want to access Keychain Access via code. or can we access Build settings of Xcode Using Commands.
command For install .cer/.p12 file is
security unlock-keychain -p "" ~/Library/Keychains/login.keychain
security import XXX.cer -k ~/Library/Keychains/login.keychain -P "" -T /usr/bin/codesign
and for add Provision Profile
output="~/Library/MobileDevice/Provisioning Profiles/$uuid.mobileprovision"
cp -R "$mp" "$output"
We build ios using xamarin, the build hangs on signing and didn't throw any exception about 2.5 hours
Sign and provision profile is good. What could be?
Target _CodesignAppBundle:
Codesign Task
CodesignAllocate: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoo Entitlements: obj/iPhone/Release/Entitlements.xcent
Resource: bin/iPhone/Release/App.app
ResourceRules: <null>
SigningKey: ECFF24B11990B9BXXXXXXX194A29B83E87776A7B
ExtraArgs: <null>
Tool /usr/bin/codesign execution started with arguments: -v --force --sign ECFF24B11990B9BXXXXXXX194A29B83E87776A7B --entitlements /Users/admin/buildAgent_2/temp/buildTmp/SOURCE/App/obj/iPhone/Release/Entitlements.xcent /Users/admin/buildAgent_2/temp/buildTmp/SOURCE/App/bin/iPhone/Release/App.app
Maybe it requires to unlock the keychain access : a popup waiting for the keychain password is prompted on your server, but you don't see it.
I had to deal with this kind of problem when configuring a Xamarin app on Jenkins CI.
If so, just unlock the keychain with a bash script :
KEYCHAIN=/Users/xxx/Keychains/xxx.keychain
security -v unlock-keychain -p mypassword $KEYCHAIN
Hi there.
I'm trying to configure continuous integration for my iOS app with xcode 5 and OS X Server. I added certificates and p12 to system KeyChain, I also copied provisioning profiles to server folder for profiles.
Integration fails and log shows error message
Short message:
Command /usr/bin/codesign failed with exit code 1
Full message:
CodeSign
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app
cd /Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/source/Moment
setenv CODESIGN_ALLOCATE /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
setenv PATH "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
Using code signing identity "iPhone Distribution: Company Name. (ZX6C5SJYP9)" and provisioning profile "Moment Seller Production"
(E6FC8157-98F3-4A28-BFF3-36EFA6334019)
codesign --force --sign C2F81E886780437B90630A748111D3340DC8EFC8 --resource-rules=/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app/ResourceRules.plist
--entitlements /Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/IntermediateBuildFilesPath/Moment.build/Release-iphoneos/MomentSeller.build/MomentSeller.xcent
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app:
User interaction is not allowed. Command /usr/bin/codesign failed with
exit code 1
** ARCHIVE FAILED **
The following build commands failed: CodeSign
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app
(1 failure)
Any ideas?
Thanks.
I've run into this problem myself. This blog helped me out. http://matt.vlasach.com/xcode-bots-hosted-git-repositories-and-automated-testflight-builds/
As posted by Dominik Kroutvar:
User interaction is not allowed. Command /usr/bin/codesign failed with
exit code 1
This error happens when the following setting is not made manually. As
described in one of the posts above you have to put the mobileprofile
for code signing in the system keychain. The certificate is called
iPhone Distribution:. This distribution certificate must have a
private key! Open the Settings dialog either by double click on the
private key or through the context menu>Get Info. Then go to Access
control and put /usr/bin/codesign in the table. This allows the
codesign application to sign your built application. After that
everything should work without the meaningless codesign error exit
code 1.
As already stated you simply need to run security -v unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN".
Run this before the build and the codesign succeeds.