I am facing signing issue once i try to build the project from TFS build Definition. Few Days back Private key .pfx was got expired & dll's are not getting digitally signed through build tempplate. Getting this error.
SignTool Error: The signer's certificate is not valid for signing.
SignTool Error: An error occurred while attempting to sign:
Code Signing failed for DLL Path..
Although i have received new private key & have installed this at build server but still getting error. however through command line i can do digitally sign. But using build definition at build server it's failing & build is getting partially succeeded.
Can anyone help me to tell about the location at build server where we can update the private key so that it's get signed through build template.
Please suggest your thoughts.
Thanks,
Related
I want to publish an update of my NativeScript app into AppStore. Until yesterday the following steps worked:
move into app directory (from Terminal)
execute tns publish ios
enter valid e-mail & password combination
Now I need to do another update, but I keep getting the following error:
=== BUILD TARGET HandyApp OF PROJECT HandyApp WITH CONFIGURATION Release ===
Check dependencies
Code Sign error: No matching provisioning profiles found: No provisioning profiles matching an applicable signing identity were found.
** ARCHIVE FAILED **
The following build commands failed:
Check dependencies
(1 failure)
Command xcodebuild failed with exit code 65
# publish ios
I am working under Xcode 7.3. I checked my iPhone Developer certificate in Xcode and in my keychain, it is active and not expired. The Provisioning Profile is shown in Xcode. I ensured to use the certificate that is saved in apple.developer.com (by downloading it and replacing the old one in that directory).
I got:
my .mobileprovision
my .cer
my .p12
everything in the same directory.
Still there seems something not to be matching. I just can't figure out what might be running wrong. Does anyone know what else I could try to get it working?
I am trying to build a Xamarin iOS app using xbuild on Jenkins. Sometimes the build fails during the codesigning process with an unknown error -1=ffffffffffffffff and sometimes the build succeeds. The provisioning profile is stored in a separate keychain jenkins.keychain (not the system or login keychain) that is referenced by Jenkins through the Keychains and Provisioning Profiles Plugin.
This is the console log of Jenkins:
Target _CodesignAppBundle:
Codesign Task
CodesignAllocate: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
DisableTimestamp: False
Entitlements: obj/iPhone/In-House/Entitlements.xcent
Keychain: <null>
Resources:
bin/iPhone/In-House/MyApp.app
ResourceRules: <null>
SigningKey: 123
ExtraArgs: <null>
IsAppExtension: False
Tool /usr/bin/codesign execution started with arguments: -v --force --sign 123 --entitlements /private/var/lib/jenkins/workspace/Master/Apps/iOS/obj/iPhone/In-House/Entitlements.xcent /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app
bin/iPhone/In-House/MyApp.app: error : /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: replacing existing signature
/private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: unknown error -1=ffffffffffffffff
Task "Codesign" execution -- FAILED
Done building target "_CodesignAppBundle" in project "/private/var/lib/jenkins/workspace/Master/Apps/iOS/MyApp.csproj".-- FAILED
As suggested in Codesign returned unknown error -1=ffffffffffffffff I added set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PW} ${KEYCHAIN_PATH} to my build script but it did not fix the issue.
Do you have any idea how to address this issue? Why is there an existing signature to be replaced?
Update 1 - We keep getting the error after:
switching from xbuild to msbuild version 15.3.0.0
setting jenkins keychain to "Allow all applications to access this item"
deleting the derived data folder
not using relative paths for security commands
A similar problem is described in the Apple forum.
What fixed the issue:
The keychain filename extension changed from *.keychain to *.keychain-db on macOS Sierra. The code signing error was caused by referencing the old keychain file while we were editing in fact the jenkins.keychain-db file containing updated certificates. Keychains with the new extension are rejected from the upload with Jenkins' keychain plugin. So we do not use the keychain plugin any longer and store the signing certificates inside the login.keychain-db. With this we can successfully build the app without the unknown error.
My resolution to this problem was ensuring that the Mac had proper permissions to use the new certificate. I was getting this code signing issue when trying to run a Jenkins job, but things ran properly on my local machine. When I tried manually code signing one of the Swift libraries (e.g. libswiftos.dylib), the Mac then asked for a password to be able to use the new certificate. Once I did that, the Jenkins job ran successfully.
Restarting the Mac could Fix the issue
Jenkins grab my source from git and compile and generate a build is working fine. But when I run the Crashlytics command in Execute Shell to submit the build to Crashlytics Beta, it failed.
Error I received:
2016-06-02 13:52:05.232 submit Crashlytics: Crashlytics.framework/submit
1.3.5 (17)
2016-06-02 13:52:07.405 submit Crashlytics: Unable to package source due to
error: Error Domain=CLSIPABuilderErrorDomain Code=-6 "(null)" UserInfo=
{UnderlyingError=Error Domain=CLSCodeSignerErrorDomain Code=-2 "(null)"
UserInfo={arguments=(
"--sign",
B0DC1AA9228E7CB89E7ACE1576AEF3B1EC166012,
"--all-architectures",
"--force",
"--entitlements",
"/var/folders/k5/656qxxbs6854_mdjb53j2gp80000gn/T/com.crashlytics.ipas/991D8904-72CA-4B9C-A9D7-377F9D8420FF/Payload/entitlements.xml",
"/var/folders/k5/656qxxbs6854_mdjb53j2gp80000gn/T/com.crashlytics.ipas/991D8904-72CA-4B9C-A9D7-377F9D8420FF/Payload/elevenstreet.app"
), environment={
"CODESIGN_ALLOCATE" = "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate";
}, status=1, stderr=B0DC1AA9228E7CB89E7ACE1576AEF3B1EC166012: no identity found
, command=/usr/bin/codesign, stdout=}, SourcePath=/var/folders/k5/656qxxbs6854_mdjb53j2gp80000gn/T/com.crashlytics.ipas/991D8904-72CA-4B9C-A9D7-377F9D8420FF}
2016-06-02 13:52:07.452 submit Crashlytics: Failed to prepare the binary for release
Build step 'Execute shell' marked build as failure
Archiving artifacts
Finished: FAILURE
Shell code is from its doc.
Not sure where it goes wrong. Please help.
Without changing anything on Keychain and distribution cert, and settings on Jenkins and Xcode Integration plugins, delete the existing Jenkins project and make a new one and re-assign all the settings and everything works.
Things to take note:
Make sure to have latest version of Crashlytics and Fabrics frameworks.
Make sure distribution cert in in your Keychain.
In Jenkins, in Xcode Integration plugin, under Code signing & OS X keychain options, make sure your Code Signing Identity is your certificate name (exactly the name of your distribution cert), and you can left Embedded Profile blank for it to point to the default location.
Tick Unlock Keychain option, and it will expand its panel. Make sure the path of Keychain is correct. Default is /Users/jenkins/Library/Keychains/.keychain, and the password. Default password would be your password that you use to sign in into your computer.
And Lastly, the Crashlytics command:
${WORKSPACE}/Pods/Crashlytics/Crashlytics.framework/submit <API Key> <Build Secret Key> -ipaPath ${WORKSPACE}/ipa-dir/<project_name>-${BUILD_ID}.ipa -emails <your_email> -notifications YES
I am trying to implement Jenkins CI to generate build for iOS. I have latest Xcode 7.1 installed and ipa is getting generated without error. While trying to install the ipa through download link I am getting an error saying "Cannot install this time". Also I tried to install the same through iTunes, but getting an error saying "1 item could not be synced" and iTunes showing an error saying "The app "xxxxx" was not installed on the iPhone "xxxxxx" because an unknown error occurred (0xE8000005)".
Code signing certificate & provisioning profiles are proper and I am able to install the ipa generated from XCode.
Any help would be appreciated. Thanks :)
I was facing the same issue. Using Jenkins 2.5 and Xcode 7.3.1. Jenkins successfully build iOS app packaged the ipa, but the ipa did not install on the iPhone neither with iTunes nor when downloaded from TestFairy. Getting the same error "The app "xxxxx" was not installed on the iPhone "xxxxxx" because an unknown error occurred (0xE8000005)".
In the Jenkins logs I noticed following:
22:03:10 ### Checking original app
22:03:10 + /usr/bin/codesign --verify -vvvv /Users/jenkins/.jenkins/workspace/app-ios-build-job/build/MyAppProd.app
22:03:10 Program /usr/bin/codesign returned 1 : [/Users/jenkins/.jenkins/workspace/app-ios-build-job/build/MyAppProd.app: a sealed resource is missing or invalid
22:03:10 file added: /Users/jenkins/.jenkins/workspace/app-ios-build-job/build/MyAppProd.app/MyAppProd.app
22:03:10 ]
22:03:10 Codesign check fails : /Users/jenkins/.jenkins/workspace/app-ios-build-job/build/MyAppProd.app: a sealed resource is missing or invalid
22:03:10 file added: /Users/jenkins/.jenkins/workspace/app-ios-build-job/build/MyAppProd.app/MyAppProd.app
22:03:10
22:03:10 Done checking the original app
On further search found the answer posted by bladebunny at https://github.com/Carthage/Carthage/issues/782
Issue turned out to be duplicate package commands on Jenkins that resulted in the app being signed twice -- and then causing install to fail. Solution was to change Jenkins Xcode plugin settings. Under the 'General Build Settings' - we found you can't check both "Generate Archive" and "Pack application and build .ipa?" settings. The plugin issues log seems to suggest the former setting is being deprecated. We use the latter setting and are now able to successfully deploy the app with our custom dynamic framework.
The above fix worked for me.
I got an issue with Xcode's Bot. It always returns the "User canceled the operation. Command /usr/bin/codesign failed with exit code 1" error string after running the command below:
/usr/bin/codesign --force --sign <MY_PRIVATE_KEY> --entitlements /Library/Developer/XcodeServer/Integrations/Caches/2cdd321641e8c114e4eba9819b017479/DerivedData/Build/Intermediates/MyApp.build/Debug-iphoneos/MyApp.build/MyApp.app.xcent /Library/Developer/XcodeServer/Integrations/Caches/2cdd321641e8c114e4eba9819b017479/DerivedData/Build/Products/Debug-iphoneos/MyApp.app
I can run this command in Terminal with sudo. I'm using Xcode 6.3.1 and OS X Server 4.1.53 in my Mac 10.10.4.
Thank for your help.
This looks like a code signing error. There are a few different reasons for this to happen so you will need to do some troubleshooting. Can other bots build on your server? If so then its probably a build settings issue in this specific project.
In the Xcode Project go to the Project Target that your trying to build, and then Build Settings, and Code Signing. Under the Provisioning Profile you can either choose Automatic or explicitly choose the correct provision, and then under the Code Signing Identity choose iOS Developer. This is probably where your issue is if its related to the project. Do you have a proper provision setup for the project on the Apple Developer Portal?
If you can't get any bots to run on your server then the issue could be with how you set up Xcode Server. Have you added the server to your team? Here is the blog post that I used to get mine up and running, although you don't need to do all of those steps in the post. Focus specifically on the Setup Certificates section and Setup Provisioning Profiles section.
I fixed the issue by copying the missing provisioning file from my local directory "/Users/phuongle/Library/MobileDevice/Provisioning Profiles" to "/Library/Developer/XcodeServer/ProvisioningProfiles". Do not use the downloaded provisioning file from developer.apple.com directly.
I just want to note here for everyone having the same issue with me.