I'm receiving the error below while trying to build my iOS app. This error only occurs while building for the Release configuration. Also, I'm using CocoaPods for my third-party dependencies and these builds are running on Jenkins through SSH.
SecKey API returned: -25308, (null)/Users/iosbuilder/Library/Developer/Xcode/DerivedData/*/Build/Intermediates/ArchiveIntermediates/Production/InstallationBuildProductsLocation/Applications/*.app/Frameworks/AFNetworking.framework:
unknown error -1=ffffffffffffffff
Command /bin/sh failed with exit code 1
I've tried unlocking the keychain on the build server to make sure there isn't a UI block for keychain permissions, but the issue still persists...
Any idea why this is occurring and how I might fix the issue?
It is a keychain access issue. Solution is Here
With the code in the link you can try to execute that in shell on the build config of the project
You can use the security command to lookup the error code.
In this case, it says "User interaction not allowed".
This is typical if you're trying to sign your app via SSH, script of through Jenkins.
security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.
You need to do a security command to enable codesigning of your application through a non interactive shell:
security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private <your.keychain>
Here is a "complete" Jenkins / SSH friendly script to signing your app:
MY_KEYCHAIN="temp.keychain"
MY_KEYCHAIN_PASSWORD="secret"
CERT="certificate.p12"
CERT_PASSWORD="certificate secret"
security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Create temp keychain
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g) # Append temp keychain to the user domain
security set-keychain-settings "$MY_KEYCHAIN" # Remove relock timeout
security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Unlock keychain
security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -T "/usr/bin/codesign" # Add certificate to keychain
CERT_IDENTITY=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | sed -e 's/[^"]*"//' -e 's/".*//') # Programmatically derive the identity
CERT_UUID=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | awk '{print $2}') # Handy to have UUID (just in case)
security set-key-partition-list -S apple-tool:,apple: -s -k $MY_KEYCHAIN_PASSWORD -D "$CERT_IDENTITY" -t private $MY_KEYCHAIN # Enable codesigning from a non user interactive shell
### INSERT BUILD COMMANDS HERE ###
security delete-keychain "$MY_KEYCHAIN" # Delete temporary keychain
Shout out to Bochun Bai for spending 3 weeks with Apple support to finding the solution to the -25308 issue and posting it to https://sinofool.net/blog/archives/322
Just restarted my machine. And it worked.
Related
I'm following up this doc for github actions using fastlane.
As per doc's example, I tried
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
security import $DEV_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
But in logs i'm getting this
▸ security: SecKeychainItemImport: Unknown format in import.
▸ security: SecKeychainItemImport: Unknown format in import.
Hence I'm getting this error:
No signing certificate "iOS Development" found: No "iOS Development"
signing certificate matching team ID "XXXXXXXXX" with a private key
was found. (in target 'MyCICDAppDemo' from project
'MyCICDAppDemo')
Let me know what is wrong.
P.S.: Using manual code signin in xcode. And not want to try with match, sigh etc.
I am using Travis CI to automatise deploy process of my macos application.
So I have selected to run OSX Mojave 10.14 on travis VM.
In order to sign my application I have created custom keychain using these lines:
security create-keychain -p "password" $KEYCHAIN
security default-keychain -s $KEYCHAIN
security unlock-keychain -p "password" $KEYCHAIN
security import ${CERTIFICATE} -k ~/Library/Keychains/${KEYCHAIN} -P $PASS -A /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple: -s -k "password" $KEYCHAIN
However when I reach sign stage build hangs and I always see same error as output:
No output has been received in the last 10m0s, this potentially indicates a stalled build or something wrong with the build itself.
Check the details on how to adjust your build configuration on: https://docs.travis-ci.com/user/common-build-problems/#Build-times-out-because-no-output-was-received
Has someone seen this error?
Could someone help me to understand what is going on? Or at least to tell me how to debug to see the problem. I have read that could be related to the fact that system is waiting for user to enter password but according to some post I have read line security-set-key-partition ... should fix that
Any clue?
Thanks in advance
your last line should read
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "password" $KEYCHAIN
as answered here https://stackoverflow.com/a/40870033/1972627
hope that helps 🙂
▸ Check Dependencies
❌ Code Sign error: No code signing identities found: No valid signing identities (i.e. certificate and private key pair) were found.
I'm configuring Keychains in the following way:
security create-keychain -p travis ios-build.keychain
# Make the custom keychain default, so xcodebuild will use it for signing
security default-keychain -s ios-build.keychain
# Unlock the keychain
security unlock-keychain -p travis ios-build.keychain
# Set keychain timeout to 1 hour for long builds
security set-keychain-settings -t 3600 -l ~/Library/Keychains/ios-build.keychain
# Add certificates to keychain and allow codesign to access them
security import scripts/certs/apple.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
# security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import scripts/certs/distribution.p12 -k ~/Library/Keychains/ios-build.keychain -P {pass} -T /usr/bin/codesign
echo "list keychains: "
security list-keychains
echo " ****** "
echo "find indentities keychains: "
security find-identity -p codesigning ~/Library/Keychains/ios-build.keychain
echo " ****** "
# Put the provisioning profile in place
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp "scripts/certs/AdHoc.mobileprovision" ~/Library/MobileDevice/Provisioning\ Profiles/
cp "scripts/certs/AppStore.mobileprovision" ~/Library/MobileDevice/Provisioning\ Profiles/
Have someone ideas how to fix it?
Line:
# security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
Doesn't affect for result.
It's perfectly working script. Problem was in another thing in Travis CI.
But it needs uncomment line:
security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
.travis.yml is validated
Travis CI is build succeeded.
Xcode 7.1.1, Mac OSX El Capitan 10.11 Beta
fir:http://fir.im
Do these progress from : https://www.objc.io/issues/6-build-tools/travis-ci/#encrypt-certificates-and-profiles
** BUILD SUCCEEDED **
Then I try to deploy to fir,I received from Travis CI:
/Users/travis/build.sh: line 41: ./scripts/sign-and-upload.sh: Permission denied
I thought the file "sign-and-upload.sh" isn't been permission. So I give these files appropriate permissions:
before_install:
- chmod +x scripts/add-key.sh
- chmod +x scripts/remove-key.sh
But it still failed.
This is the add-key.sh:
#!/bin/sh
security create-keychain -p travis ios-build.keychain
security default-keychain -s ios-build.keychain
security unlock-keychain -p travis ios-build.keychain
security set-keychain-settings -t 3600 -l ~/Library/Keychains/ios-build.keychain
security import ./scripts/certs/apple.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import ./scripts/certs/dist.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import ./scripts/certs/dist.p12 -k ~/Library/Keychains/ios-build.keychain -P 123 -T /usr/bin/codesign
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp ./scripts/profile/$PROFILE_NAME.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/
You are right that sign-and-upload.sh needs execute permission. But your response was to change some different files! You need to add
- chmod +x scripts/sign-and-upload.sh
I'm trying to build app via jenkins, but this is the line where it crashes:
[ios] $ /usr/bin/security list-keychains -s /Users/admin/Library/Keychains/login.keychain
[ios] $ /usr/bin/security default-keychain -d user -s /Users/admin/Library/Keychains/login.keychain
Will not set default: file /Users/admin/Library/Keychains/login.keychain does not exist
security: SecKeychainSetDomainDefault user: write permissions error
[ios] $ /usr/bin/security unlock-keychain -p ******** /Users/admin/Library/Keychains/login.keychain
security: SecKeychainUnlock /Users/admin/Library/Keychains/login.keychain: write permissions error
FATAL: Unable to unlock the keychain.
Weird thing is that it shows that this file doesn't exists - it is probably because of permissions to file, but I was unlocking this keychain in Keychain manager.
When I changed path to login.keychain ( after importing it ):
Cleaning build directory: /Users/Shared/Jenkins/Home/workspace/iOS-build/platforms/ios/build/Debug-iphoneos
[ios] $ /usr/bin/security list-keychains -s /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
[ios] $ /usr/bin/security default-keychain -d user -s /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
[ios] $ /usr/bin/security unlock-keychain -p ******** /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
[ios] $ /usr/bin/security show-keychain-info /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
Keychain "/Users/Shared/Jenkins/Home/Library/Keychains/login.keychain" no-timeout
===========================================================
== Available provisioning profiles
[ios] $ /usr/bin/security find-identity -p codesigning -v
0 valid identities found
And it ends with this error:
Code Sign error: No matching provisioning profile found: Your build settings specify a provisioning profile with the UUID “xxxx”, however, no such provisioning profile was found.
Of course under Xcode everything works just fine..