Develop Reference

jenkins codesign : Frameworks/OpenSSL.framework: errSecInternalComponent - Command PhaseScriptExecution failed with a nonzero exit code

Im trying to build ci/cd ios App with jenkins using ec2 mac instance of AWS.
I set up all my certificates/private key using the command
security import ./myfile.p12 or security add-certificate
I also added my Provisionning Profile successfully.
The build is running but at the final step Im getting an error during the codesign --force step. I read a lot of question over there but non of the solution provided worked for me..
Error details of the Build
For info: when I run security default-keychain command, I get as the default keychain : /Library/Keychains/System.keychain
And running :
security find-identity -v -p codesigning /Library/Keychains/System.keychain
gaves me result like:
XXXXXXXXXXXXXXXXXXXXX "iPhone Distribution: corp (Land) LTD."
XXXXXXXXXXXXXXXXXXXXX "iPhone Developer: John Doe (XXXXX)"
I already tried to lock/unlock my keychain without success..
Is anyone has an idea how to resolve this issue please ?

After a weeks of research, I just deleted all my certificates form the System.keychain (the corp one and the two of Apple authority - those who expire in 2023 and 2030 ) and reinstall them !
This made the job at the end

CodeSign with non-login keychain

I prayed to the twin gods of stack overflow and Google for many an hour, but for naught.
I have a dedicated build machine and I'm trying to setup CI on it. Obviously codesign fails to run, as the login keychain is locked.
Created a new keychain and moved the following to it:
iPhone Developer certificate
iOS Developer private key
Developer ID Certification Authority
Apple Worldwide Developer Relations...
Login via ssh to the server.
Run xcodebuild and it fails with Command CodeSign failed with a nonzero exit code
Run security unlock-keychain -p XXXXXX /Users/xxx/Library/Keychains/automation.keychain-db
Run xcodebuild and it still fails with Command CodeSign failed with a nonzero exit code
Run security unlock-keychain -p XXXXXX /Users/xxx/Library/Keychains/login.keychain-db
Run xcodebuild and it now passes successfully. What am I missing? What else should be in the automation keychain that isn't there?

Have you added your keychain to the search list? like
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g)

Building Xcode project with Jenkins gives codesign error

I'm trying to build Xcode project with Jenkins. Project for Xcode generated by Unity Engine.
I am able to build this project directly from Xcode GUI, but when trying to build project through Jenkins i'm getting following error at the end of build:
Signing Identity: "iPhone Developer: MyName MySurname (XXXXXXXXXX)"
Provisioning Profile: "iOS Team Provisioning Profile: *"
(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX)
/usr/bin/codesign --force --sign 37DF6AF254E5A4856B1BA024D199DEE3CE596A58 --entitlements /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Unity-iPhone.build/Release-iphoneos/Unity-iPhone.build/myapplication.app.xcent --timestamp=none /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app
/Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app: errSecInternalComponent
Command CodeSign failed with a nonzero exit code
** BUILD FAILED **
The following build commands failed:
CodeSign /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app
(1 failure)
Build step 'Xcode' marked build as failure
Finished: FAILURE
I tried to reproduce following command in terminal, and it woked fine without any errors:
/usr/bin/codesign --force --sign 37DF6AF254E5A4856B1BA024D199DEE3CE596A58 --entitlements /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Unity-iPhone.build/Release-iphoneos/Unity-iPhone.build/myapplication.app.xcent --timestamp=none /Users/Shared/Jenkins/Home/workspace/Xcode_Input/build/Release-iphoneos/myapplication.app
It asked me for my password two times(and same password specified in Jenkins job settings for Xcode), and finished without any errors.
Keychain i used to sign project is unlocked with: security unlock-keychain login.keychain
The question is - what could be the reason of following behavior? How can i solve this problem?
Thanks in advance!

Jenkins is SSHing into the box and not receiving access to your keychain. Jenkins needs to unlock the keychain before performing the build. It looks like you already understand how to unlock your keychain via password prompt. You need to have Jenkins perform the unlock without a prompt.
Have Jenkins run the following before your build command:
security unlock-keychain -p <YourPassword> ~/Library/Keychains/login.keychain
If you'd rather not store the password in cleartext script area of your build, Jenkins offers various ways to store secrets and retrieve them as variables. Here's a decent write-up on doing that: https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
Alternatively:
security unlock-keychain -p `cat ~/.file_with_your_password` ~/Library/Keychains/login.keychain

Codesign returns unknown error after "replacing existing signature"

I am trying to build a Xamarin iOS app using xbuild on Jenkins. Sometimes the build fails during the codesigning process with an unknown error -1=ffffffffffffffff and sometimes the build succeeds. The provisioning profile is stored in a separate keychain jenkins.keychain (not the system or login keychain) that is referenced by Jenkins through the Keychains and Provisioning Profiles Plugin.
This is the console log of Jenkins:
Target _CodesignAppBundle:
Codesign Task
CodesignAllocate: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
DisableTimestamp: False
Entitlements: obj/iPhone/In-House/Entitlements.xcent
Keychain: <null>
Resources:
bin/iPhone/In-House/MyApp.app
ResourceRules: <null>
SigningKey: 123
ExtraArgs: <null>
IsAppExtension: False
Tool /usr/bin/codesign execution started with arguments: -v --force --sign 123 --entitlements /private/var/lib/jenkins/workspace/Master/Apps/iOS/obj/iPhone/In-House/Entitlements.xcent /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app
bin/iPhone/In-House/MyApp.app: error : /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: replacing existing signature
/private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: unknown error -1=ffffffffffffffff
Task "Codesign" execution -- FAILED
Done building target "_CodesignAppBundle" in project "/private/var/lib/jenkins/workspace/Master/Apps/iOS/MyApp.csproj".-- FAILED
As suggested in Codesign returned unknown error -1=ffffffffffffffff I added set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PW} ${KEYCHAIN_PATH} to my build script but it did not fix the issue.
Do you have any idea how to address this issue? Why is there an existing signature to be replaced?
Update 1 - We keep getting the error after:
switching from xbuild to msbuild version 15.3.0.0
setting jenkins keychain to "Allow all applications to access this item"
deleting the derived data folder
not using relative paths for security commands
A similar problem is described in the Apple forum.

What fixed the issue:
The keychain filename extension changed from *.keychain to *.keychain-db on macOS Sierra. The code signing error was caused by referencing the old keychain file while we were editing in fact the jenkins.keychain-db file containing updated certificates. Keychains with the new extension are rejected from the upload with Jenkins' keychain plugin. So we do not use the keychain plugin any longer and store the signing certificates inside the login.keychain-db. With this we can successfully build the app without the unknown error.

My resolution to this problem was ensuring that the Mac had proper permissions to use the new certificate. I was getting this code signing issue when trying to run a Jenkins job, but things ran properly on my local machine. When I tried manually code signing one of the Swift libraries (e.g. libswiftos.dylib), the Mac then asked for a password to be able to use the new certificate. Once I did that, the Jenkins job ran successfully.

Restarting the Mac could Fix the issue

Xcode 5 continuous integration CodeSign fail

Hi there.
I'm trying to configure continuous integration for my iOS app with xcode 5 and OS X Server. I added certificates and p12 to system KeyChain, I also copied provisioning profiles to server folder for profiles.
Integration fails and log shows error message
Short message:
Command /usr/bin/codesign failed with exit code 1
Full message:
CodeSign
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app
cd /Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/source/Moment
setenv CODESIGN_ALLOCATE /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
setenv PATH "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
Using code signing identity "iPhone Distribution: Company Name. (ZX6C5SJYP9)" and provisioning profile "Moment Seller Production"
(E6FC8157-98F3-4A28-BFF3-36EFA6334019)
codesign --force --sign C2F81E886780437B90630A748111D3340DC8EFC8 --resource-rules=/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app/ResourceRules.plist
--entitlements /Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/IntermediateBuildFilesPath/Moment.build/Release-iphoneos/MomentSeller.build/MomentSeller.xcent
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app:
User interaction is not allowed. Command /usr/bin/codesign failed with
exit code 1
** ARCHIVE FAILED **
The following build commands failed: CodeSign
/Library/Server/Xcode/Data/BotRuns/Cache/c60acccd-d128-d128-b0e3-070a65bdd9dc/DerivedData/Build/Intermediates/ArchiveIntermediates/MomentSeller/InstallationBuildProductsLocation/Applications/MomentSeller.app
(1 failure)
Any ideas?
Thanks.

I've run into this problem myself. This blog helped me out. http://matt.vlasach.com/xcode-bots-hosted-git-repositories-and-automated-testflight-builds/
As posted by Dominik Kroutvar:
User interaction is not allowed. Command /usr/bin/codesign failed with
exit code 1
This error happens when the following setting is not made manually. As
described in one of the posts above you have to put the mobileprofile
for code signing in the system keychain. The certificate is called
iPhone Distribution:. This distribution certificate must have a
private key! Open the Settings dialog either by double click on the
private key or through the context menu>Get Info. Then go to Access
control and put /usr/bin/codesign in the table. This allows the
codesign application to sign your built application. After that
everything should work without the meaningless codesign error exit
code 1.

As already stated you simply need to run security -v unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN".
Run this before the build and the codesign succeeds.