I'm trying to build a Xamarin Touch project from a Jenkins build it fails at the code signing phase.
My certificates and keys are in the System keychain so should be accessible to Jenkins. I have no code signing issues when I build the project:
Using Xamarin Studio.
Using /bin/bash and xbuild logged in as the Jenkins user.
Using /bin/sh and xbuild logged in as the Jenkins user.
The only time the code signing issue is seen is when the Jenkins build itself.
The error is "User interaction is not allowed", I'm at a loss as to explain what is going wrong for the Jenkins build when everything is working as the Jenkins user when I run the same command from a shell.
You could try importing your credentials in the Jenkins credentials area.
from here:
Allowing Jenkins to stage developer profile This plugin builds on top
of Credentials Plugin to allow you to store your Apple Developer
Profile (*.developerprofile) file. This file contains a code signing
private key, corresponding developer/distribution certificates, and
mobile provisioning profiles. You can create this file from your
XCode.
To upload the developer profile into Jenkins, go to "Manage
Credentials" in the system configuration page, and select "Apple
Developer Profile" from the "Add" button. See Credentials Plugin for
further details.
To use this profile for signing, add "Import developer profile" as a
build step before you run xcode, and select the developer profile to
import into the build machine. This build step will install the
developer profile into the slave's keychain.
So it turns out my problem was that my code signing keys were still in the login keychain as well as the system keychain.
I'm guessing this meant the build saw the keys in the login keychain first but then failed because that wasn't unlocked.
Once I deleted them from the login keychain, so they were only in the system keychain, it started working.
I'm still not sure why this was only a problem from within Jenkins as everything was working fine using a shell logged in as Jenkins.
Related
I have a pipeline that builds an ipa and an xcarchive. Currently, I have to download the xcarchive onto my Mac and open it, distribute the app and sign it using codesign. Ideally, I would like to achieve this in an Azure Devops Pipeline. Is there an easy way to distribute the xcarchive, grab the ipa, sign it and publish the ipa to the pipeline artifact?
If you want to sign app in Azure Pipelines, you could try with the Signing and provisioning options in Xcode pipeline task.
First, you could store your Apple certificate and Provisioning Profile as the secure files in Azure DevOps.
Then, you could use the Install Apple Certificate and Install Apple Provisioning Profile tasks install them from the secure files and make them available to Xcode during a build.
When you use Xcode task, please fill the inputs for Signing and provisioning options, such as selecting the signingoptions and other details. Meanwhile, the Xcode task also helps you build the project.
After that, you could publish the build output to your pipeline artifact.
Jenkins cannot find our recently updated provisioning profiles and after trying every known solution I'm running out of ideas what could be wrong.
Build jobs fail with error:
No profile matching 'xxxxx' found: Xcode couldn't find a profile
matching 'xxxxx'.
The build server is a Mac, running Xcode 8 and we're using Jenkins with the Xcode plugin.
Building and signing with Xcode 8 directly on the same machine is successful and I installed all the required profiles by double-clicking them.
Does anyone know any workable solution to fix this issue?
Put your provisioning profiles under
User/Shared/Jenkins/Library/Mobile Device/Provisioning Profiles.
You have to create manually folder under Library folder.
And make sure that your Distribution certificate is in "System" tab in keychain Access. If not then copy from "Login" tab and paste under "System" tab.
The fix for myself was giving the jenkins user proper permissions for the ~/Library/MobileDevice folder and the ~/Library/MobileDevice/Provisioning\ Profile.
Otherwise the jenkins user can't read from the provisioning file folder.
I am trying to build project on another mac,not the one on which I'm developing.And I chose Jenkins to help with it.
I have seen similar questions,but my situation seems different.
Below is the log from Jenkins console:
something has been done before:
export the profile from organizer of the old one and import to the new one.
copy the keys from keychain and copy to the new Mac's keychain,including system.
specify the name of provisioning profile in the project.
I'm not sure if anyone has seen the same thing,but if anyone does,please kindly show me some tips to overcome this,thanks.
The steps you included are for copying/replacing certificates and identities. Provisioning profiles are different.
The provisioning profiles are located under ~/Library/MobileDevice/Provisioning Profiles. Please note these have to be available for the user under which Jenkins is running.
Locate the provisioning profile on your old machine, and copy it to the new. The provisioning profile has a filename <UUID>.mobileprovision. The UUID is the number you see in your error message
Alternatively, launching Xcode on the new machine, and letting it sync with all latest profiles would work too, as long as your run it with Jenkins' user.
Trying to setup jenkins for AdHoc Distribution, tried by using homebrew, mountain lion with xcode 5.
Also tried using Jenkins App
Following is the error returned by jenkins
Code Sign error: No codesigning identities found: No codesigning identities (i.e. certificate and private key pairs)
that match the provisioning profile specified in your build settings (‚xxxxxxx) were found.
Project is getting successfully build using command line and in jenkins if I try for iPhone simulator then also its working fine.
I would like to know any tutorial by which it will be easy to setup jenkins and also please let me know any specific steps needed to give access to keychains.
any help really appreciated.
The core reason is Jenkins is running as daemon mode in Mac, just assume it is a different user - "Jenkins", so it will not have access to the keychain or provision profile as a you login using your credentials, which cause the code signing issue.
I found I have following 2 errors
"Code Sign error: There are no valid certificate/private key pairs in the default keychain"
Solution: Copy your iPhone developer certificate from "login" keychain to "System" keychain.
Detailed steps:
open the "Keychain Access" application, click the login tab, right click the certificate like "iPhone Developer: your_name (XXXXXXX)", choose copy, then click the "System" tab, right click mouse, choose "Paste 2 items"; you might need to do the same thing with the certificate like "iPhone Distribution: your_name".
After doing this, you will get the second error.
"Code Sign error: Provisioning profile 'xxxxx-xxxx-xxxx-xxxxx' can't be found"
Solution: Copy the provision profile to Jenkins user folder.
The provision profile is under in the folder
/YourUserName/Library/MobileDevice/Provisioning Profiles,
for example in my machine, the provision profile files are under /Users/steve/Library/MobileDevice/Provisioning Profiles
In the mac, the Jenkins will be in /Users/Shared/Jenkins, create the following folder:
/Users/Shared/Jenkins/Library/MobileDevice/Provisioning Profile, then copy the .mobileprovision file to this folder.
After doing this, the code signing issues will be fixed. Hope my finding will be helpful to other Jenkins users.
Ref: http://code-dojo.blogspot.com/2012/09/fix-ios-code-signing-issue-when-using.html
Credit: Steve Zhang
I have successfully installed Jenkins CI. It uses it's own user jenkins for build operations.
I'd set up build steps. When Jenkins tried to build project for iOS devices, error appeared:
ERROR: No valid iPhone code signing keys found in keychain.
Seems like jenkins user account doesn't have keys and certificates in keychain, which my basic user account have. How to grant jenkins user access to my keychain entities?
Note: seems like for Xcode native projects code signing problem was solved via Xcode plugin.
You can copy your user's certificates to the system certificate. The Jenkins user will then be able to see those certificates. See this answer https://stackoverflow.com/a/9477067/1131820