Geek Answers Handbook

Jenkins XCodeBuild Code Signing Error

[Do not duplicate similar questions as described below]

I get a code signing error when starting XCodeBuild from Jenkins, but it will build ok from the command line or from Xcode.

Some people have had this problem in the past, and a common theme with them is that Jenkins starts up at startup as a daemon user and thus tries to access the system keychain. The solutions people use copy credentials into the system keychain or execute a command to determine which gap to use.

However, in my case, if I look at launchd in the Activity Manager, the user appears as the user that I registered on the machine, since Jenkins should work as this user, and not as a daemon user.

I tried to establish which keychain to use by adding this command to the Jenkins script before running XCodeBuild

security list-keychains -s /Users/[user]/Library/Keychains/login.keychain

But this did not solve the problem.

The error I am getting is:

 Code Sign error: The identity 'iPhone Developer: NNNNN (9TYX5WAM63)' doesn't match any valid, non-expired certificate/private key pair in your keychains"

So, I tried translating the credentials into the system keychain, but now I get this error in Jenkins, but it is still different from the command line:

 Code Sign error: Provisioning profile 'F152C66E-B99A-47F6-B262-376CE4403D71' can't be found

Also, when I transfer credentials to the system keychain, I can no longer build from XCOde - I get the same error as the top error message above.

I also tried editing the org.jenkins-ci.plist file to set the user as the one I registered on the computer, according to this, but this also had no effect.

Lack of certificates and keys in the keychain when using Jenkins / Hudson as a continuous integration for iOS and Mac development

Any ideas what I could try next?

+4
source share
4 answers

I feel for you how the last time we came across it, it was a rather difficult task. We did this when we created the CI server for the project. If I remember correctly (in general), we performed the following steps:

1) Install Jenkins as a developer on your Apple Dev account

2) Created a certificate preparation and developer profile specifically for Jenkins

3) Configure the Jenkins user on the CI server and remove any previous certs / prov profiles from xcode for that user

4) Add the Jenkins certificate to the AD-Hoc Dist Profile (if you are trying to distribute .ipa to HockeyApp, you will need to do this to build the archive.)

5) Go to the xcode project file and delete all existing links to Provisioning Profiles

6) Download and install certificates for this user and the corresponding Prov.

7) Before assembling, unlock the Jenkins user keychain. Do this only if the Jenkins user is not an xcode build user.

Make sure Xcode shows the Prov Profile as valid in the organizer when logging in as a Jenkins user.

I know that my answer is somewhat vague, and I intend to be useful. This type of error is usually caused by one of three things. Xcode can not find profile, Xcode can not find cert or Xcode detected more than one profile (presumably to get another error, but not always) and has a mismatch. Usually re-populating Prov profiles is the least painful decision.

Good luck. You decide that this is just a huge headache!

+5
source

This is probably not the answer you are looking for, but I refused the XCodeBuild plugin for a number of reasons and completed my build using the โ€œRun Shellโ€ step.

You said that your command line build works, so you already know the commands that are required. Just put it in a shell.

 xcodebuild -verbose -alltargets -configuration Debug clean build CODE_SIGN_IDENTITY="${CODE_SIGN_IDENTITY}" PROVISIONING_PROFILE=${PROVISIONING_PROFILE} && /usr/bin/xcrun -sdk iphoneos PackageApplication -v "${WORKSPACE}/client_trunk/build/Debug-iphoneos/${Application}.app" -o "${WORKSPACE}/client_trunk/build/Debug-iphoneos/${Application}-Debug-${shortVer}.${revVer}.ipa" --sign "${CODE_SIGN_IDENTITY}" --embed "/Users/[youruser]/Library/MobileDevice/Provisioning Profiles/${PROVISIONING_PROFILE}.mobileprovision"

Above, ${CODE_SIGN_IDENTITY} is the one that looks like iPhone Developer: blah
And ${PROVISIONING_PROFILE} is the hexadecimal number for the profile type F152C66E-B99A-47F6-B262-376CE4403D71

+2
source

Using Jenkins, I got this error:

 /Users/Shared/Jenkins/Home/jobs/ExampleTabbed-Integration/workspace/build/Debug-iphoneos/ExamplesTabbed.app: User interaction is not allowed.

The error of the command / usr / bin / codesign with exit code 1

I fixed this by following these steps:

  • Add build step before Xcode step (jenkins).

  • Add the following to the execute command:

    security key-keychain -p "passwordhere" $ {HOME} /Library/Keychains/login.keychain

  • In the Xcode configuration (via the plugin), I use the following:

    • Unlock Keychaing? (Removed)
    • Keychain path: $ {HOME} /Library/Keychains/login.keychain
    • Keychain Password: (blank)

One could remove the preliminary step and use the actual xcode configuration for this, but it works as described without problems.

Please note that this is not yet taken into account with a more secure solution, but this was my solution to the problem with xcode subscription. I work on OSX with the Jenkins installer and run as the launchctl command used by the default installation of the Jenkins installer. If it helps.

0
source

Follow the instructions on the Xcode plugin homepage :

If this message does not appear on the build machine, you can make it appear by running a command with codes that failed from the terminal on the build machine: / usr / bin / codesign --force --sign "iPhone distribution: .....

Run an unsuccessful signature command from the terminal as a Jenkins user and select "Always allow"

0
source

More articles:


All Articles