I have been instructed to transfer the Tomcat / Jenkins installation from an outdated (and now removed in Yosemite) SystemStarter system to run. It starts up and works just fine, as the "build" user, except for one. Part of our build process involves invoking the security command to manipulate the key chain. This does not work as follows:
security: cert import failed: write permissions error
security: problem decoding
If I ssh into the build machine and start Tomcat from the command line, via bin / startup.sh, then the call securitywill not complain. This only complains when I launch Tomcat through launchd. My plist looks like this:
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.apache.tomcat</string>
<key>UserName</key>
<string>builduser</string>
<key>WorkingDirectory</key>
<string>/Users/builduser</string>
<key>Program</key>
<string>/Users/builduser/bin/tomcat.sh</string>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<true/>
</dict>
<key>EnvironmentVariables</key>
<dict>
<key>CATALINA_HOME</key>
<string>/Users/builduser/Tomcat</string>
<key>CATALINA_OPTS</key>
<string>-Djava.awt.headless=true</string>
<key>JAVA_OPTS</key>
<string>-Xmx1024m -XX:MaxPermSize=512m</string>
</dict>
</dict>
</plist>
plist is located in / Library / LaunchDaemons, and tomcat.sh is just a shell that starts tomcat, and then waits for the process to die.