You can use the security command to find the error code. In this case, it says that "user interaction is not allowed." This is typical if you are trying to sign your application through SSH, a script through Jenkins.
security error -25308 Error: 0xFFFF9D24 -25308 User interaction is not allowed.
You need to make a security command to enable code coding of your application through a non-interactive shell:
security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private <your.keychain>
Here is the "complete" Jenkins / SSH friendly script to sign your application:
MY_KEYCHAIN="temp.keychain" MY_KEYCHAIN_PASSWORD="secret" CERT="certificate.p12" CERT_PASSWORD="certificate secret" security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Create temp keychain security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g) # Append temp keychain to the user domain security set-keychain-settings "$MY_KEYCHAIN" # Remove relock timeout security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Unlock keychain security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -T "/usr/bin/codesign" # Add certificate to keychain CERT_IDENTITY=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | sed -e 's/[^"]*"//' -e 's/".*//') # Programmatically derive the identity CERT_UUID=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | awk '{print $2}') # Handy to have UUID (just in case) security set-key-partition-list -S apple-tool:,apple: -s -k $MY_KEYCHAIN_PASSWORD -D "$CERT_IDENTITY" -t private $MY_KEYCHAIN # Enable codesigning from a non user interactive shell ### INSERT BUILD COMMANDS HERE ### security delete-keychain "$MY_KEYCHAIN" # Delete temporary keychain
Stop at Bochun Bai for 3 weeks with Apple support to find a solution to problem -25308 and send it to https://sinofool.net/blog/archives/322
Stephen quan
source share