问题
I am trying to run an automated xcodebuild on Jenkins, but I am running into the error
User interaction is not allowed. Command /usr/bin/codesign failed with exit code 1
I have already referenced "User interaction is not allowed" trying to sign an OSX app using codesign and other similar threads, but none of the solutions seem to properly remedy the error.
Here is what I've already tried:
I have allowed all items to access the keychain, and I have specifically added codesign to the "always allow" list (as done here https://stackoverflow.com/a/22637896)
I have set the keychain to not automatically lock with a timeout, both through Keychain Access's settings, and through the command
security set-keychain-settings -t 3600 -l <KEYCHAIN>I have tried calling
codesign --sign <CODE SIGN IDENTITY> --force ...before the project compiles (more specifically, this solution https://stackoverflow.com/a/20208104), and although this successfully builds the project I don't think that codesigning before compiling is correct or reliable. (edit: this also failed when run from jenkins)
Here are the commands I am executing:
security unlock-keychain -p <PASSWORD> <KEYCHAIN>
xcodebuild -scheme <SCHEME> -workspace <WORKSPACE> -derivedDataPath <BUILD DIRECTORY> -configuration <CONFIGURATION> "CONFIGURATION_BUILD_DIR=<BUILD DIRECTORY>" "CODE_SIGN_IDENTITY=<CODE SIGN ID>" "PROVISIONING_PROFILE=<PROVISIONING PROFILE>" clean build
Something interesting to note is that building the project on the machine works with the commands above, but trying to run the exact same commands over ssh (and jenkins) causes the error.
Thanks in advance for your help!
回答1:
SSH is not supported by Apple to run automated build as they are headless, so running via SSH could be the issue here:
The context provided by LaunchDaemons is not supported for running GUI applications. The SSH service, and the default setup for Jenkins, are both implemented as LaunchDaemons. In earlier versions of Xcode 5 xcodebuild could run tests on the iOS simulator in this context, but that was never a supported configuration, and as you have noted that is no longer working as of Xcode 6.
Unlike LaunchDaemons, LaunchAgents provide a context where you can run GUI applications - if the user is logged in at the time, with a window server / Aqua session. Converting your Jenkins configuration from being a LaunchDaemon to being a LaunchAgent would avoid the reported issue. You can also use launchd for running tests on the iOS simulator from a SSH session, either by crafting a LaunchAgent and manually loading / starting that, or by using "launchctl submit”.
Have you tried using web agent instead?
回答2:
Just in case anyone missed it. The answer in the linked question resolves the issue. Basically you need to run security -v unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN". I run this before the build and the codesign succeeds.
回答3:
Put your keys in the System keychain instead of Login/iCloud/Local Items.
回答4:
Install the Xcode plugin here: https://wiki.jenkins-ci.org/display/JENKINS/Xcode+Plugin
Choose the option to unlock the keychain and supply the path to the keychain. e.g. ${HOME}/Library/Keychains/login.keychain
Make sure you set the $HOME environment variable. From experience it's just easier to have the machine login as a user just like a developer would.
回答5:
I've been through this problem with Jenkins Xcode plugin.
I just check Unlock Keychain ?
in
Xcode - Code signing & OS X keychain options
to make my build run.
回答6:
The automated build (Jenkins w/remote SSH), which uses productsign, worked well until we upgraded the build box from Yosemite to Sierra.
productsign[4065:51711] Error configuring RSA signing: User interaction is not allowed. (-25308)
We tried different solutions found on SO, but none worked.
Eventually, I fixed it doing following:
- Open Keychain, go to Preferences
- Click 'Reset my Default Keychain'
- Message 'operation not permitted' or similar shows up
- Error did not make any sense since user is administrator
- login keychain gets removed, but not re-created.
- Logout and login again
- new login keychain appears
- productsign works again (through automated build)
Please note our 'Developer ID Installer: ACME, Inc (12345ABCDE)' certificate is in the System keychain.
来源:https://stackoverflow.com/questions/26475404/xcode-codesign-error-from-jenkins-ssh-user-interaction-is-not-allowed