发表新帖
发表新帖

Running xcodebuild from a forked terminal

前端 未结
关注
13 1183
说谎
说谎 2020-12-02 04:20

I\'m trying to setup an automated build server for an iPhone application. I\'d like to be able to have nightly adhoc beta builds so that testers can follow the development.<

13条回答
  • 隐瞒了意图╮
    隐瞒了意图╮ (楼主)
    2020-12-02 04:58

    There are two (possibly three!) components to this. One is the keychain must be unlocked. Second, there is an access control list inside the keychain that tells which permissions are given to applications in the unlocked state. So even if you have the keychain successfully unlocked, if the ability to access the private key and sign with it isn't given to /usr/bin/codesign then you will still get this message. Finally, if you are on Mac OS Sierra, the default partition ID assigned to keys is incorrect in order to be compatible with the codesign binary.

    The solution is as follows:

    1) If you have access to the Keychain Access GUI, then you can manually grant every program or /usr/bin/codesign access by right clicking on your private key, selecting the "Access Control" tab and then selecting the "Allow all applications to access this item" radio or the list of "Always allow access by these applications" list.

    2) If you are encountering this error, chances are you are trying to run codesign for a non-login user. In this case, you clearly don't have access to the "Keychain Access" GUI. For these cases, you verify the sign authorization missing for application , which apparently means all applications, or specifically /usr/bin/codesign by using:

    security dump-keychain -i login.keychain

    However, you cannot add or modify access control attributes in interactive mode for some reason --only delete! You actually have to manually delete the key and re-add it to the keychain specifying the -T flag. 

    security import login.keychain -P "" -T /usr/bin/codesign

    Where -T specifies 

    -T  Specify an application which may access the imported key (multiple -T options are allowed)

    3) If you are on Mac OS Sierra, modify the partition ID to include the apple partition. Presumably, this is the namespace assigned to codesign because it was distributed by Apple.

    security set-key-partition-list -S apple-tool:,apple: -k "" login.keychain

    NOTE: The apple-tool partition is inserted by the security tool, so the command above preserves that partition. For more information on this aspect, see: http://www.openradar.me/28524119

    0 讨论(0)
 看不清?
提交回复
热议问题