Jenkins on OS X: xcodebuild gives Code Sign error

Question

Summary:

Setting up Jenkins on OS X has been made significantly easier with the most recent installer (as of 1.449 - March 9, 2012), however managing the pr

Answer 1

To change the password you can use sudo passwd jenkins <new-pw>. However I think it would be better to use the dscl command to change the password.

In my install jenkins (official installer) had a user shell /usr/bin/false. Changing it to bash solved the problem of not being able to login:

sudo dscl . -change /Users/jenkins UserShell /usr/bin/false /bin/bash

You should now be able to login with su jenkins.

Answer 2

Keychains need to be unlocked before they can be used. You can use security unlock-keychain to unlock. You can do that interactively (safer) or by specifying the password on the command line (unsafe), e.g.:

security unlock-keychain -p mySecretPassword...

Obviously, putting this into a script compromises the security of that keychain, so often people setup an individual keychain with only the signing credentials to minimize such damage.

Typically in Terminal the keychain is already unlocked by your session, since the default keychain is unlocked on login, so you don't need to do that. However, any process not run in your session won't have unlocked keychain even if it has you as the user (most commonly this affects ssh, but also any other process).

Answer 3

I've had the same issue and have been searching around for some time for an answer. Here's one thing that I've learned.

I am running jenkins as the jenkins user, user created by the installer, and as everyone else has mentioned he doesn't have access to the same keychain that your normal user does. Instead of trying to login as the jenkins user, I created a second build project that simply has one build step that is "Execute Shell" in which I run commands I want to test as the jenkins user.

Once I had that set up, I could run the command

security list-keychains

And this revealed to me that the only thing that jenkins could see was the system keychain.

+ security list-keychains
    "/Library/Keychains/System.keychain"
    "/Library/Keychains/System.keychain"

With that knowledge, I then opened the Keychain Access app and copied my "iPhone Developer: xxxx" certificate into the System keychain (Right-click, copy from the "login" keychain).

This got me passed the certificate/private key pair code sign error but opened up another one with the provisioning profile (seems like a similar, but different, issue).

Answer 4

I added the private and public key for the company to the keychain. I added the provision profiles for the production I will be building.

Since this user did not have an account I logged into devcenter with my account. Downloaded the provisioning certs and loaded them into Xcode.

I did not add a cert specifically for the build role account, ex. jenkins.

I did add this to the build script: security unlock-keychain -p mySecretPassword as above, but...

I created a file ~/.ssh/mypass and add the password to the file.

Then the command becomes: security unlock-keychain -p cat ~/.ssh/mypass

Builds are working like a champ. I get the ipa file, it loads on app central and works on the device.

Answer 5

To solve this issue try to log in to http://appleid.apple.com and update your security questions.

It helped me.

Answer 6

I have used Xcode plugin to build iOS app. In configuration of a project.

choose Add build step > Xcode > code signing & OS X keychain options.

tick Unlock keychain box and add as follow (for examples)

somtimes, if I get the error

Code Sign error: ...

I will reopen Jenkins and enter password again to unlock