xcodebuild doesn't find the identity if keychain only referenced from OTHER_CODE_SIGN_FLAGS
xcodebuild doesn't find the identity if keychain only referenced from OTHER_CODE_SIGN_FLAGS
- Subject: xcodebuild doesn't find the identity if keychain only referenced from OTHER_CODE_SIGN_FLAGS
- From: Jerome Lacoste <email@hidden>
- Date: Tue, 16 Dec 2014 12:02:52 +0100
Hello,
I am trying to have, for every build job, a different keychain with
the proper identities in it.
Given my previous email about me not having managed to find an atomic
way to modify the search list of keychains, I tried to use xcodebuild
WITHOUT using list-keychains -s
And I use OTHER_CODE_SIGN_FLAGS to specify the keychain.
But xcodebuild fails because of "No codesigning identities found".
Details:
1. create a keychain
2. unlock it
3. unset timeout (for test purposes)
4. import signing identities into it
5. copy the developer profiles into the proper location
security delete-keychain other_keychain
security create-keychain -p 1111 other_keychain
security unlock-keychain -p 1111 other_keychain
security set-keychain-settings other_keychain
security import ..../0123456789.p12 -k other_keychain -P THEPASSWORD
-T /usr/bin/codesign other_keychain
cp YYYYYYY.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/
and then that's all. No modification of the list of known keychains.
But then xcodebuild now fails at start because it cannot find the
signing identities.
/usr/bin/xcodebuild -verbose -target Unity-iPhone -configuration
Release build CONFIGURATION_BUILD_DIR=.......
'CODE_SIGN_IDENTITY=XXXXXXX PROVISIONING_PROFILE=YYYYYYY
"OTHER_CODE_SIGN_FLAGS='--keychain
~/Library/Keychains/other_keychain'"
Check dependencies
Code Sign error: No codesigning identities found: No codesigning
identities (i.e. certificate and private key pairs) that match the
provisioning profile specified in your build settings (“NAME OF MY
PROFILE”) were found.
CodeSign error: code signing is required for product type
'Application' in SDK 'iOS 8.1
Yet this works:
/usr/bin/security find-certificate -a -c "XXXXXXXXXXXX" -Z
~/Library/Keychains/other_keychain | grep ^SHA-1
SHA-1 hash: 0123456789
xcodebuild doesn't support a -keychain or --keychain argument.
So I wonder it the "Check dependencies" step is a bit overzealous and
forget to check the OTHER_CODE_SIGN_FLAGS argument.
Is this a bug ?
Is there a way to get xcodebuild to work WITHOUT modifying the default
list of keychains ?
If not, should I conclude that one shouldn't really try to make per
build process isolated keychains environments (for both security and
avoiding the potential threading issue caused by the non atomic adding
of keychains) ? Should I consider having one system user per job
instead ?
Thanks!
Jerome
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden