Re: xcodebuild doesn't find the identity if keychain only referenced from OTHER_CODE_SIGN_FLAGS
Re: xcodebuild doesn't find the identity if keychain only referenced from OTHER_CODE_SIGN_FLAGS
- Subject: Re: xcodebuild doesn't find the identity if keychain only referenced from OTHER_CODE_SIGN_FLAGS
- From: Jerome Lacoste <email@hidden>
- Date: Wed, 17 Dec 2014 21:39:14 +0100
Just to say that I've found the following in the codesign documentation:
SIGNING IDENTITIES
To be used for code signing, a digital identity must be stored in
a keychain that is on the calling user's keychain search list.
After updating the search list, I go further but still have a problem
with the identity not being found, but I suspect I can find some more
information in the man page that will help me out.
sorry for not having found this earlier.
Jerome
On Tue, Dec 16, 2014 at 12:02 PM, Jerome Lacoste
<email@hidden> wrote:
> Hello,
>
> I am trying to have, for every build job, a different keychain with
> the proper identities in it.
>
> Given my previous email about me not having managed to find an atomic
> way to modify the search list of keychains, I tried to use xcodebuild
> WITHOUT using list-keychains -s
>
> And I use OTHER_CODE_SIGN_FLAGS to specify the keychain.
>
> But xcodebuild fails because of "No codesigning identities found".
>
>
> Details:
>
> 1. create a keychain
> 2. unlock it
> 3. unset timeout (for test purposes)
> 4. import signing identities into it
> 5. copy the developer profiles into the proper location
>
> security delete-keychain other_keychain
> security create-keychain -p 1111 other_keychain
> security unlock-keychain -p 1111 other_keychain
> security set-keychain-settings other_keychain
>
> security import ..../0123456789.p12 -k other_keychain -P THEPASSWORD
> -T /usr/bin/codesign other_keychain
>
> cp YYYYYYY.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/
>
> and then that's all. No modification of the list of known keychains.
>
> But then xcodebuild now fails at start because it cannot find the
> signing identities.
>
> /usr/bin/xcodebuild -verbose -target Unity-iPhone -configuration
> Release build CONFIGURATION_BUILD_DIR=.......
> 'CODE_SIGN_IDENTITY=XXXXXXX PROVISIONING_PROFILE=YYYYYYY
> "OTHER_CODE_SIGN_FLAGS='--keychain
> ~/Library/Keychains/other_keychain'"
>
>
> Check dependencies
> Code Sign error: No codesigning identities found: No codesigning
> identities (i.e. certificate and private key pairs) that match the
> provisioning profile specified in your build settings (“NAME OF MY
> PROFILE”) were found.
> CodeSign error: code signing is required for product type
> 'Application' in SDK 'iOS 8.1
>
> Yet this works:
>
> /usr/bin/security find-certificate -a -c "XXXXXXXXXXXX" -Z
> ~/Library/Keychains/other_keychain | grep ^SHA-1
>
> SHA-1 hash: 0123456789
>
> xcodebuild doesn't support a -keychain or --keychain argument.
>
> So I wonder it the "Check dependencies" step is a bit overzealous and
> forget to check the OTHER_CODE_SIGN_FLAGS argument.
>
> Is this a bug ?
> Is there a way to get xcodebuild to work WITHOUT modifying the default
> list of keychains ?
>
> If not, should I conclude that one shouldn't really try to make per
> build process isolated keychains environments (for both security and
> avoiding the potential threading issue caused by the non atomic adding
> of keychains) ? Should I consider having one system user per job
> instead ?
>
> Thanks!
>
> Jerome
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden