2

I have my xcodebuild running successfully through ant. If I ssh into the system and run the build, it works fine. However, when the same ant target is called via Jenkins (running as a slave on the mac), it fails with the classic 

Code Sign error: a valid provisioning profile matching the application's Identifier 'xxx.xxx.xxx' could not be found"

In trying to get it to work, I tried running it via a 'sudo ant' call, and of course, this causes the same error. The local user and root both echo the same $PATH, so that's not the issue. I don't see a way to change the environment or change the user Jenkins invokes ant is. There must be someone else that has solved this - any help would be appreciated.

Feasoron
  • 3,471
  • 3
  • 23
  • 34

3 Answers3

2

I ran into something like this - don't know if it's the same thing. But when you start Jenkins are you running it as a user or running as root? The first time I started out with Jenkins I was kicking it off by running sudo java -jar jenkins.war and I was getting the same Code Sign error. When I ran it without 'sudo' it worked fine. Not 100% sure why, though. Maybe it has something to do with the certificate only being associated with the user?

carbonbasednerd
  • 130
  • 4
  • I've set the Jenkins Slave to launch via SSH now, so I can force it to use the same credentials I use when I call ant manually. Unfortunately, that hasn't fixed this problem. – Feasoron Aug 31 '11 at 15:59
  • I take that back. Even though we changed the way Jenkins was launched, if had failed to stop and relaunch again. Launching as a local, non-root, user resolved the problem. Thank you! – Feasoron Aug 31 '11 at 18:40
2

I had something similar, but perhaps a little different. I could run xcodebuild from the command line and it would sign the app properly. However, in Jenkins I would get a error like:

[BEROR]Code Sign error: The identity 'iPhone Distribution' doesn't match any valid certificate/private key pair in the default keychain

It had worked fine, but something changed (I'm not sure what) and it stopped working. I tried a billion things, but ultimately fixed by copying the cert/key pair in Keychain Access into the 'System' keychain (it was previously just in the login keychain).

I'm running Xcode 4.2, which may be or may not be significant.

EDIT:

Found a solution for my problem: add the following to the top of your jenkins script:

security list-keychains -s /Users/[user]/Library/Keychains/login.keychain

The "-s" selects the keychain you want to use for this shell. Confusing that the argument to the security command is "list-keychains", but that's what it does...

joshrl
  • 3,527
  • 1
  • 22
  • 12
  • 1
    FYI: In this case, you probably have installed Jenkins as daemon. A daemon usually runs with root permissions when it's in the System Library folder. That means that during the installation you haven't set up the Jenkins user, so it will try to access the System keychain. – ff10 Apr 03 '12 at 16:24
  • joshrl where did you store them ? and where their source locations? because i'm building with a jenkis installed on mac (jenkis on mac create a separate user -- so i need to assign by chmod permission to 'other' users). Android works fine having enabled pc main user Android dir in home, but iOS seems to not found mobile provision files. – Simone Campagna Nov 15 '18 at 15:48
0

As a workaround, you could import the cert on the command line before you run xcode:

security import Cert.p12 -P password -k ~/Library/Keychains/login.keychain -A -T /usr/bin/codesign
Bryan
  • 356
  • 2
  • 6