The problem is that keychains need to be unlocked to access the contents of it, and also that codesign is an untrusted application requesting access to a private key. You need to add /usr/bin/codesign as a trusted application to the private key via the following steps:
1) Login to the system where you are building as the user 2) Open Keychain Access "/Applications/Utilities/Keychain Access.app" 3) Locate your certificate that you are trying to build with (iPhone Developer: *) and locate its corresponding private key 4) Right click to "Get Info" of the private key and go to the "Access Control" tab 5) Click the plus sign 6) Locate /usr/bin/codesign, and add it 7) Type your keychain password if prompted 8) Ensure that the Xcode plugin is referencing the correct keychain with the correct keychain password, or script in a "security unlock-keychain" command There are some command line ways to do the above but I have never gotten them working 100%. If everything is setup as above you should never be prompted for access control and everything works just fine. If you're doing any simulator testing I believe you need the Jenkins user to be logged into the desktop as well - we set this up on our CI boxes with the "Automatic Login" feature found under "System Preferences / Users & Groups". To reduce risk you can setup the Jenkins user as a standard/unprivileged account. From: jenkinsci-users@googlegroups.com [mailto:jenkinsci-users@googlegroups.com] On Behalf Of Arnaud Héritier Sent: Wednesday, March 07, 2012 1:47 PM To: jenkinsci-users@googlegroups.com Subject: Re: Getting Jenkins to work on Mac with the XCode integration plugin you'll probably never see it. You'll have to to logon on this account and launch manually the codesign command you can see in your build logs On Wed, Mar 7, 2012 at 10:35 PM, Hilton Campbell <hilton.campb...@gmail.com<mailto:hilton.campb...@gmail.com>> wrote: I haven't seen that dialog appear. But then, I've never been logged in to the desktop as the jenkins user while a build was happening. I'll try that out and report. On Wednesday, March 7, 2012 8:52:28 AM UTC-7, Arnaud Héritier wrote: Hi Couldn't it be a problem with the codesign program trying to access to the keychain ? Did you ask it manually to always allow it ? https://wiki.jenkins-ci.org/display/JENKINS/XCode+Plugin#XcodePlugin-Installationguide Arnaud On Wed, Mar 7, 2012 at 4:35 PM, Hilton Campbell wrote: Whenever I reboot my Mac, all subsequent Xcode builds fail with "Code Sign error: The identity 'iPhone Distribution: Blah blah blah' doesn't match any valid certificate/private key pair in the default keychain". I have the certificate/private key pair it is looking for in my jenkins user's login keychain, and my jobs are configured to unlock the keychain, which they do successfully according to the build log. Whenever this happens I try a lot of things, like moving the certificate/private key pair to the system keychain, or logging in as the jenkins user, or whatever else my desperate Google searches turn up. But then I remember what I did to fix it last time, which is to reinstall Jenkins using the Mac installer, turning off the install as daemon option and turning on the install as jenkins user. Once installation completes, the jobs work again. Any ideas what it is that the installation is doing that a reboot is undoing? -- ----- Arnaud Héritier 06-89-76-64-24<tel:06-89-76-64-24> http://aheritier.net Mail/GTalk: aherit...@gmail.com<mailto:aherit...@gmail.com> Twitter/Skype : aheritier -- ----- Arnaud Héritier 06-89-76-64-24 http://aheritier.net Mail/GTalk: aherit...@gmail.com<mailto:aherit...@gmail.com> Twitter/Skype : aheritier IMPORTANT NOTICE: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages sent from this company may contain information that is confidential and may be legally privileged. Please do not read, copy, forward or store this message unless you are an intended recipient of it. If you received this transmission in error, please notify the sender by reply e-mail and delete the message and any attachments.
