If there is open access against the private key then you should not be prompted to allow/deny access to the item when it is invoked from codesign.
It could be that the configured signing profile selected in the project is slightly different from the one in your keychain. Be sure that you are selecting the generic “iPhone Developer” or “iPhone Distribution” instead of the individual/company specific “iPhone Developer: YOUR NAME”. You can double check this setting by looking for the “CODE_SIGN_IDENTITY” values in your project.pbxproj without having to pop open Xcode. I’d be surprised if you had this for a Distribution build, but it might be something to double check. As some words of wisdom, I’ve had issues with Xcode when multiple code signing identities are present, so be sure that you delete any duplicate/invalid/outdated certificates and keys. This has caused me a number of headaches in the past with developer configurations. You can load the Xcode organizer to ensure everything is OK. From: jenkinsci-users@googlegroups.com [mailto:jenkinsci-users@googlegroups.com] On Behalf Of Hilton Campbell Sent: Wednesday, March 07, 2012 6:55 PM To: jenkinsci-users@googlegroups.com Subject: Re: Getting Jenkins to work on Mac with the XCode integration plugin Thanks for the thorough instructions. I did follow them, but when I went to the Access Control tab for the private key, I see "Allow all applications to access this item" is selected. On Wednesday, March 7, 2012 3:50:32 PM UTC-7, Elkin, Michael wrote: The problem is that keychains need to be unlocked to access the contents of it, and also that codesign is an untrusted application requesting access to a private key. You need to add /usr/bin/codesign as a trusted application to the private key via the following steps: 1) Login to the system where you are building as the user 2) Open Keychain Access “/Applications/Utilities/Keychain Access.app” 3) Locate your certificate that you are trying to build with (iPhone Developer: *) and locate its corresponding private key 4) Right click to “Get Info” of the private key and go to the “Access Control” tab 5) Click the plus sign 6) Locate /usr/bin/codesign, and add it 7) Type your keychain password if prompted 8) Ensure that the Xcode plugin is referencing the correct keychain with the correct keychain password, or script in a “security unlock-keychain” command There are some command line ways to do the above but I have never gotten them working 100%. If everything is setup as above you should never be prompted for access control and everything works just fine. If you’re doing any simulator testing I believe you need the Jenkins user to be logged into the desktop as well – we set this up on our CI boxes with the “Automatic Login” feature found under “System Preferences / Users & Groups”. To reduce risk you can setup the Jenkins user as a standard/unprivileged account. From: jenkinsci-users@googlegroups.com<mailto:jenkinsci-users@googlegroups.com> [mailto:jenkinsci-users@googlegroups.com<mailto:jenkinsci-users@googlegroups.com>] On Behalf Of Arnaud Héritier Sent: Wednesday, March 07, 2012 1:47 PM To: jenkinsci-users@googlegroups.com<mailto:jenkinsci-users@googlegroups.com> Subject: Re: Getting Jenkins to work on Mac with the XCode integration plugin you'll probably never see it. You'll have to to logon on this account and launch manually the codesign command you can see in your build logs On Wed, Mar 7, 2012 at 10:35 PM, Hilton Campbell wrote: I haven't seen that dialog appear. But then, I've never been logged in to the desktop as the jenkins user while a build was happening. I'll try that out and report. On Wednesday, March 7, 2012 8:52:28 AM UTC-7, Arnaud Héritier wrote: Hi Couldn't it be a problem with the codesign program trying to access to the keychain ? Did you ask it manually to always allow it ? https://wiki.jenkins-ci.org/display/JENKINS/XCode+Plugin#XcodePlugin-Installationguide Arnaud On Wed, Mar 7, 2012 at 4:35 PM, Hilton Campbell wrote: Whenever I reboot my Mac, all subsequent Xcode builds fail with "Code Sign error: The identity 'iPhone Distribution: Blah blah blah' doesn't match any valid certificate/private key pair in the default keychain". I have the certificate/private key pair it is looking for in my jenkins user's login keychain, and my jobs are configured to unlock the keychain, which they do successfully according to the build log. Whenever this happens I try a lot of things, like moving the certificate/private key pair to the system keychain, or logging in as the jenkins user, or whatever else my desperate Google searches turn up. But then I remember what I did to fix it last time, which is to reinstall Jenkins using the Mac installer, turning off the install as daemon option and turning on the install as jenkins user. Once installation completes, the jobs work again. Any ideas what it is that the installation is doing that a reboot is undoing? -- ----- Arnaud Héritier 06-89-76-64-24 http://aheritier.net Mail/GTalk: aherit...@gmail.com<mailto:aherit...@gmail.com> Twitter/Skype : aheritier -- ----- Arnaud Héritier 06-89-76-64-24 http://aheritier.net Mail/GTalk: aherit...@gmail.com<mailto:aherit...@gmail.com> Twitter/Skype : aheritier IMPORTANT NOTICE: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages sent from this company may contain information that is confidential and may be legally privileged. Please do not read, copy, forward or store this message unless you are an intended recipient of it. If you received this transmission in error, please notify the sender by reply e-mail and delete the message and any attachments.
