1

I'm trying to build a Xamarin Touch project from a Jenkins build it fails at the code signing phase.

My certificates and keys are in the System keychain so should be accessible to Jenkins. I have no code signing issues when I build the project:

  • Using Xamarin Studio.
  • Using /bin/bash and xbuild logged in as the Jenkins user.
  • Using /bin/sh and xbuild logged in as the Jenkins user.

The only time the code signing issue is seen is when the Jenkins build itself.

The error is "User interaction is not allowed", I'm at a loss as to explain what is going wrong for the Jenkins build when everything is working as the Jenkins user when I run the same command from a shell.

Jesse Glick
  • 24,539
  • 10
  • 90
  • 112
user3617723
  • 1,355
  • 3
  • 17
  • 37
  • Dup? http://stackoverflow.com/questions/20205162/user-interaction-is-not-allowed-trying-to-sign-an-osx-app-using-codesign & http://www.egeek.me/2013/02/23/jenkins-and-xcode-user-interaction-is-not-allowed/ – SushiHangover Oct 27 '15 at 20:24
  • I think that issue is similar but slightly different, I've already moved everything into the system keychain so everything should have access now by default. The keychain itself must be ok because everything works fine outside of Jenkins even when I'm logged in as Jenkins in a shell. – user3617723 Oct 28 '15 at 08:09

2 Answers2

1

You could try importing your credentials in the Jenkins credentials area.

from here:

Allowing Jenkins to stage developer profile This plugin builds on top of Credentials Plugin to allow you to store your Apple Developer Profile (*.developerprofile) file. This file contains a code signing private key, corresponding developer/distribution certificates, and mobile provisioning profiles. You can create this file from your XCode.

To upload the developer profile into Jenkins, go to "Manage Credentials" in the system configuration page, and select "Apple Developer Profile" from the "Add" button. See Credentials Plugin for further details.

To use this profile for signing, add "Import developer profile" as a build step before you run xcode, and select the developer profile to import into the build machine. This build step will install the developer profile into the slave's keychain.

blahartinger
  • 292
  • 1
  • 8
  • This is all being done on a single Jenkins master box so their shouldn't be any issues with access to the keychain, as I said I've put the required certificates and keys in the system keychain. – user3617723 Oct 27 '15 at 16:54
0

So it turns out my problem was that my code signing keys were still in the login keychain as well as the system keychain.

I'm guessing this meant the build saw the keys in the login keychain first but then failed because that wasn't unlocked.

Once I deleted them from the login keychain, so they were only in the system keychain, it started working.

I'm still not sure why this was only a problem from within Jenkins as everything was working fine using a shell logged in as Jenkins.

user3617723
  • 1,355
  • 3
  • 17
  • 37