[Resolved] Codesign error over SSH on macOS 10.12+

Background

I have a shell script running in Jenkins to build my iOS projects. It runs over ssh on a Mac mini.

This stopped working since upgrading to macOS Sierra.

Causes

The root error of this problem is xcodebuild returns permission denied.

After step-by-step try on a hello world program, codesign returns the detailed error:

SecKey API returned: -25308, (null)____FILE_PATH____: unknown error -1=ffffffffffffffff

The explanation of this error is:

$ security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.

This does not make any sense because the script created a new keychain and unlocked it. It needs no user interaction.

Solution

After three weeks contacting with Apple support, the solution is adding following command before using the newly created keychain:

security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private

This works perfectly, but I cannot find any related document.

The script have been updated.

5 comments

  1. Hey i’m facing the same issue? What are the parameters to be passed for password and identity? I’m assuming the password field is the password for the keychain?

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.