[Resolved] Codesign error over SSH on macOS 10.12+

Background

I have a shell script running in Jenkins to build my iOS projects. It runs over ssh on a Mac mini.

This stopped working since upgrading to macOS Sierra.

Causes

The root error of this problem is xcodebuild returns permission denied.

After step-by-step try on a hello world program, codesign returns the detailed error:

SecKey API returned: -25308, (null)____FILE_PATH____: unknown error -1=ffffffffffffffff

The explanation of this error is:

$ security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.

This does not make any sense because the script created a new keychain and unlocked it. It needs no user interaction.

Solution

After three weeks contacting with Apple support, the solution is adding following command before using the newly created keychain:

security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private

This works perfectly, but I cannot find any related document.

The script have been updated.

2 thoughts on “[Resolved] Codesign error over SSH on macOS 10.12+”

  1. Hey i’m facing the same issue? What are the parameters to be passed for password and identity? I’m assuming the password field is the password for the keychain?

Leave a Reply

Your email address will not be published. Required fields are marked *