[Resolved] Codesign error over SSH on macOS 10.12+

Background

I have a shell script running in Jenkins to build my iOS projects. It runs over ssh on a Mac mini.

This stopped working since upgrading to macOS Sierra.

Causes

The root error of this problem is xcodebuild returns permission denied.

After step-by-step try on a hello world program, codesign returns the detailed error:

SecKey API returned: -25308, (null)____FILE_PATH____: unknown error -1=ffffffffffffffff

The explanation of this error is:

$ security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.

This does not make any sense because the script created a new keychain and unlocked it. It needs no user interaction.

Solution

After three weeks contacting with Apple support, the solution is adding following command before using the newly created keychain:

security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private

This works perfectly, but I cannot find any related document.

The script have been updated.

让Google Chrome支持Kerberos认证

在启动chrome的时候增加选项:
–auth-server-whitelist=”domain.example.com”
就可以在这个域名下使用Kerberos认证了。
MacOS和Linux都能和命令行的kinit共享正确的权限,Windows的不行因为没有内建的支持。

我目前还是用命令行启动加这个选项,好像没有地方保存这个设置。

Published
Categorized as Mac

Mail乱码解决方案

使用Mail回复Rich Format格式的邮件时,经常会变成是乱码。打开Terminal输入下面这个命令,可以解决。
defaults write com.apple.mail NSPreferredMailCharset "gbk"
写个日志保存,免得重装了以后忘记怎么改。

Published
Categorized as Mac
Exit mobile version