Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OTHER_CODE_SIGN_FLAGS keychain flag ignored?

I have just learned about the possibility to use OTHER_CODE_SIGN_FLAGS to specify the keychain which includes the cert needed for building and signing an app. But unfortunately I cannot get it to work.

My script looks something like this:

#!/bin/bash
TARGET="MyProject"
CONFIGURATION="Release"
SDK="iphoneos"
IDENTITY="iPhone Developer: John Doe (XX22RR22O)"
KEYCHAIN="/Users/username/Library/Keychains/someKeyChain.keychain"
PASSWORD=""

security unlock-keychain -p ${PASSWORD} ${KEYCHAIN}
xcodebuild -target "${TARGET}" -configuration ${CONFIGURATION} -sdk $SDK CODE_SIGN_IDENTITY="${IDENTITY}" OTHER_CODE_SIGN_FLAGS="--keychain ${KEYCHAIN}"

But that fails:

Check dependencies
[BEROR]Code Sign error: The identity 'iPhone Developer: John Doe (XX22RR22O)' doesn't match any valid certificate/private key pair in the default keychain

But if I switch to the keychain first it works but that is not useable on a build server where multiple builds could happen simultaneously:

#!/bin/bash
TARGET="MyProject"
CONFIGURATION="Release"
SDK="iphoneos"
IDENTITY="iPhone Developer: John Doe (XX22RR22O)"
KEYCHAIN="/Users/username/Library/Keychains/someKeyChain.keychain"
PASSWORD=""

security unlock-keychain -p ${PASSWORD} ${KEYCHAIN}
security default-keychain -s ${KEYCHAIN}
xcodebuild -target "${TARGET}" -configuration ${CONFIGURATION} -sdk $SDK CODE_SIGN_IDENTITY="${IDENTITY}" OTHER_CODE_SIGN_FLAGS="--keychain ${KEYCHAIN}"

Hope you guys can help -Morten

like image 374
mbogh Avatar asked Sep 13 '11 08:09

mbogh


3 Answers

I found that if I didn't add the keychain to keychain search list, xcodebuild would not respect the OTHER_CODE_SIGN_FLAG --keychain setting. I had to add this code:

// Early in the script
ORIGINAL_KEYCHAINS=`security list-keychains -d user`

// After I create my keychain, add it to the list
security list-keychains -d user -s ${ORIGINAL_KEYCHAINS} "${KEYCHAIN_NAME}"

// On cleanup
security list-keychains -d user -s ${ORIGINAL_KEYCHAINS} 

Needless to say, I lost hours figuring this out.

Also of help, making sure the keychain stays open for the length of your build. As advised here:

security -v set-keychain-settings -lut 7200 ${KEYCHAIN_NAME}
like image 78
Ben Flynn Avatar answered Nov 16 '22 07:11

Ben Flynn


The answer is to upgrade: Xcode 4.3 respects the OTHER_CODE_SIGN_FLAGS flag during the Check dependencies build step.

like image 44
Ian Terrell Avatar answered Nov 16 '22 06:11

Ian Terrell


I ran into the same problem while trying to set up CI for our iOS projects. I ended up updating the PackageApplication Perl script to support passing a keychain option. Location:

 /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/PackageApplication

I'm still waiting for some licensing clarification from Apple so that I can publish my updated script to GitHub.

like image 43
Tyler S Avatar answered Nov 16 '22 07:11

Tyler S