Xcode, Codesign Error from Jenkins / SSH - "User Interaction is not allowed"

Question

I am trying to run an automated xcodebuild on Jenkins, but I am running into the error

User interaction is not allowed. Command /usr/bin/codesign failed with exit code 1

I have already referenced "User interaction is not allowed" trying to sign an OSX app using codesign and other similar threads, but none of the solutions seem to properly remedy the error.

---

Here is what I've already tried:

• I have allowed all items to access the keychain, and I have specifically added codesign to the "always allow" list (as done here https://stackoverflow.com/a/22637896)

• I have set the keychain to not automatically lock with a timeout, both through Keychain Access's settings, and through the command

  security set-keychain-settings -t 3600 -l <KEYCHAIN>
  

• I have tried calling

  codesign --sign <CODE SIGN IDENTITY> --force ...
  

  before the project compiles (more specifically, this solution https://stackoverflow.com/a/20208104), and although this successfully builds the project I don't think that codesigning before compiling is correct or reliable. (edit: this also failed when run from jenkins)

---

Here are the commands I am executing:

security unlock-keychain -p <PASSWORD> <KEYCHAIN>
xcodebuild -scheme <SCHEME> -workspace <WORKSPACE> -derivedDataPath <BUILD DIRECTORY> -configuration <CONFIGURATION> "CONFIGURATION_BUILD_DIR=<BUILD DIRECTORY>" "CODE_SIGN_IDENTITY=<CODE SIGN ID>" "PROVISIONING_PROFILE=<PROVISIONING PROFILE>" clean build

Something interesting to note is that building the project on the machine works with the commands above, but trying to run the exact same commands over ssh (and jenkins) causes the error.

---

Thanks in advance for your help!

Answer 1

SSH is not supported by Apple to run automated build as they are headless, so running via SSH could be the issue here:

The context provided by LaunchDaemons is not supported for running GUI applications. The SSH service, and the default setup for Jenkins, are both implemented as LaunchDaemons. In earlier versions of Xcode 5 xcodebuild could run tests on the iOS simulator in this context, but that was never a supported configuration, and as you have noted that is no longer working as of Xcode 6.

Unlike LaunchDaemons, LaunchAgents provide a context where you can run GUI applications - if the user is logged in at the time, with a window server / Aqua session. Converting your Jenkins configuration from being a LaunchDaemon to being a LaunchAgent would avoid the reported issue. You can also use launchd for running tests on the iOS simulator from a SSH session, either by crafting a LaunchAgent and manually loading / starting that, or by using "launchctl submit”.

Have you tried using web agent instead?

Answer 2

Just in case anyone missed it. The answer in the linked question resolves the issue. Basically you need to run security -v unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN". I run this before the build and the codesign succeeds.

Answer 3

Put your keys in the System keychain instead of Login/iCloud/Local Items.