Skip to content

codesigning fails with "unknown error -1=ffffffffffffffff" #8797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
gereons opened this issue Apr 6, 2017 · 22 comments
Closed
2 tasks done

codesigning fails with "unknown error -1=ffffffffffffffff" #8797

gereons opened this issue Apr 6, 2017 · 22 comments

Comments

@gereons
Copy link

gereons commented Apr 6, 2017

New Issue Checklist

Issue Description

I'm in the process of setting up fastlane on our CI box as a replacement of the (currently broken) Xcodebuild plugin for Jenkins. Everything works fine until the last step, codesigning, which fails with "unknown error -1=ffffffffffffffff".

Last output from fastlane is

▸ Running script '[CP] Embed Pods Frameworks'
** ARCHIVE FAILED **


The following build commands failed:
PhaseScriptExecution [CP]\ Embed\ Pods\ Frameworks /Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/IntermediateBuildFilesPath/Sellfio2.build/Release-iphoneos/Sellfio2.build/Script-0C0A451C95B1AB212FE0C0F6.sh
(1 failure)
[13:33:57]: Exit status: 65
[13:33:57]: 📋  For a more detailed error log, check the full log at:
[13:33:57]: 📋  /Users/ci/Library/Logs/gym/Sellfio2-Sellfio2.log

and the last lines of that file are

PhaseScriptExecution [CP]\ Embed\ Pods\ Frameworks /Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/IntermediateBuildFilesPath/Sellfio2.build/Release-iphoneos/Sellfio2.build/Script-0C0A451C95B1AB212FE0C0F6.sh
    cd /Users/ci/fastlane-test/sellfio2/ios/Sellfio2
    /bin/sh -c /Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/IntermediateBuildFilesPath/Sellfio2.build/Release-iphoneos/Sellfio2.build/Script-0C0A451C95B1AB212FE0C0F6.sh
mkdir -p /Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/BuildProductsPath/Release-iphoneos/Sellfio2.app/Frameworks
Symlinked...
rsync -av --filter "- CVS/" --filter "- .svn/" --filter "- .git/" --filter "- .hg/" --filter "- Headers" --filter "- PrivateHeaders" --filter "- Modules" "/Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/IntermediateBuildFilesPath/UninstalledProducts/iphoneos/Alamofire.framework" "/Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/InstallationBuildProductsLocation/Applications/Sellfio2.app/Frameworks"
building file list ... done
Alamofire.framework/
Alamofire.framework/Alamofire
Alamofire.framework/Info.plist

sent 8267979 bytes  received 70 bytes  16536098.00 bytes/sec
total size is 8266736  speedup is 1.00
Code Signing /Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/InstallationBuildProductsLocation/Applications/Sellfio2.app/Frameworks/Alamofire.framework with Identity iPhone Developer: Continuous Integration (....)
/usr/bin/codesign --force --sign CB4821C55BE587CB4FBC45586BB528E192FF4575  --preserve-metadata=identifier,entitlements '/Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/InstallationBuildProductsLocation/Applications/Sellfio2.app/Frameworks/Alamofire.framework'
/Users/ci/Library/Developer/Xcode/DerivedData/Sellfio2-bcmcyzbzidlxvfbqydgqbpurglpe/Build/Intermediates/ArchiveIntermediates/Sellfio2/InstallationBuildProductsLocation/Applications/Sellfio2.app/Frameworks/Alamofire.framework: unknown error -1=ffffffffffffffff
Command /bin/sh failed with exit code 1

This only happens on our CI box (running macOS 10.12.4 and Xcode 8.3. fastlane and cocoapods are up-to-date)

Environment

Please run fastlane env and copy the output below. This will help us help you 👍
If you used --capture_output option please remove this block - as it is already included there.

[INSERT OUTPUT HERE]

Stack

Key Value
OS 10.12.4
Ruby 2.4.1
Bundler? true
Git git version 2.11.0 (Apple Git-81)
Installation Source /usr/local/bin/fastlane
Host Mac OS X 10.12.4 (16E195)
Ruby Lib Dir /usr/local/Cellar/ruby/2.4.1_1/lib
OpenSSL Version OpenSSL 1.0.2k 26 Jan 2017
Is contained false
Is homebrew false
Is installed via Fabric.app false
Xcode Path /Applications/Xcode.app/Contents/Developer/
Xcode Version 8.3

System Locale

Variable Value
LANG
LC_ALL en_US.UTF-8
LANGUAGE
@fastlane-bot
Copy link

It seems like this issue might be related to code signing 🚫

Have you seen our new Code Signing Troubleshooting Guide? It will help you resolve the most common code signing issues 👍

@fastlane-bot
Copy link

It seems like you have not included the output of fastlane env

To make it easier for us help you resolve this issue, please update the issue to include the output of fastlane env 👍

@gereons
Copy link
Author

gereons commented Apr 6, 2017

The Code Signing Troubleshooting guide did not help. Here's the fastlane env output:

<details><summary>✅ fastlane environment ✅</summary>

### Stack

| Key                         | Value                                       |
| --------------------------- | ------------------------------------------- |
| OS                          | 10.12.4                                     |
| Ruby                        | 2.4.1                                       |
| Bundler?                    | true                                        |
| Git                         | git version 2.11.0 (Apple Git-81)           |
| Installation Source         | /usr/local/bin/fastlane                     |
| Host                        | Mac OS X 10.12.4 (16E195)                   |
| Ruby Lib Dir                | /usr/local/Cellar/ruby/2.4.1_1/lib          |
| OpenSSL Version             | OpenSSL 1.0.2k  26 Jan 2017                 |
| Is contained                | false                                       |
| Is homebrew                 | false                                       |
| Is installed via Fabric.app | false                                       |
| Xcode Path                  | /Applications/Xcode.app/Contents/Developer/ |
| Xcode Version               | 8.3                                         |


### System Locale

| Variable | Value       |   |
| -------- | ----------- | - |
| LANG     |             |   |
| LC_ALL   | en_US.UTF-8 | ✅ |
| LANGUAGE |             |   |


### fastlane files:

<details><summary>`./fastlane/Fastfile`</summary>

```ruby
# Customise this file, documentation can be found here:
# https://github.com/fastlane/fastlane/tree/master/fastlane/docs
# All available actions: https://docs.fastlane.tools/actions
# can also be listed using the `fastlane actions` command

# Change the syntax highlighting to Ruby
# All lines starting with a # are ignored when running `fastlane`

# If you want to automatically update fastlane if a new version is available:
update_fastlane

# This is the minimum version number required.
# Update this, if you use features of a newer version
fastlane_version "2.16.0"

default_platform :ios

platform :ios do
  before_all do
    ENV["SLACK_URL"] = "https://hooks.slack.com/services/..."
    ENV["FL_HOCKEY_API_TOKEN"] = "..."
    ENV["FL_HOCKEY_PUBLIC_IDENTIFIER"] = "..."
    #ENV['SPACESHIP_DEBUG'] = "true"
    cocoapods
    
  end

  desc "Runs all the tests"
  lane :test do
    scan
  end

  desc "Registers new devices in the developer portal and adds them to the provisioning profile"
  lane :registerDevicesAndAddToProvisioning do
    register_devices(
      devices_file: "./fastlane/devices.txt"
    ) # Alternatively provide a standard UDID export .txt file, see the Apple Sample (https://devimages.apple.com.edgekey.net/downloads/devices/Multiple-Upload-Samples.zip)

    match(
      # force: true,
      git_branch: "Sellfio2", 
      username: "sellfio-...@....tarent.de",
      app_identifier: "de.tarent.Sellfio2",
      type: "development"
    )

    match(
      # force: true,
      git_branch: "Sellfio2", 
      username: "sellfio-...@....tarent.de",
      app_identifier: "de.tarent.Sellfio2",
      type: "appstore"
    )
  end

  desc "Gets and installs all certificates and provisioning profiles (development, appstore)"
  lane :getAllCertificates do
    match(
      git_branch: "Sellfio2", 
      username: "sellfio-...@....tarent.de",
      app_identifier: "de.tarent.Sellfio2",
      type: "development"
    )

    match(
      git_branch: "Sellfio2", 
      username: "sellfio-...@....tarent.de",
      app_identifier: "de.tarent.Sellfio2",
      type: "appstore"
    )
  end

  desc "Gets and installs the latest developer certificate"
  lane :getDevCertificate do
    match(
      git_branch: "Sellfio2", 
      username: "sellfio-...@....tarent.de",
      app_identifier: "de.tarent.Sellfio2",
      type: "development"
    )
  end

  desc "Submit a new Beta Build to HockeyApp"
  lane :beta do
    registerDevicesAndAddToProvisioning

    increment_build_number(
      build_number: 1+latest_hockeyapp_version_number(
        api_token: "...",
        app_name: "Sellfio2"
      )
    )

    gym(
      scheme: "Sellfio2",
      include_bitcode: false,
      include_symbols: false,
      configuration: "Release",
      silent: true,
      clean: true
    ) # Build your app - more options available

    hockey(
      ipa: "./Sellfio2.ipa",
      notify: "1",
      status: "2",
      notes: changelog_from_git_commits(pretty: '%h %s')
    )

    clean_build_artifacts
    reset_git_repo

    slack(
      message: "sellfio iOS: Successfully distributed a new beta build to HockeyApp",
      channel: "#mobil"
    )

    # sh "your_script.sh"
    # You can also use other beta testing services here (run `fastlane actions`)
  end

  desc "Deploy a new version to the App Store"
  lane :release do
    match(
      git_branch: "Sellfio2", 
      username: "sellfio-...@....tarent.de",
      app_identifier: "de.tarent.Sellfio2",
      type: "appstore"
    )
    # snapshot
    gym # Build your app - more options available
    deliver(force: true)
    # frameit
  end

  after_all do |lane|
    # This block is called, only if the executed lane was successful

    # slack(
    #   message: "Successfully deployed new App Update."
    # )
  end

  error do |lane, exception|
    # slack(
    #   message: exception.message,
    #   success: false
    # )
  end
end


# More information about multiple platforms in fastlane: https://github.com/fastlane/fastlane/blob/master/fastlane/docs/Platforms.md
# All available actions: https://docs.fastlane.tools/actions

# fastlane reports which actions are used
# No personal data is recorded. Learn more at https://github.com/fastlane/enhancer
```
</details>

<details><summary>`./fastlane/Appfile`</summary>

```ruby
app_identifier "de.tarent.Sellfio2" # The bundle identifier of your app
apple_id "sellfio-...@...tarent.de" # Your Apple email address

team_id "..."  # Developer Portal Team ID

# you can even provide different app identifiers, Apple IDs and team names per lane:
# More information: https://github.com/fastlane/fastlane/blob/master/fastlane/docs/Appfile.md
```
</details>

### fastlane gems

| Gem      | Version | Update-Status |
| -------- | ------- | ------------- |
| fastlane | 2.25.0  | ✅ Up-To-Date  |


### Loaded fastlane plugins:

| Plugin                                          | Version | Update-Status |
| ----------------------------------------------- | ------- | ------------- |
| fastlane-plugin-latest_hockeyapp_version_number | 1.0.0   | ✅ Up-To-Date  |


<details><summary><b>Loaded gems</b></summary>

| Gem                                             | Version      |
| ----------------------------------------------- | ------------ |
| did_you_mean                                    | 1.1.0        |
| bundler                                         | 1.14.6       |
| io-console                                      | 0.4.6        |
| rake                                            | 12.0.0       |
| CFPropertyList                                  | 2.3.5        |
| i18n                                            | 0.8.1        |
| json                                            | 1.8.6        |
| minitest                                        | 5.10.1       |
| thread_safe                                     | 0.3.6        |
| tzinfo                                          | 1.2.3        |
| activesupport                                   | 4.2.7.1      |
| builder                                         | 3.2.3        |
| activemodel                                     | 4.2.7.1      |
| public_suffix                                   | 2.0.5        |
| addressable                                     | 2.5.1        |
| awesome_print                                   | 1.7.0        |
| babosa                                          | 1.0.2        |
| claide                                          | 1.0.1        |
| fuzzy_match                                     | 2.0.4        |
| nap                                             | 1.1.0        |
| cocoapods-core                                  | 1.2.0        |
| cocoapods-deintegrate                           | 1.0.1        |
| cocoapods-downloader                            | 1.1.3        |
| cocoapods-plugins                               | 1.0.0        |
| cocoapods-search                                | 1.0.0        |
| cocoapods-stats                                 | 1.0.0        |
| netrc                                           | 0.7.8        |
| cocoapods-trunk                                 | 1.1.2        |
| cocoapods-try                                   | 1.1.0        |
| colored                                         | 1.2          |
| escape                                          | 0.0.4        |
| fourflusher                                     | 2.0.1        |
| gh_inspector                                    | 1.0.3        |
| molinillo                                       | 0.5.7        |
| ruby-macho                                      | 0.2.6        |
| colored2                                        | 3.1.2        |
| nanaimo                                         | 0.2.3        |
| xcodeproj                                       | 1.4.3        |
| cocoapods                                       | 1.2.0        |
| highline                                        | 1.7.8        |
| commander-fastlane                              | 4.4.4        |
| diff-lcs                                        | 1.3          |
| docile                                          | 1.1.5        |
| unf_ext                                         | 0.0.7.2      |
| unf                                             | 0.1.4        |
| domain_name                                     | 0.5.20170404 |
| dotenv                                          | 2.2.0        |
| excon                                           | 0.55.0       |
| multipart-post                                  | 2.0.0        |
| faraday                                         | 0.12.0.1     |
| http-cookie                                     | 1.0.3        |
| faraday-cookie_jar                              | 0.0.6        |
| faraday_middleware                              | 0.11.0.1     |
| fastimage                                       | 2.1.0        |
| jwt                                             | 1.5.6        |
| little-plugger                                  | 1.1.4        |
| multi_json                                      | 1.12.1       |
| logging                                         | 2.2.0        |
| memoist                                         | 0.15.0       |
| os                                              | 0.9.6        |
| signet                                          | 0.7.3        |
| googleauth                                      | 0.5.1        |
| httpclient                                      | 2.8.3        |
| hurley                                          | 0.2          |
| mime-types-data                                 | 3.2016.0521  |
| mime-types                                      | 3.1          |
| uber                                            | 0.0.15       |
| representable                                   | 2.3.0        |
| retriable                                       | 2.1.0        |
| google-api-client                               | 0.9.28       |
| mini_magick                                     | 4.5.1        |
| multi_xml                                       | 0.6.0        |
| plist                                           | 3.2.0        |
| rubyzip                                         | 1.2.1        |
| security                                        | 0.1.3        |
| slack-notifier                                  | 1.5.1        |
| terminal-notifier                               | 1.7.1        |
| unicode-display_width                           | 1.1.3        |
| terminal-table                                  | 1.7.3        |
| tty-screen                                      | 0.5.0        |
| word_wrap                                       | 1.0.0        |
| rouge                                           | 1.11.1       |
| xcpretty                                        | 0.2.6        |
| xcpretty-travis-formatter                       | 0.0.4        |
| httparty                                        | 0.14.0       |
| mimemagic                                       | 0.3.2        |
| httmultiparty                                   | 0.3.16       |
| rspec-support                                   | 3.5.0        |
| rspec-core                                      | 3.5.4        |
| rspec-expectations                              | 3.5.0        |
| rspec-mocks                                     | 3.5.0        |
| rspec                                           | 3.5.0        |
| simplecov-html                                  | 0.10.0       |
| simplecov                                       | 0.14.1       |
| hockeyapp                                       | 0.0.15       |
| fastlane-plugin-latest_hockeyapp_version_number | 1.0.0        |
</details>


*generated on:* **2017-04-06**
</details>

@ghost
Copy link

ghost commented Apr 6, 2017

I believe similar issues have been solved in the past, a quick search I found #7821

(On mobile right now, it's hard to dig further into GitHub from a phone :/ )

@gereons
Copy link
Author

gereons commented Apr 6, 2017

Thanks, I'll check that out ASAP.

@ghost
Copy link

ghost commented Apr 7, 2017

I'll keep an eye on this post and try to help is I can. I ran into the fffffff error at one point. I remember it being an environment issue over a fastlane one, but I could be wrong.

@gereons
Copy link
Author

gereons commented Apr 7, 2017

After setting up a new box from scratch and running into the exact same problem there, I was finally able to resolve this using the 2nd answer from this SO question.

Basically, in addition to unlocking the keychain it is also necessary to run security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k keychainPass keychainName

@starhoshi
Copy link

This may be the problem. #6866 (comment)
I succeeded in using CircleCI.

example:

create_keychain(
  name: ENV["MATCH_KEYCHAIN_NAME"], 
  password: ENV["MATCH_KEYCHAIN_PASSWORD"],
  timeout: 1800
)

match(keychain_name: ENV["MATCH_KEYCHAIN_NAME"], 
      keychain_password: ENV["MATCH_KEYCHAIN_PASSWORD"])

@gereons
Copy link
Author

gereons commented Apr 11, 2017

This certainly looks similar, but I don't think it's the same underlying problem.

What really solved it for me was using set-key-partition-list and passing it codesign: as one of the values of the -S option.

@grEvenX
Copy link

grEvenX commented Apr 26, 2017

I worked around this by creating a new keychain with a password and setting the KEYCHAIN_PATH and KEYCHAIN_PASSWORD environment variables.

@acalism
Copy link

acalism commented Apr 28, 2017

My solution,
clean all imported p12 item about your project, and remove all mobileprovision file ( or just related mobileprovision with this project).
An absolute truth is, old mobileprovision might cause new mobileprovision file be not in effect.

Hope it will help someone.

@asidden
Copy link

asidden commented May 10, 2017

for those, who search for the answers (because this threads pops up in the top of google search results)

in my case, the keychain contained 3 iOS Developer certificates for a single dev team, so I had to revoke them manually, delete from keychain and create a new one. These steps, resolved my issue immediately.

@semireg
Copy link

semireg commented May 10, 2017
edited
Loading

Our Jenkins build server is also having this problem. Curiously, fastlane mylane builds and successfully generates a signed IPA if I'm logged in to desktop as user jenkins. But if I try running from jenkins via browser it fails with:

The following build commands failed:
PhaseScriptExecution [CP]\ Embed\ Pods\ Frameworks /Users/Shared/Jenkins/Library/Developer/Xcode/DerivedData/MyApp_Mobile-dgutwijgjsaamffoginrqioxpmvb/Build/Intermediates/ArchiveIntermediates/MyApp\ Mobile/IntermediateBuildFilesPath/MyApp\ Mobile.build/Release-iphoneos/MyApp\ Mobile.build/Script-2E74B4A6392871F51519EFD3.sh
(1 failure)
[15:37:08]: Exit status: 65

Then...

For a more detailed error log, check the full log at:

Code Signing /Users/Shared/Jenkins/Library/Developer/Xcode/DerivedData/MyApp_Mobile-dgutwijgjsaamffoginrqioxpmvb/Build/Intermediates/ArchiveIntermediates/MyApp Mobile/InstallationBuildProductsLocation/Applications/MyApp Mobile.app/Frameworks/CocoaAsyncSocket.framework with Identity iPhone Distribution: Company Corporation (XXXXXXXXXXX)
/usr/bin/codesign --force --sign BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH --preserve-metadata=identifier,entitlements '/Users/Shared/Jenkins/Library/Developer/Xcode/DerivedData/MyApp_Mobile-dgutwijgjsaamffoginrqioxpmvb/Build/Intermediates/ArchiveIntermediates/MyApp Mobile/InstallationBuildProductsLocation/Applications/MyApp Mobile.app/Frameworks/CocoaAsyncSocket.framework'
/Users/Shared/Jenkins/Library/Developer/Xcode/DerivedData/MyApp_Mobile-dgutwijgjsaamffoginrqioxpmvb/Build/Intermediates/ArchiveIntermediates/MyApp Mobile/InstallationBuildProductsLocation/Applications/MyApp Mobile.app/Frameworks/CocoaAsyncSocket.framework: unknown error -1=ffffffffffffffff
Command /bin/sh failed with exit code 1

@gereons, where did you incorporate the call to security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k keychainPass keychainName ? I tried adding to the line above where I call fastlane in the Jenkins "execute shell" section. The security command runs OK (same output as when I run as user jenkins, so it's "working") but it doesn't affect the original code signing error.

@semireg
Copy link

semireg commented May 10, 2017

I fixed it using advice from Apple forums.

I removed /Users/Shared/Jenkins/Library/Developer/Xcode/DerivedData/MyApp_Mobile-dgutwijgjsaamffoginrqioxpmvb

Yip yip!

@gereons
Copy link
Author

gereons commented May 12, 2017

@semireg In our setup, this is part of the script that Jenkins executes:

security unlock-keychain -p $MATCH_PASSWORD ~/Library/Keychains/fastlane-db
security set-keychain-settings -l -u -t 3600 ~/Library/Keychains/fastlane-db
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MATCH_PASSWORD ~/Library/Keychains/fastlane-db

bundle exec fastlane beta

@oscahie
Copy link

oscahie commented May 12, 2017
edited
Loading

I had to deal with this issue years ago, and just today once again after setting up a new mac mini as a Jenkins node, and since using the Keychain app to grant all applications access to the private keys still doesn't really work under an SSH session, I've applied the same solution I had used before: run another sshd instance from the local jenkins user and configure Jenkins to connect to that one instead. At the same time I keep the jenkins user logged in and prevent the account from auto-locking when idle, but I'm not sure whether the latter is still necessary nowadays.

I use the following shell script to run the additional sshd instance. I recall copying it from somewhere else and then modifying it to use password authentication instead of ssh keys to log-in.

#!/bin/bash

INSTALL_PATH=$HOME/custom_sshd
SSH_HOST_KEY=$INSTALL_PATH/ssh_host_dsa_key
SSH_HOST_RSA_KEY=$INSTALL_PATH/ssh_host_rsa_key
SSH_HOST_DSA_KEY=$INSTALL_PATH/ssh_host_dsa_key
SSHD_PORT=2222

[ ! -f $SSH_HOST_KEY ]     && ssh-keygen -q -t rsa1 -f $SSH_HOST_KEY      -N "" -C "" < /dev/null > /dev/null 2> /dev/null
[ ! -f $SSH_HOST_RSA_KEY ] && ssh-keygen -q -t rsa  -f $SSH_HOST_RSA_KEY  -N "" -C "" < /dev/null > /dev/null 2> /dev/null
[ ! -f $SSH_HOST_DSA_KEY ] && ssh-keygen -q -t dsa  -f $SSH_HOST_DSA_KEY  -N "" -C "" < /dev/null > /dev/null 2> /dev/null

function runSSHD() {
 /usr/sbin/sshd -D -p $SSHD_PORT -h $SSH_HOST_KEY -h $SSH_HOST_RSA_KEY -h $SSH_HOST_DSA_KEY -o UsePam=yes -o PasswordAuthentication=yes
}

echo "Starting up the jenkins sshd server..."

while :
do
   runSSHD
done

And to run it automatically from your jenkins user account (upon logging in), add a plist file under ~/Library/LaunchAgents, e.g:

/Users/jenkins/Library/LaunchAgents/com.example.jenkins_sshd.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>Label</key>
   <string>com.example.jenkins_sshd</string>
   <key>Program</key>
   <string>/Users/jenkins/jenkins_sshd.sh</string>
   <key>RunAtLoad</key>
   <true/>
</dict>
</plist>

Finally update the Jenkins node configuration to use the port 2222 instead of the default 22.

@ghost
Copy link

ghost commented Jun 5, 2017

@gereons When I run security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MATCH_PASSWORD ~/Library/Keychains/fastlane-db I get security: SecItemCopyMatching: The specified item could not be found in the keychain. error message.
Did you have something similar also?

@gereons
Copy link
Author

gereons commented Jun 6, 2017

@l-nawrocki sorry, didn't run into that, AFAIR.

@CaptainScavo
Copy link

I fixed it using advice from Apple forums.

Per that Apple thread, moving the Certificate from System keychain to Login keychain fixed the -1 error for me.

@daniel-beard
Copy link
Contributor

@gereons THANK YOU! Adding codesign: to the partition list is exactly what I needed.

@ohayon
Copy link
Contributor

ohayon commented Jun 14, 2017

Seems like things are working well for people. I am going to close this, but please feel free to continue discussion and we will reopen if necessary!! 🚀

@ohayon ohayon closed this as completed Jun 14, 2017
@ZevEisenberg
Copy link
Contributor

One more helpful hint: the security command seems not to like relative paths. If you're using keychain files, rather than, say, the standard login.keychain, give it a full path starting with /.

@fastlane fastlane locked and limited conversation to collaborators Oct 10, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests