Search code examples
iosxcodeosx-lionxcodebuildxcode4.3

Getting rid of duplicate system keychain in keychain list using jenkins launched as a mac osx slave through a StartupItem

I'm building my iOS projects from a jenkins slave and getting some weird results. If I try to build my project from the command-line as jenkins does it, there are no problems. But jenkins keeps telling me the identity appears more than once in the keychain. The identity is not duplicated, I checked it a lot of times.

I'm launching the jenkins slave as my user (using sudo -u, ps shows the correct user) from a StartupItem. The signing cert, its private key and the WWDR intermediate certificate are deployed into the System keychain because I cannot access the login keychain launching jenkins from the StartupItem.

After digging a little bit through SO and Google I've found that it could be related to something pointed in this question:

Missing certificates and keys in the keychain while using Jenkins/Hudson as Continuous Integration for iOS and Mac development

I have set a command-line step in order to print the list-keychains output and I'm getting the same:

+ security list-keychains
    "/Library/Keychains/System.keychain"
    "/Library/Keychains/applepushserviced.keychain"
    "/Library/Keychains/System.keychain"

But it is not working for me, xcodebuild keeps saying "Certificate identity 'XXXXXX' appears more than once in the keychain" and seems to be related as I have the System.keychain duplicated in the keychain list.

I cannot find a way to leave just one System.keychain into the list, I tried:

  • Executing a first script using security list-keychains -s in order to change the list w/o luck
  • Cleaning all the certs and keys and start over again
  • Resetting the keychains
  • Creating a dedicated user for the jenkins service trying to avoid any mess from the previous user, but seems to be something more system-wide related
  • Resetting LS database

Any clues from anyone?

I tried to leave a comment on the previous mentioned question but I'm a newbie, I can't do it and answering doesn't seems polite as I need to ask something, I'm not giving an answer. So any answer through this question would be appreciated. Thanks in advance!

Environment:

  • OSX Lion 10.7.3
  • Xcode 4.3
  • Xcode command-line tools updated
  • Jenkins ver. 1.456 and up to date plugins.
Solution

  • Currently, it cannot be done using a StartupItem... I've finally managed the problem using a LaunchDaemon based on an answer from the linked SO. This is the LaunchDaemon I'm using:

    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
        "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>GroupName</key>
        <string>wheel</string>
        <key>KeepAlive</key>
        <true/>
        <key>Label</key>
        <string>org.jenkins-ci</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/bin/java</string>
                <string>-jar</string>
                <string>/Users/jenkins/work/slave.jar</string>
                <string>-noCertificateCheck</string>
                <string>-jnlpUrl</string>
                <string>https://MySERVER/jenkins/computer/MacOSX/slave-agent.jnlp</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>UserName</key>
        <string>jenkins</string>
        <key>SessionCreate</key>
        <true/>
</dict>
</plist>