Search code examples
jenkinsxcodebuildjenkins-plugins

Not possible to set the Jenkins' XCode plugin to use a specified keychain?

The XCode plugin seems to make the assumption that only keychains from the user jenkins can be used for signing XCode builds.

There is a section called Keychain path, however if I enter into there the following,
/Users/Me/Library/Keychains/login.keychain

then the build logshows the following:

"Will not set default: file /Users/Shared/Jenkins/Library/Keychains/Users/Me/Library/Keychains/login.keychain does not exist"

So the plugin has appended what I entered onto /Users/Shared/Jenkins/Library/Keychains/.

If I leave it as the default value of 

${HOME}/Library/Keychains/login.keychain

then the build log says:

"Will not set default: file /Users/Shared/Jenkins/Library/Keychains/login.keychain does not exist"

Thus the XCode build plugin is forcing users to be Jenkins - which means its necessary to set up a keychain as the user Jenkins? In which case, how is this done - when Jenkins is installed onto a Mac it by default creates a user called jenkins but AFAIK this is an anonymous user and its not actually possible to logon to the machine as the user jenkins. Therefore how are keychains for the user jenkins created?

Why does the plugin force this, and why is none of this aspect of things documented?

If I can use a keychain from a different user then how? - its not documented.

Solution

  • I've given up on that plugin for this and couple other reasons, and I am running my Xcode build and signing from the command line, with "Execute Shell" step.

    xcodebuild -verbose -alltargets -configuration Debug clean build CODE_SIGN_IDENTITY="${CODE_SIGN_IDENTITY}" PROVISIONING_PROFILE=${PROVISIONING_PROFILE}
&&
/usr/bin/xcrun -sdk iphoneos PackageApplication -v "${WORKSPACE}/client_trunk/build/Debug-iphoneos/${Application}.app" -o "${WORKSPACE}/client_trunk/build/Debug-iphoneos/${Application}-Debug-${shortVer}.${revVer}.ipa" --sign "${CODE_SIGN_IDENTITY}" --embed "/Users/[youruser]/Library/MobileDevice/Provisioning Profiles/${PROVISIONING_PROFILE}.mobileprovision"

    Above, ${CODE_SIGN_IDENTITY} is the one that looks like iPhone Developer: blah And ${PROVISIONING_PROFILE} is the hex number for the profile like F152C66E-B99A-47F6-B262-376CE4403D71

    To address your keychain problem try this:

    security default-keychain -s <keychain-name>.keychain