Hello,
I am setting up a build (CICD) machine.
I create a keychain and imported certificate and my signing key.
I SSH into the machine and run xcodebuild:
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME
xcodebuild build \
-workspace "$WORKSPACE" \
-scheme "$SCHEME" \
-archivePath "$ARCHIVE_PATH" \
-configuration "$CONFIGURATION"
It fails with
Code Signing /Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Release-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework with Identity Apple Distribution: Sebastien Stormacq (56U756R2L2)
/usr/bin/codesign --force --sign 91C0CBE144634D8B64DFE0AD1676BF956C40D051 --preserve-metadata=identifier,entitlements '/Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Release-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework'
Warning: unable to build chain to self-signed root for signer "Apple Distribution: Sebastien Stormacq (56U756R2L2)"
/Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Release-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework: errSecInternalComponent
Notice these two lines
Warning: unable to build chain to self-signed root for signer "Apple Distribution: Sebastien Stormacq (56U756R2L2)"
errSecInternalComponent
I start a GUI session on the same machine, with the same user. I open a Terminal and type the exact same command
security unlock-keychain -p Passw0rd dev.keychain
xcodebuild build \
-workspace "$WORKSPACE" \
-scheme "$SCHEME" \
-archivePath "$ARCHIVE_PATH" \
-configuration "$CONFIGURATION"
the code signing succeeds with
** BUILD SUCCEEDED **
I think this indicates the keychain and signing certificate are correct, I still double checked :
All certificates, including the intermediate AppleWWDRCAGA3.cer, are in the keychain.
All certificates have "Use System default" as trust.
security dump-keychain | grep -i alis
"alis"<blob>="Apple Worldwide Developer Relations Certification Authority"
"alis"<blob>="Apple Worldwide Developer Relations Certification Authority"
"alis"<blob>="Apple Root CA - G2"
"alis"<blob>="Apple Root CA - G3"
"alis"<blob>="Apple Development: Sebastien Stormacq (UF9TVM4GSV)"
"alis"<blob>="Apple Distribution: Sebastien Stormacq (56U756R2L2)"
"alis"<blob>="Apple iPhone Certification Authority"
"alis"<blob>="Apple iPhone OS Provisioning Profile Signing"
"alis"<blob>="Apple Root CA"
What is different between SSH session and GUI Terminal session ?
I am trying to setup a headless machine (no GUI session whatsoever, only SSH) to CI/CD
My pre-build steps is to setup a keychain, but it looks like unlocking the keychain using just a SSH session is not working on macOS 11.6
ec2-user@ip-172-31-40-2 code % security create-keychain -p Passw0rd dev
ec2-user@ip-172-31-40-2 code % security list-keychain -d user -s dev
ec2-user@ip-172-31-40-2 code % security set-keychain-settings -t 0 dev
security: SecKeychainSetSettings dev: User interaction is not allowed.
ec2-user@ip-172-31-40-2 code % security unlock-keychain -p Passw0rd dev
ec2-user@ip-172-31-40-2 code % security set-keychain-settings -t 0 dev
security: SecKeychainSetSettings dev: User interaction is not allowed.
ec2-user@ip-172-31-40-2 code % security import ~/AppleWWDRCA.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/AppleWWDRCAG3.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/AppleRoot.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/DevAuthCA.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/apple_dev_key.p12 -k dev -A # this is my private key + cert
security: SecKeychainItemImport: User interaction is not allowed.
ec2-user@ip-172-31-40-2 code % security unlock-keychain -p Passw0rd dev
ec2-user@ip-172-31-40-2 code % security import ~/apple_dev_key.p12 -k dev -A
security: SecKeychainItemImport: User interaction is not allowed.
When doing the same from agri session, I can see that despite the unlock-keychain command, a GUI prompt is presented to the user to unlock the keychain.
I am developing a macOS app, with an embedded Finder Extension - https://developer.apple.com/documentation/findersync/fifindersync and I want the app and the extension to share UserDefaults - https://developer.apple.com/documentation/foundation/userdefaults
The App is Sandboxed for future distribution on the app store.
I followed instructions here : https://developer.apple.com/library/archive/documentation/General/Conceptual/ExtensibilityPG/ExtensionScenarios.html#//apple_ref/doc/uid/TP40014214-CH21-SW1
Both targets are part of the same app group, as it can be seen in the Entitlements:
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>$(TeamIdentifierPrefix)com.stormacq.mac.MyApp</string>
</array>
		<key>com.apple.security.files.user-selected.read-only</key>
		<true/>
	
2. I am accessing the UserDefaults by the suiteName :
	 let defaults = UserDefaults.init(suiteName: "TEAM_ID.com.stormacq.mac.MyApp")
	 //where TEAM_ID is the actual team id used to sign the app (something like 123AB45CDE)
	
However, when trying to read or write the defaults at App startup time, I receive this error message :
[User Defaults] Couldn't read values in CFPrefsPlistSource<0x600002c4d200> (Domain: TEAM_ID.com.stormacq.mac.MyApp, User: kCFPreferencesAnyUser, ByHost: Yes, Container: (null), Contents Need Refresh: Yes): Using kCFPreferencesAnyUser with a container is only allowed for System Containers, detaching from cfprefsd I found weird that the error message says Container: (null),.
The group container and the shared Preference file is created (and contains the correct default values set by my code) :
➜	~ ls -al ~/Library/Group\ Containers/TEAM_ID.com.stormacq.mac.MyApp/Library/Preferences/																						
total 8
drwx------	3 stormacq	1896053708	 96 Sep	6 19:58 .
drwx------	5 stormacq	1896053708	160 Sep	6 19:58 ..rw-------@ 1 stormacq	1896053708	103 Sep	6 19:58 TEAM_ID.com.stormacq.mac.MyApp.plist
I edited TEAM_ID to post this message
I am using Xcode 11.7 (Swift 5) and macOS 10.15.6. What did I miss ?
Post not yet marked as solved
Hello,
I am installing Xcode on a headless system (terminal only).
My script to install Xcode 12 is not working anymore with Xcode 12.5.
Assuming that I have downloaded already Xcode.xip and the Command Line Tools package from Apple's web site :
xip --expand xcode.xip
sudo mv Xcode.app /Applications
hdiutil mount ./xcode-cli.dmg
sudo installer -pkg /Volumes/Command\ Line\ Developer\ Tools/Command\ Line\ Tools.pkg -target /
hdiutil unmount /Volumes/Command\ Line\ Developer\ Tools/
sudo xcodebuild -license accept
The last command fails with xcrun: error: invalid active developer path (/Applications/Xcode.app/Contents/Developer), missing xcrun at: /Applications/Xcode.app/Contents/Developer/usr/bin/xcrun
xcrunis present in /usr/bin
ec2-user@ip-172-31-18-221 ~ % which xcrun
/usr/bin/xcrun
ec2-user@ip-172-31-18-221 ~ % xcode-select --version
xcode-select version 2384.
ec2-user@ip-172-31-18-221 ~ % sw_vers
ProductName: macOS
ProductVersion: 11.4
BuildVersion: 20F71
How to install Xcode 12.5 and it's command line tools on a headless system ?
sebsto.