无法远程构建Xcode项目

Question

I have a jenkins server connecting to a remote mac mini through ssh to execute a shell script that has to build an IPA from a unity project.

When the shell script is executed locally on the mac mini everything goes fine. But when the shell script is ran from jenkins (with the exact same parameter and the same user) it fails codesigning the archive.

I will share with you the obfuscated shell script as well as the build log.

Thank you for your help in advance.

The shell script :

#!/bin/bash

# Consider directory paths initialized in parameter here
#
#
# Consider git cleaning / fetching commit here
#
#
# Consider environment / version and build name controls here
#
#
# Start Unity Build :

/Applications/Unity2017.4.10f1/Unity.app/Contents/MacOS/Unity -batchmode -quit -projectPath "$SOURCE_PATH" -executeMethod "BuildManager.BuildPlayer" -logFile "$BUILD_LOG_FILE" -buildEnvironment "$ENVIRONMENT" -buildPlatform "IOS" -buildPath "$TARGET_BUILD_DIR" -overrideVersion "$OVERRIDE_VERSION"

if [ ! -d "${TARGET_BUILD_DIR}/Unity-iPhone.xcodeproj" ]
then
    echo "[ERR]Exporting unity project to Xcode failed."
    exit 1
else
    echo "Build successfull"
fi
#
#
# Consider initializing a param for the provisioning profile file path
#
#
# Consider initializing a param for the plist file path

cd $TARGET_BUILD_DIR

# archive generated xcode project    
xcodebuild -scheme "Unity-iPhone" -archivePath "${DEPLOY_DIR_ROOT}/${BUILD_NAME}_${FILE_FORMAT_VERSION}/archive.xcarchive" -sdk iphoneos -configuration Release PROVISIONING_PROFILE="${PROVISIONING_PROFILE_PATH}" archive

if [ $? != 0 ]; then
    echo "FAILED ARCHIVING XCODE PROJECT"
    exit 1
fi

# export ipa from archive
xcodebuild -exportArchive -archivePath "${DEPLOY_DIR_ROOT}/${BUILD_NAME}_${FILE_FORMAT_VERSION}/archive.xcarchive" -exportOptionsPlist "${PLIST_PATH}" -exportPath "${DEPLOY_DIR_ROOT}/${BUILD_NAME}_${FILE_FORMAT_VERSION}"

if [ $? != 0 ]; then
    echo "FAILED EXPORTING IPA FROM ARCHIVE"
    exit 1
fi
#
# Section reserved for uploading the ipa to relevant remote storage
#
exit 0

So everything works like a charm (even the build can be installed on a device) when the shell script is ran locally from the terminal on the mac mini.

When it comes to run the shell script remotely through ssh it fails to codesign the archive. The user used over ssh is the same than the one used locally to run the script.

Here is the error :

CodeSign /#######/Library/Developer/Xcode/DerivedData/Unity-iPhone-#########/Build/Intermediates.noindex/ArchiveIntermediates/Unity-iPhone/InstallationBuildProductsLocation/Applications/#########.app (in target: Unity-iPhone) cd /#########/xcodeProjPath export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate

Signing Identity: "#########" Provisioning Profile: "iOS Team Provisioning Profile: #########" (#########)

/usr/bin/codesign --force --sign ######### --entitlements /#########/Library/Developer/Xcode/DerivedData/Unity-iPhone-#########/Build/Intermediates.noindex/ArchiveIntermediates/Unity-iPhone/IntermediateBuildFilesPath/Unity-iPhone.build/Release-iphoneos/Unity-iPhone.build/#########.app.xcent --timestamp=none /#########/Library/Developer/Xcode/DerivedData/Unity-iPhone-#########/Build/Intermediates.noindex/ArchiveIntermediates/Unity-iPhone/InstallationBuildProductsLocation/Applications/#########.app /#########/Library/Developer/Xcode/DerivedData/Unity-iPhone-#########/Build/Intermediates.noindex/ArchiveIntermediates/Unity-iPhone/InstallationBuildProductsLocation/Applications/#########.app: errSecInternalComponent

Command CodeSign failed with a nonzero exit code

** ARCHIVE FAILED **

I m kind of stuck right now since all my attempts didn't work at all ... Thank you in advance for your help.

EDIT:

mac mini on macOS High Sierra Version 10.13.6 (17G65)

xcode Version 10.0 (10A255)

Answer 1

Ok so for all of you guys struggling around this tricky subject ( totally invisible if we don't know enough about macOS ) there is kind of security system that still makes the difference between a local user and a remote access to a user.

So the keychain handling your keys and certificates ( used by codesign to sign your build ) is not usable out of the box for the remote user. Its needs to be unlocked first !!!

To know about the available keychains on your system just type in on your terminal :

security list-keychains

You should see something like :

"/Users/'YOURUSER'/Library/Keychains/login.keychain-db"
"/Library/Keychains/System.keychain"

And you guessed it right there, you have to unlock the keychain of your user ! Juste run this :

security unlock-keychain -p 'USER_PASSWORD' 'PATH_TO_USER_KEYCHAIN'

And that's it.

NB: Please let me know if I understood something wrong about all this.