Codesign returns unknown error after "replacing existing signature"

Asked 1/8, 2017 at 14:32 Answered 23/1, 2020 at 16:44

Solved ios xamarin msbuild codesign xbuild

I am trying to build a Xamarin iOS app using xbuild on Jenkins. Sometimes the build fails during the codesigning process with an unknown error -1=ffffffffffffffff and sometimes the build succeeds. The provisioning profile is stored in a separate keychain jenkins.keychain (not the system or login keychain) that is referenced by Jenkins through the Keychains and Provisioning Profiles Plugin.

This is the console log of Jenkins:

Target _CodesignAppBundle:
    Codesign Task
      CodesignAllocate: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
      DisableTimestamp: False
      Entitlements: obj/iPhone/In-House/Entitlements.xcent
      Keychain: <null>
      Resources:
        bin/iPhone/In-House/MyApp.app
      ResourceRules: <null>
      SigningKey: 123
      ExtraArgs: <null>
      IsAppExtension: False
    Tool /usr/bin/codesign execution started with arguments: -v --force --sign 123 --entitlements /private/var/lib/jenkins/workspace/Master/Apps/iOS/obj/iPhone/In-House/Entitlements.xcent /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app


bin/iPhone/In-House/MyApp.app: error : /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: replacing existing signature
   /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: unknown error -1=ffffffffffffffff
    Task "Codesign" execution -- FAILED
    Done building target "_CodesignAppBundle" in project "/private/var/lib/jenkins/workspace/Master/Apps/iOS/MyApp.csproj".-- FAILED

As suggested in Codesign returned unknown error -1=ffffffffffffffff I added set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PW} ${KEYCHAIN_PATH} to my build script but it did not fix the issue.

Do you have any idea how to address this issue? Why is there an existing signature to be replaced?

Update 1 - We keep getting the error after:

switching from xbuild to msbuild version 15.3.0.0
setting jenkins keychain to "Allow all applications to access this item"
deleting the derived data folder
not using relative paths for security commands

A similar problem is described in the Apple forum.

Soapbark answered 1/8, 2017 at 14:32 Comment(0)

What fixed the issue:

The keychain filename extension changed from *.keychain to *.keychain-db on macOS Sierra. The code signing error was caused by referencing the old keychain file while we were editing in fact the jenkins.keychain-db file containing updated certificates. Keychains with the new extension are rejected from the upload with Jenkins' keychain plugin. So we do not use the keychain plugin any longer and store the signing certificates inside the login.keychain-db. With this we can successfully build the app without the unknown error.

Soapbark answered 30/8, 2017 at 9:7 Comment(0)

My resolution to this problem was ensuring that the Mac had proper permissions to use the new certificate. I was getting this code signing issue when trying to run a Jenkins job, but things ran properly on my local machine. When I tried manually code signing one of the Swift libraries (e.g. libswiftos.dylib), the Mac then asked for a password to be able to use the new certificate. Once I did that, the Jenkins job ran successfully.

Doorstone answered 23/1, 2020 at 16:44 Comment(0)

-1

Restarting the Mac could Fix the issue

Diploblastic answered 20/8, 2018 at 13:55 Comment(0)

Recommended topics

Hot tags