How do I add certificates for OS X Server 3.2.1 with Xcode 6.0.1
After I have upgraded both Xcode (to 6.0.1) and OS X Server (to 3.2.1) I can't figure out how to add certificates for the provisioning profiles so the Xcode bot can find them.
I have successfully added the provisioning file by copying the .mobileprovision file to /Library/Developer/XcodeServer/ProvisioningProfiles
But the error I get in the log is now:
CodeSign /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Products/Server\ build-iphoneos/Test.app
cd /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/Source/TEST
export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
export PATH="/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
Signing Identity: "iPhone Distribution: Greener Pastures ApS"
Provisioning Profile: "Greener Pastures Enterprise TEST"
(03F7CD73-FB25-422E-22A4-A80F12041005)
/usr/bin/codesign --force --sign 746ADC85C62D54BEC9FA874A8D777A38D4DB95CA --keychain /Library/Developer/XcodeServer/Keychains/Portal.keychain --resource-rules=/Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Products/Server\ build-iphoneos/Fnug.app/ResourceRules.plist --entitlements /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Intermediates/Fnug.build/Server\ build-iphoneos/Fnug.build/Fnug.app.xcent /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Products/Server\ build-iphoneos/Fnug.app
746ADC85C62D54BEC9FA874A8D777A38D4DB95CA: no identity found
Command /usr/bin/codesign failed with exit code 1
Which looks like: "I can't find the certificate for the specified provisioning profile".
And it looks like the certificate should be in the file /Library/Developer/XcodeServer/Keychains/Portal.keychain – which, unfortunately I am unable to edit.
I have tried adding the certificate to the file by using
sudo security import "/Users/administrator/Desktop/Greener Pastures Enterprise Distribution TEST Certificate.p12" -k /Library/Developer/XcodeServer/Keychains/Portal.keychain -A -T /usr/bin/codesign -T /usr/bin/xcodebuild -T /usr/bin/pkgbuild
But that prompts me for the "keychain password". Which I don't have (no, it is not the administrator account's password or the certificate password).
Does anyone know how to fix this?
Answer
Try to add your server to the developer portal first and remove all restrictions like explicit provisioning files from your project.
If this doesn't work, file a Radar explaining your configuration and why you think it should be supported by Apple.
If you are really, really sure it's a good idea to hack your server, possible breaking it, open a terminal on your server from an account with administrator privileges and:
Copy the Portal keychain to your desktop:
> sudo cp /Library/Developer/XcodeServer/Keychains/Portal.keychain ~/Desktop/Password:your-administrator-password> sudo chown `whoami`:staff ~/Desktop/Portal.keychainSet the Portal keychain password to “123”
> security set-keychain-password -o "`sudo cat /Library/Developer/XcodeServer/SharedSecrets/PortalKeychainSharedSecret`" ~/Desktop/Portal.keychainNew Password:123Retype New Password:123Open the Keychain in Keychain Access:
> open -b com.apple.keychainaccess ~/Desktop/Portal.keychainUnlock the “Portal” keychain using password “123”
Copy the needed keys from your personal “login” keychain to the “Portal” keychain.
Make sure the private keys have the right access rights (in the “Access Control” tab), “xcsbuildd”, “xcscontrol”, “xcodebuild” and “codesign” should be listed
Lock the “Portal” keychain, quit “Keychain Access”
Reset the Portal keychain password:
> security set-keychain-password -p "`sudo cat /Library/Developer/XcodeServer/SharedSecrets/PortalKeychainSharedSecret`" ~/Desktop/Portal.keychainPassword:your-administrator-password (optional step)Old Password:123It may or may not ask you for your administrator password again, pay attention to the prompt.
Copy the Portal keychain back
> sudo chown _xcsbuildd:_xcs ~/Desktop/Portal.keychain > sudo cp ~/Desktop/Portal.keychain /Library/Developer/XcodeServer/Keychains/Since the system caches open keychains, restart you computer.
Don't just blindly copy keys to the Portal keychain. Try other solutions first and ask on stack overflow if you need help. Only follow this procedure after filing a Radar, not just because “things don't work”. You will destroy your system when you are not exactly sure what you're doing here.
Alternate procedure (for the advanced):
Copy the following script as importP12.sh:
#!/bin/sh
importP12()
{
P12FILE="$1"
XCS="/Library/Developer/XcodeServer";
XCBIN="$XCS/CurrentXcodeSymlink/Contents/Developer/usr/bin";
PORTALKC="$XCS/Keychains/Portal.keychain"
PORTALKCS="$XCS/SharedSecrets/PortalKeychainSharedSecret"
sudo security -i <<IMPORT
unlock-keychain -p "`sudo cat $PORTALKCS`" $PORTALKC
import "$P12FILE" -k $PORTALKC -T "$XCBIN/xcsbuildd" -T "$XCBIN/xcscontrol" -T "$XCBIN/xcodebuild" -T /usr/bin/codesign
lock-keychain $PORTALKC
IMPORT
}
echo "Please enter your account password:"
for p12 in "$@"
do
importP12 "$p12"
done
And do
> importP12.sh your-P12-file.p12
Password: your-administrator-password
A dialog asking you for the P12 import password should appear and you are set.