codesign --keychain gets ignored

Question

I am exporting App archives using the command line tools (xcodebuild). Essentially this is what I running:

xcodebuild -workspace "${WORKSPACE_PATH}" \
    -scheme "${SCHEME_NAME}" \
    -archivePath "${PROJECT_ARCHIVE}" \
    -configuration "${CONFIGURATION}" \
    -sdk "${TARGET_SDK}" \
    DEVELOPMENT_TEAM="XXXXXXXX" \
    OTHER_CODE_SIGN_FLAGS="--keychain /Users/user/Library/Keychains/jenkins.keychain" \
    archive

And this is the result:

Check dependencies
No signing certificate "iOS Development" found:  No "iOS Development" signing certificate matching team ID "XXXXXXX" with a private key was found.
Code signing is required for product type 'Application' in SDK 'iOS 10.2'

** ARCHIVE FAILED **


The following build commands failed:
Check dependencies
(1 failure)
$ echo $?
65

The code signing fails because codesign ignores the --keychain parameter. Now here is the interesting part. The keychain I want to use is jenkins.keychain-db (as specified above). That certainly does not work. Here is my keychain search list:

$ security list-keychains
"/Users/user/Library/Keychains/login.keychain-db"
"/Library/Keychains/System.keychain"

Obviously jenkins.keychain-db is not in there as it should be. If I am adding the jenkins.keychain-db in the search list it starts working.

Unfortunately this is not a solution for me because I do have multiple keychains with the same private keys and certificates. That leads xcodebuild to pick up the first right certificate that it can find which will fails because the keychain is probably not unlocked.

codesign --keychain gets ignored

Answers (1)

Related Questions