Codesign returned unknown error -1=ffffffffffffffff

Question

I tried to code sign an iOS application, These are the steps that i followed

    security create-keychain -p password ${KEYCHAIN}
    security set-keychain-settings -u -t 300 ${KEYCHAIN}
    security list-keychains -d user -s login.keychain ${KEYCHAIN}
    security import "$1" -k ${KEYCHAIN} -A -P "${PASSPHRASE}" -A >/dev/null
    security unlock-keychain -p password ${KEYCHAIN}

    /usr/bin/codesign -f -s $IDENTITY --keychain $KEYCHAIN --entitlements $ENTITLEMENTS Payload/Test.app

This returned me Codesign returned unknown error -1=ffffffffffffffff via ssh.

If i directly execute the code sign command in the machine, it's successfully signing.

The issue is only in Mac OS Sierra.

Answer 1

Even though we installed the right certs in the keychain and the right Provisioning Profile under ~/Library/MobileDevices/Provisioning Profiles.

We may also see

unknown error -1=ffffffffffffffff

For this error, I tried the below steps to fixed the issue:

1. Reboot the machine, unlock keychain using "securify unlock-keychain", lock the keychain again
2. Remove ~/Library/Developer/Xcode/DerivedData folder.
3. Run carthage bootstrap --platform iOS
4. Open the source code syncing down workspace, run "xattr -rc ." then open the .xcodeproject file in xcode.
5. Turned on the automatic signing for each target. Need to login with valid credentials.
6. Click on the provisioning profile under signing.
7. unlock the keychain again
8. Changing the build device to Generic Devices, under Product --> Clean, then Product –> Archive
9. There will be a keychain access allow showed up, click "Always Allow".
10. You should make sure the archive is successful then trigger the Jenkins job again.

Answer 2

This happens in a headless build because the prompt for key access cannot be shown or responded to. The solution is to prevent that prompt from showing by granting access to the key in advance.

Open Keychain Access, find the key for your signing certificate (login-> Certificates, then expand the certificate to reveal its key). Right-click on the key and select: Get Info -> Access Control, and select "Allow all applications to access this item".

Answer 3

I am going to chip in as well as I had to try a few more things than the ones mentioned here: the problem was that keychain doesn't like SSH sessions. I had to execute these in my session to fix it:

security unlock-keychain -p MY_PASS ~/Library/Keychains/login.keychain
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k MY_PASS ~/Library/Keychains/login.keychain
security set-keychain-settings ~/Library/Keychains/login.keychain

I've also removed my current certificates system/account certificates by removing my account from XCode (I use fastlane to do building) but I suspect that this shouldn't have impacted it.

Answer 4

You might have exported some file like p12 from KeyChain, and when OS asked for your root password, and you denied it, then Xcode will code sign error with this info.

If this maybe so, you should repeat the above action, input your password and click allow, and then it will be ok to code sign.

Answer 5

Got the same issue but while archiving directly from Xcode. Sharing the solution in case it helps.

Sometimes, Keychain seems to end up in a corrupted state. Using MacOS Sierra too.

Symptoms :

Relogin needed to access Accounts after restarting Xcode

Prompting for password while using Keychain Access for some operations

Keychain Access - Error while accessing login keychain via Change Settings for Keychain ...

What fixes it for me is locking and unlocking (password required) the involved Keychain, login in my case.

Answer 6

@madhu I have been trying to fix the same issue and found that Access Control for the key associated with the certificate in question was set to "Confirm before allowing access" which didn't work in Jenkins. I modified it (thru Keychain Access gui - Get Info, Access Control) to "Allow all applications to access this item" and my build was successful.

Answer 7

I've tried almost all the existing suggestions over the web, none of them helped...

Finally only re-generating the Provisioning Profile (for AdHoc), re-downloading it and placing it to ~/Library/MobileDevice/Provisioning Profiles/ overwriting the existing one saved my life.

By the way, AppStore build was successful all this time, so the issue was definitely in the AdHoc profile itself (pretty strange, since it looked nice by all means).

Answer 8

Had the same problem a while ago, adding

security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k password ${KEYCHAIN}

solved it for me.