iosxamarinmsbuildcodesignxbuild

Codesign returns unknown error after "replacing existing signature"


I am trying to build a Xamarin iOS app using xbuild on Jenkins. Sometimes the build fails during the codesigning process with an unknown error -1=ffffffffffffffff and sometimes the build succeeds. The provisioning profile is stored in a separate keychain jenkins.keychain (not the system or login keychain) that is referenced by Jenkins through the Keychains and Provisioning Profiles Plugin.

This is the console log of Jenkins:

Target _CodesignAppBundle:
    Codesign Task
      CodesignAllocate: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
      DisableTimestamp: False
      Entitlements: obj/iPhone/In-House/Entitlements.xcent
      Keychain: <null>
      Resources:
        bin/iPhone/In-House/MyApp.app
      ResourceRules: <null>
      SigningKey: 123
      ExtraArgs: <null>
      IsAppExtension: False
    Tool /usr/bin/codesign execution started with arguments: -v --force --sign 123 --entitlements /private/var/lib/jenkins/workspace/Master/Apps/iOS/obj/iPhone/In-House/Entitlements.xcent /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app


bin/iPhone/In-House/MyApp.app: error : /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: replacing existing signature
   /private/var/lib/jenkins/workspace/Master/Apps/iOS/bin/iPhone/In-House/MyApp.app: unknown error -1=ffffffffffffffff
    Task "Codesign" execution -- FAILED
    Done building target "_CodesignAppBundle" in project "/private/var/lib/jenkins/workspace/Master/Apps/iOS/MyApp.csproj".-- FAILED

As suggested in Codesign returned unknown error -1=ffffffffffffffff I added set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PW} ${KEYCHAIN_PATH} to my build script but it did not fix the issue.

Do you have any idea how to address this issue? Why is there an existing signature to be replaced?

Update 1 - We keep getting the error after:

A similar problem is described in the Apple forum.


Solution

  • What fixed the issue:

    The keychain filename extension changed from *.keychain to *.keychain-db on macOS Sierra. The code signing error was caused by referencing the old keychain file while we were editing in fact the jenkins.keychain-db file containing updated certificates. Keychains with the new extension are rejected from the upload with Jenkins' keychain plugin. So we do not use the keychain plugin any longer and store the signing certificates inside the login.keychain-db. With this we can successfully build the app without the unknown error.