xcodebuild error - SecKey API returned: -25308

2020-07-07 10:54发布

问题:

I'm receiving the error below while trying to build my iOS app. This error only occurs while building for the Release configuration. Also, I'm using CocoaPods for my third-party dependencies and these builds are running on Jenkins through SSH.

SecKey API returned: -25308, (null)/Users/iosbuilder/Library/Developer/Xcode/DerivedData/*/Build/Intermediates/ArchiveIntermediates/Production/InstallationBuildProductsLocation/Applications/*.app/Frameworks/AFNetworking.framework: 
unknown error -1=ffffffffffffffff
Command /bin/sh failed with exit code 1

I've tried unlocking the keychain on the build server to make sure there isn't a UI block for keychain permissions, but the issue still persists...

Any idea why this is occurring and how I might fix the issue?

回答1:

It is a keychain access issue. Solution is Here

With the code in the link you can try to execute that in shell on the build config of the project



回答2:

Just restarted my machine. And it worked.



回答3:

You can use the security command to lookup the error code. In this case, it says "User interaction not allowed". This is typical if you're trying to sign your app via SSH, script of through Jenkins.

security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.

You need to do a security command to enable codesigning of your application through a non interactive shell:

security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private <your.keychain>

Here is a "complete" Jenkins / SSH friendly script to signing your app:

MY_KEYCHAIN="temp.keychain"
MY_KEYCHAIN_PASSWORD="secret"
CERT="certificate.p12"
CERT_PASSWORD="certificate secret"

security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Create temp keychain
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g) # Append temp keychain to the user domain
security set-keychain-settings "$MY_KEYCHAIN" # Remove relock timeout
security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Unlock keychain
security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -T "/usr/bin/codesign" # Add certificate to keychain
CERT_IDENTITY=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | sed -e 's/[^"]*"//' -e 's/".*//') # Programmatically derive the identity
CERT_UUID=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | awk '{print $2}') # Handy to have UUID (just in case)
security set-key-partition-list -S apple-tool:,apple: -s -k $MY_KEYCHAIN_PASSWORD -D "$CERT_IDENTITY" -t private $MY_KEYCHAIN # Enable codesigning from a non user interactive shell
### INSERT BUILD COMMANDS HERE ###
security delete-keychain "$MY_KEYCHAIN" # Delete temporary keychain

Shout out to Bochun Bai for spending 3 weeks with Apple support to finding the solution to the -25308 issue and posting it to https://sinofool.net/blog/archives/322