Jenkins with iOS development

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Jenkins with iOS development

Sami Tikka
I've been reading stackoverflow.com and seen there are lots of people
having problems with Jenkins in iOS development. This is because iOS
apps have to be signed and the signing certificates and keys and
whatnot are located in some user Keychain (a Mac OS specific native
keystone.) When Jenkins is running as a background daemon, it has no
access to the user keychain.

I saw some people discussing a possible fix in this page:
http://stackoverflow.com/questions/6827874/missing-certificates-and-keys-in-the-keychain-while-using-jenkins-hudson-as-cont/9968764#9968764

I am not an iOS developer myself, so I have not run into this problem.
Is there anyone here who can verify that adding the SessionCreate
setting to orgi.jenkins-ci.plist fixes the problem? Probably this is
not the whole solution. The keys and certificates still need to be
copied to the jenkins user keychain, I believe. Is there something we
can do to make it easier?

-- Sami
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Jenkins with iOS development

kenstir
I don't have any problem signing code with my iOS build fired by Jenkins.  I think it is straightforward if not easy.   I did not need to modify Jenkins in any way.  My setup is:
- linux master fires osx slave using SSH
- osx slave runs as user jenkins
- user jenkins has the signing cert loaded into its keychain
- user jenkins must allow access to the signing cert.  In the Keychain Access application, right-click on "XXX private key", choose Get Info, click Access Control, select "Allow all applications to access this item".
- key step here: build sh script executes this command:
    security unlock-keychain -p $PASSWORD ~/Library/Keychains/login.keychain

Hope that helps,
Ken 
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Jenkins with iOS development

Elkin, Michael

The application that requires access to your private key is “/usr/bin/codesign” if you don’t want to grant wildcard access to your private key. If you’re doing any simulator orchestration then you will also want to be sure that the user logged into the CI agent is the same user Jenkins is running as.

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of kenstir
Sent: Thursday, April 05, 2012 4:38 AM
To: [hidden email]
Subject: Re: Jenkins with iOS development

 

I don't have any problem signing code with my iOS build fired by Jenkins.  I think it is straightforward if not easy.   I did not need to modify Jenkins in any way.  My setup is:

- linux master fires osx slave using SSH

- osx slave runs as user jenkins

- user jenkins has the signing cert loaded into its keychain

- user jenkins must allow access to the signing cert.  In the Keychain Access application, right-click on "XXX private key", choose Get Info, click Access Control, select "Allow all applications to access this item".

- key step here: build sh script executes this command:

    security unlock-keychain -p $PASSWORD ~/Library/Keychains/login.keychain

 

Hope that helps,

Ken 


IMPORTANT NOTICE: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages sent from this company may contain information that is confidential and may be legally privileged. Please do not read, copy, forward or store this message unless you are an intended recipient of it. If you received this transmission in error, please notify the sender by reply e-mail and delete the message and any attachments.  ­­  
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Jenkins with iOS development

Sami Tikka
In reply to this post by kenstir
Great! I'm glad there is no problem building iOS applications using
Jenkins. The only funny thing is that plenty of people seem to have
trouble with it even though it is so easy.

I have a couple of follow-up questions:

You mention $PASSWORD needed to unlock the keychain. Since Jenkins Mac
installer creates the "jenkins" user with no password and with login
disabled, you have probably done some additional customization? What
did you need to do? Change login shell? Change password?

Did you also need to set up something in the jenkins user's home
directory? mkdir Library?

Thanks,

-- Sami

2012/4/5 kenstir <[hidden email]>:

> I don't have any problem signing code with my iOS build fired by Jenkins.  I
> think it is straightforward if not easy.   I did not need to modify Jenkins
> in any way.  My setup is:
> - linux master fires osx slave using SSH
> - osx slave runs as user jenkins
> - user jenkins has the signing cert loaded into its keychain
> - user jenkins must allow access to the signing cert.  In the Keychain
> Access application, right-click on "XXX private key", choose Get Info, click
> Access Control, select "Allow all applications to access this item".
> - key step here: build sh script executes this command:
>     security unlock-keychain -p $PASSWORD ~/Library/Keychains/login.keychain
>
> Hope that helps,
> Ken
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Jenkins with iOS development

Christopher Orr
In reply to this post by Sami Tikka
On 04/02/2012 12:15 AM, Sami Tikka wrote:
> I am not an iOS developer myself, so I have not run into this problem.
> Is there anyone here who can verify that adding the SessionCreate
> setting to orgi.jenkins-ci.plist fixes the problem? Probably this is
> not the whole solution. The keys and certificates still need to be
> copied to the jenkins user keychain, I believe. Is there something we
> can do to make it easier?

I'm not an iOS developer either, but I had the impression that the
Jenkins Xcode Plugin was designed to automate some of this keychain stuff.

I haven't seen that mentioned here or on Stack Overflow, so perhaps it's
worth a look:
https://wiki.jenkins-ci.org/display/JENKINS/Xcode+Plugin

Regards,
Chris
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Jenkins with iOS development

Sami Tikka
I would still like to know if installing the Xcode plugin only is enough or does the standard Jenkins installation on Mac need some tweaks.

-- Sami

Christopher Orr <[hidden email]> kirjoitti 11.4.2012 kello 23.18:

> On 04/02/2012 12:15 AM, Sami Tikka wrote:
>> I am not an iOS developer myself, so I have not run into this problem.
>> Is there anyone here who can verify that adding the SessionCreate
>> setting to orgi.jenkins-ci.plist fixes the problem? Probably this is
>> not the whole solution. The keys and certificates still need to be
>> copied to the jenkins user keychain, I believe. Is there something we
>> can do to make it easier?
>
> I'm not an iOS developer either, but I had the impression that the Jenkins Xcode Plugin was designed to automate some of this keychain stuff.
>
> I haven't seen that mentioned here or on Stack Overflow, so perhaps it's worth a look:
> https://wiki.jenkins-ci.org/display/JENKINS/Xcode+Plugin
>
> Regards,
> Chris
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Jenkins with iOS development

Arnaud Héritier
Hi,

  Sorry I was off for a long period and a lot overwhelmed
  It should be better from now and I already saw new issues sent in the plugin bugtracker and pull requests in github.
  Many people are nowadays successfully using the xcode plugin on a jenkins server. It can be hosted itself on macos or on any other platform with an agent on macos.
  At the Jenkins User Conference Paris last week I did a presentation about this : http://www.slideshare.net/aheritier/hands-on-ios-developments-with-jenkins
  Feel free to ask more details if you need.

  Cheers,

Arnaud


On Sat, Apr 14, 2012 at 12:10 AM, Sami Tikka <[hidden email]> wrote:
I would still like to know if installing the Xcode plugin only is enough or does the standard Jenkins installation on Mac need some tweaks.

-- Sami

Christopher Orr <[hidden email]> kirjoitti 11.4.2012 kello 23.18:

> On 04/02/2012 12:15 AM, Sami Tikka wrote:
>> I am not an iOS developer myself, so I have not run into this problem.
>> Is there anyone here who can verify that adding the SessionCreate
>> setting to orgi.jenkins-ci.plist fixes the problem? Probably this is
>> not the whole solution. The keys and certificates still need to be
>> copied to the jenkins user keychain, I believe. Is there something we
>> can do to make it easier?
>
> I'm not an iOS developer either, but I had the impression that the Jenkins Xcode Plugin was designed to automate some of this keychain stuff.
>
> I haven't seen that mentioned here or on Stack Overflow, so perhaps it's worth a look:
> https://wiki.jenkins-ci.org/display/JENKINS/Xcode+Plugin
>
> Regards,
> Chris



--
-----
Arnaud Héritier
06-89-76-64-24
Mail/GTalk: [hidden email]
Twitter/Skype : aheritier

Loading...