When packaging, the Codesign task uses ProvisioningProfileReader to generate a Plist from each Provisioning Profile. This works by using security cms. If security cms is used without the -k flag, it will use the current users default Keychain. This is a problem on some CI systems, that use a service user without a default / login Keychain. The command will fail with an error:
security cms -D -i <provisioning-profile> -o <output-plist>
security: cert import failed: A default keychain could not be found.
security: problem decoding
Due to this, signing is impossible on a system without a default keychain.
I solved this issue by using the Keychain that is created by the gradle-xcodePlugin instead of the default keychain.
With this PR, the ProvisioningProfileReader will add the -k flag to the command and specify the created keychain.
When packaging, the
Codesign
task usesProvisioningProfileReader
to generate a Plist from each Provisioning Profile. This works by usingsecurity cms
. Ifsecurity cms
is used without the-k
flag, it will use the current users default Keychain. This is a problem on some CI systems, that use a service user without a default / login Keychain. The command will fail with an error:Due to this, signing is impossible on a system without a default keychain.
I solved this issue by using the Keychain that is created by the gradle-xcodePlugin instead of the default keychain.
With this PR, the
ProvisioningProfileReader
will add the-k
flag to the command and specify the created keychain.