OTHER_CODE_SIGN_FLAGS keychain flag ignored?

I have just learned about the possibility to use OTHER_CODE_SIGN_FLAGS to specify the keychain which incl开发者_开发知识库udes the cert needed for building and signing an app. But unfortunately I cannot get it to work.

My script looks something like this:

#!/bin/bash
TARGET="MyProject"
CONFIGURATION="Release"
SDK="iphoneos"
IDENTITY="iPhone Developer: John Doe (XX22RR22O)"
KEYCHAIN="/Users/username/Library/Keychains/someKeyChain.keychain"
PASSWORD=""

security unlock-keychain -p ${PASSWORD} ${KEYCHAIN}
xcodebuild -target "${TARGET}" -configuration ${CONFIGURATION} -sdk $SDK CODE_SIGN_IDENTITY="${IDENTITY}" OTHER_CODE_SIGN_FLAGS="--keychain ${KEYCHAIN}"

But that fails:

Check dependencies
[BEROR]Code Sign error: The identity 'iPhone Developer: John Doe (XX22RR22O)' doesn't match any valid certificate/private key pair in the default keychain

But if I switch to the keychain first it works but that is not useable on a build server where multiple builds could happen simultaneously:

#!/bin/bash
TARGET="MyProject"
CONFIGURATION="Release"
SDK="iphoneos"
IDENTITY="iPhone Developer: John Doe (XX22RR22O)"
KEYCHAIN="/Users/username/Library/Keychains/someKeyChain.keychain"
PASSWORD=""

security unlock-keychain -p ${PASSWORD} ${KEYCHAIN}
security default-keychain -s ${KEYCHAIN}
xcodebuild -target "${TARGET}" -configuration ${CONFIGURATION} -sdk $SDK CODE_SIGN_IDENTITY="${IDENTITY}" OTHER_CODE_SIGN_FLAGS="--keychain ${KEYCHAIN}"

Hope you guys can help -Morten

I found that if I didn't add the keychain to keychain search list, xcodebuild would not respect the OTHER_CODE_SIGN_FLAG --keychain setting. I had to add this code:

// Early in the script
ORIGINAL_KEYCHAINS=`security list-keychains -d user`

// After I create my keychain, add it to the list
security list-keychains -d user -s ${ORIGINAL_KEYCHAINS} "${KEYCHAIN_NAME}"

// On cleanup
security list-keychains -d user -s ${ORIGINAL_KEYCHAINS} 

Needless to say, I lost hours figuring this out.

Also of help, making sure the keychain stays open for the length of your build. As advised here:

security -v set-keychain-settings -lut 7200 ${KEYCHAIN_NAME}

The answer is to upgrade: Xcode 4.3 respects the OTHER_CODE_SIGN_FLAGS flag during the Check dependencies build step.

I ran into the same problem while trying to set up CI for our iOS projects. I ended up updating the PackageApplication Perl script to support passing a keychain option. Location:

 /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/PackageApplication

I'm still waiting for some licensing clarification from Apple so that I can publish my updated script to GitHub.

None of these really works unless you have the simplest of scripted builds going. Like @Tyler said, PackageApplication doesn't support specifying the keychain, and some versions of xcode will require there be no duplicate certificates across keychains when they check dependencies.

Don't waste your times, just call Apple and ask them to rename one of your certificates (they will actually rename your company --- by appending a suffix --- and you just have to regenerate your certificates and update your profiles).