Jenkins deletes keys in keychain

1

We have a problem with fastlane when running on Jenkins. For some reason the key in the keychain gets removed when running the jenkins script. But if I run the command from command-line it works every time. First time I have provide password to gitrepo, second time it runs fine, but switching to Jenkins you can see the key is removed from keychain and subsequently it won't build (asking for password). See below for error log.

I've looked through all configuration I can find in jenkins but can't find anything that has to do with jenkins and keychain. We have one moduled installed for keychain:
Keychains and Provisioning Profiles Management, but this one is disabled just to see whether that one was the problem or not. But it didn't work after disabling it either. So I don't think it is that.

We're running Jenkins ver. 1.625.3 and fastlane latest version provided from zipfile due to issue with ssh and apple. See versions below. What are we missing?

Our fastlane build output:

16:42:50 [EnvInject] - Loading node environment variables.
16:42:50 Building remotely on myapp-mac-001 in workspace /Users/bob/workspace/myapp-ios
16:42:50 [WS-CLEANUP] Deleting project workspace...
16:42:50 [WS-CLEANUP] Done
16:42:50 Cloning the remote Git repository
16:42:50 Cloning repository ssh://server/git/myapp-ios.git
16:42:50  > /usr/bin/git init /Users/bob/workspace/myapp-ios # timeout=10
16:42:50 Fetching upstream changes from ssh://server/git/myapp-ios.git
16:42:50  > /usr/bin/git --version # timeout=10
16:42:50 using GIT_SSH to set credentials This key can authenticate against source servers
16:42:50  > /usr/bin/git fetch --tags --progress ssh://server/git/myapp-ios.git +refs/heads/*:refs/remotes/origin/*
16:42:52  > /usr/bin/git config remote.origin.url ssh://server/git/myapp-ios.git # timeout=10
16:42:52  > /usr/bin/git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
16:42:52  > /usr/bin/git config remote.origin.url ssh://server/git/myapp-ios.git # timeout=10
16:42:52 Fetching upstream changes from ssh://server/git/myapp-ios.git
16:42:52 using GIT_SSH to set credentials This key can authenticate against source servers
16:42:52  > /usr/bin/git fetch --tags --progress ssh://server/git/myapp-ios.git +refs/heads/feature/*:refs/remotes/origin/feature/*
16:42:53 Seen branch in repository origin/develop
16:42:53 Seen branch in repository origin/feature/fastlane_fix
16:42:53 Seen branch in repository origin/feature/new_structure
16:42:53 Seen branch in repository origin/master
16:42:53 Seen 4 remote branches
16:42:53 Checking out Revision 13a27f98eb9e879ccf31729401160af4217b3520 (origin/feature/new_structure)
16:42:53  > /usr/bin/git config core.sparsecheckout # timeout=10
16:42:53  > /usr/bin/git checkout -f 13a27f98eb9e879ccf31729401160af4217b3520
16:42:53  > /usr/bin/git rev-list 13a27f98eb9e879ccf31729401160af4217b3520 # timeout=10
16:42:53 Set build name.
16:42:53 New build name is '#213-origin/feature/new_structure'
16:42:53 [myapp-ios] $ /bin/sh -xe /var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/hudson1075118741175647034.sh
16:42:53 + whoami
16:42:53 bob
16:42:53 + security list-keychains
16:42:53     "/Users/bob/Library/Keychains/login.keychain-db"
16:42:53     "/Library/Keychains/System.keychain"
16:42:53 + security default-keychain
16:42:53     "/Users/bob/Library/Keychains/login.keychain-db"
16:42:53 + security dump-keychain
16:42:53 + grep match
16:42:53     0x00000007 <blob>="match_ssh://server/git/myapp-configuration.git"
16:42:53     "srvr"<blob>="match_ssh://server/git/myapp-configuration.git"
16:42:53 [myapp-ios] $ /bin/sh -xe /var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/hudson8479113557469598261.sh
16:42:53 + fastlane ios build app_identifier:com.myapp configuration:debug scheme:myapp verbose
16:42:54 [    16:42:50]: Your Fastfile has had smart quotes sanitised. To avoid issues in the future, you should not use TextEdit for editing it. If you are not using TextEdit, you should turn off smart quotes in your editor of choice.
16:42:54 [    16:42:50]: -------------------------------------------------
16:42:54 [    16:42:50]: --- Step: Verifying required fastlane version ---
16:42:54 [    16:42:50]: -------------------------------------------------
16:42:54 [    16:42:50]: Your fastlane version 1.110.0 matches the minimum requirement of 1.102.0  ✅
16:42:54 [    16:42:50]: ------------------------------
16:42:54 [    16:42:50]: --- Step: default_platform ---
16:42:54 [    16:42:50]: ------------------------------
16:42:54 [    16:42:50]: Driving the lane 'ios build' 🚀
16:42:54 [    16:42:50]: starting build
16:42:54 [    16:42:50]: -------------------
16:42:54 [    16:42:50]: --- Step: match ---
16:42:54 [    16:42:50]: -------------------
16:42:55 Successfully loaded Appfile at path '/Users/bob/workspace/myapp-ios/fastlane/Appfile'
16:42:55 - app_identifier: 'com.myapp'
16:42:55 - apple_id: 'mymail'
16:42:55 - team_id: 'someid'
16:42:55 -------
16:42:55 INFO [2016-11-21     16:42:51.55]: Successfully loaded '/Users/bob/workspace/myapp-ios/fastlane/Matchfile' 📄
16:42:55 
16:42:55 +----------------------+------------------------------------------------------------+
16:42:55 |                    Detected Values from './fastlane/Matchfile'                    |
16:42:55 +----------------------+------------------------------------------------------------+
16:42:55 | git_url              | ssh://server/git/myapp-configuration.git |
16:42:55 | username             | mymail                               |
16:42:55 +----------------------+------------------------------------------------------------+
16:42:55 
16:42:55 DEBUG [2016-11-21     16:42:51.55]: Taking value for 'team_id' from environment variable 'FASTLANE_TEAM_ID'
16:42:55 
16:42:55 +-----------------------+------------------------------------------------------------+
16:42:55 |                              Summary for match 0.11.0                              |
16:42:55 +-----------------------+------------------------------------------------------------+
16:42:55 | app_identifier        | com.myapp                                    |
16:42:55 | type                  | development                                                |
16:42:55 | readonly              | true                                                       |
16:42:55 | verbose               | true                                                       |
16:42:55 | git_url               | ssh://server/git/myapp-configuration.git |
16:42:55 | username              | mymail                               |
16:42:55 | git_branch            | master                                                     |
16:42:55 | keychain_name         | login.keychain                                             |
16:42:55 | team_id               | someid                                                 |
16:42:55 | force                 | false                                                      |
16:42:55 | skip_confirmation     | false                                                      |
16:42:55 | shallow_clone         | false                                                      |
16:42:55 | force_for_new_devices | false                                                      |
16:42:55 | skip_docs             | false                                                      |
16:42:55 +-----------------------+------------------------------------------------------------+
16:42:55 
16:42:55 INFO [2016-11-21     16:42:51.55]: Cloning remote git repo...
16:42:55 INFO [2016-11-21     16:42:51.55]: $ GIT_TERMINAL_PROMPT=0 git clone 'ssh://server/git/myapp-configuration.git' '/var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/d20161121-19169-opcqhe'
16:42:55 INFO [2016-11-21     16:42:51.57]: ▸ Cloning into '/var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/d20161121-19169-opcqhe'...
16:42:55 INFO [2016-11-21     16:42:51.76]: ▸ remote: Counting objects: 1195, done.
16:42:56 INFO [2016-11-21     16:42:52.09]: ▸ remote: Compressing objects: 100% (1131/1131), done.
16:42:56 INFO [2016-11-21     16:42:52.31]: ▸ remote: Total 1195 (delta 116), reused 0 (delta 0)
16:42:56 INFO [2016-11-21     16:42:52.31]: ▸ Receiving objects: 100% (1195/1195), 2.26 MiB | 0 bytes/s, done.
16:42:56 INFO [2016-11-21     16:42:52.32]: ▸ Resolving deltas: 100% (116/116), done.
16:42:56 INFO [2016-11-21     16:42:52.34]: ▸ Checking connectivity... done.
16:42:56 WARN [2016-11-21     16:42:52.41]: Enter the passphrase that should be used to encrypt/decrypt your certificates
16:42:56 WARN [2016-11-21     16:42:52.41]: This passphrase is specific per repository and will be stored in your local keychain
16:42:56 WARN [2016-11-21     16:42:52.41]: Make sure to remember the password, as you'll need it when you run match on a different machine
16:42:56 WARN [2016-11-21     16:42:52.41]: Passphrase for Git Repo: 
16:42:56 ERROR [2016-11-21     16:42:52.41]: Couldn't decrypt the repo, please make sure you enter the right password!
16:42:56 keychain: "/Users/bob/Library/Keychains/login.keychain-db"
jenkins
fastlane
fastlane-match
asked on Stack Overflow Nov 21, 2016 by peuhse • edited Nov 21, 2016 by peuhse

2 Answers

1

To provide the encryption password on a CI, you can use the MATCH_PASSWORD environment variable.

answered on Stack Overflow Nov 23, 2016 by KrauseFx
0

You could try setting ENV['FASTLANE_PASSWORD'] (Apple Developer Portal password - mymail in your example) in your Fastfile which should make it available to your build.

As a side note: I have the Keychains and Provisioning Profiles Management plugin as well, but didn't need it to get match working. Hope this helps.

answered on Stack Overflow Nov 21, 2016 by Dan Stark

User contributions licensed under CC BY-SA 3.0