Running xcodebuild from a forked terminal

I'm trying to setup an automated build server for an iPhone application. I'd like to be able to have nightly adhoc beta builds so that testers can follow the development.

I've setted up xcode successfully xcode to perform adhoc builds and I can also launch the build from the command line:

xcodebuild -configuration AdHoc -sdk iphoneos2.2 clean build

The problem I'm having is that the following line doesn't work from a forked terminal (using nohup or screen) and failed with the following

CodeSign error: Code Signing Identity 'iPhone Distribution: XXXXX' does not match any code-signing certificate in your keychain. Once added to the keychain, touch a file or clean the project to continue.

I've checked my environment variables in my shell and in nohup or screen and didn't found a clue. I guess my problem is that the forked terminal can't access to the keychain but I have no clue on how to allow it.

Thanks for your help


I had te error User interaction is not allowed and solved it by unlocking the keychain first

security unlock-keychain /Users/yannooo/Library/Keychains/login.keychain

I've also tried to put my certs in the System's keychain and it was working. My final solution was to put all my iPhone related certs in a dedicated keychain named iPhone.keychain using the Keychain Access application

security list-keychains -s /Users/yannooo/Library/Keychains/iPhone.keychain 
security unlock-keychain -p keychainpassword /Users/yannooo/Library/Keychains/iPhone.keychain 

There are two (possibly three!) components to this. One is the keychain must be unlocked. Second, there is an access control list inside the keychain that tells which permissions are given to applications in the unlocked state. So even if you have the keychain successfully unlocked, if the ability to access the private key and sign with it isn't given to /usr/bin/codesign then you will still get this message. Finally, if you are on Mac OS Sierra, the default partition ID assigned to keys is incorrect in order to be compatible with the codesign binary.

The solution is as follows:

1) If you have access to the Keychain Access GUI, then you can manually grant every program or /usr/bin/codesign access by right clicking on your private key, selecting the "Access Control" tab and then selecting the "Allow all applications to access this item" radio or the list of "Always allow access by these applications" list.

2) If you are encountering this error, chances are you are trying to run codesign for a non-login user. In this case, you clearly don't have access to the "Keychain Access" GUI. For these cases, you verify the sign authorization missing for application <null>, which apparently means all applications, or specifically /usr/bin/codesign by using:

security dump-keychain -i login.keychain

However, you cannot add or modify access control attributes in interactive mode for some reason --only delete! You actually have to manually delete the key and re-add it to the keychain specifying the -T flag.

security import login.keychain -P "<password>" -T /usr/bin/codesign

Where -T specifies

-T  Specify an application which may access the imported key (multiple -T options are allowed)

3) If you are on Mac OS Sierra, modify the partition ID to include the apple partition. Presumably, this is the namespace assigned to codesign because it was distributed by Apple.

security set-key-partition-list -S apple-tool:,apple: -k "<password>" login.keychain

NOTE: The apple-tool partition is inserted by the security tool, so the command above preserves that partition. For more information on this aspect, see: http://www.openradar.me/28524119


Another solution :

  • Open the Keychain Access
  • Right click on the private key
  • Select "Get Info"
  • Select "Access Control" tab
  • Click "Allow all applications to access this item"
  • Click "Save Changes"
  • Enter your password
  • Enjoy