After I have upgraded both Xcode (to 6.0.1) and OS X Server (to 3.2.1) I can't figure out how to add certificates for the provisioning profiles so the Xcode bot can find them.
I have successfully added the provisioning file by copying the .mobileprovision file to /Library/Developer/XcodeServer/ProvisioningProfiles
But the error I get in the log is now:
CodeSign /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Products/Server\ build-iphoneos/Test.app
cd /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/Source/TEST
export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
export PATH="/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/Applications/Xcode.app/Contents/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin"
Signing Identity: "iPhone Distribution: Greener Pastures ApS"
Provisioning Profile: "Greener Pastures Enterprise TEST"
(03F7CD73-FB25-422E-22A4-A80F12041005)
/usr/bin/codesign --force --sign 746ADC85C62D54BEC9FA874A8D777A38D4DB95CA --keychain /Library/Developer/XcodeServer/Keychains/Portal.keychain --resource-rules=/Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Products/Server\ build-iphoneos/Fnug.app/ResourceRules.plist --entitlements /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Intermediates/Fnug.build/Server\ build-iphoneos/Fnug.build/Fnug.app.xcent /Library/Developer/XcodeServer/Integrations/Caches/017d83d8975db54bc8279c2fcc0304a6/DerivedData/Build/Products/Server\ build-iphoneos/Fnug.app
746ADC85C62D54BEC9FA874A8D777A38D4DB95CA: no identity found
Command /usr/bin/codesign failed with exit code 1
Which looks like: "I can't find the certificate for the specified provisioning profile".
And it looks like the certificate should be in the file /Library/Developer/XcodeServer/Keychains/Portal.keychain – which, unfortunately I am unable to edit.
I have tried adding the certificate to the file by using
sudo security import "/Users/administrator/Desktop/Greener Pastures Enterprise Distribution TEST Certificate.p12" -k /Library/Developer/XcodeServer/Keychains/Portal.keychain -A -T /usr/bin/codesign -T /usr/bin/xcodebuild -T /usr/bin/pkgbuild
But that prompts me for the "keychain password". Which I don't have (no, it is not the administrator account's password or the certificate password).
Does anyone know how to fix this?
Try to add your server to the developer portal first and remove all restrictions like explicit provisioning files from your project.
If this doesn't work, file a Radar explaining your configuration and why you think it should be supported by Apple.
If you are really, really sure it's a good idea to hack your server, possible breaking it, open a terminal on your server from an account with administrator privileges and:
Copy the Portal keychain to your desktop:
> sudo cp /Library/Developer/XcodeServer/Keychains/Portal.keychain ~/Desktop/
Password: your-administrator-password
> sudo chown `whoami`:staff ~/Desktop/Portal.keychain
Set the Portal keychain password to “123”
> security set-keychain-password -o "`sudo cat /Library/Developer/XcodeServer/SharedSecrets/PortalKeychainSharedSecret`" ~/Desktop/Portal.keychain
New Password: 123
Retype New Password: 123
Open the Keychain in Keychain Access:
> open -b com.apple.keychainaccess ~/Desktop/Portal.keychain
Unlock the “Portal” keychain using password “123”
Copy the needed keys from your personal “login” keychain to the “Portal” keychain.
Make sure the private keys have the right access rights (in the “Access Control” tab), “xcsbuildd”, “xcscontrol”, “xcodebuild” and “codesign” should be listed
Lock the “Portal” keychain, quit “Keychain Access”
Reset the Portal keychain password:
> security set-keychain-password -p "`sudo cat /Library/Developer/XcodeServer/SharedSecrets/PortalKeychainSharedSecret`" ~/Desktop/Portal.keychain
Password: your-administrator-password (optional step)
Old Password: 123
It may or may not ask you for your administrator password again, pay attention to the prompt.
Copy the Portal keychain back
> sudo chown _xcsbuildd:_xcs ~/Desktop/Portal.keychain
> sudo cp ~/Desktop/Portal.keychain /Library/Developer/XcodeServer/Keychains/
Since the system caches open keychains, restart you computer.
Don't just blindly copy keys to the Portal keychain. Try other solutions first and ask on stack overflow if you need help. Only follow this procedure after filing a Radar, not just because “things don't work”. You will destroy your system when you are not exactly sure what you're doing here.
Alternate procedure (for the advanced):
Copy the following script as importP12.sh:
#!/bin/sh
importP12()
{
P12FILE="$1"
XCS="/Library/Developer/XcodeServer";
XCBIN="$XCS/CurrentXcodeSymlink/Contents/Developer/usr/bin";
PORTALKC="$XCS/Keychains/Portal.keychain"
PORTALKCS="$XCS/SharedSecrets/PortalKeychainSharedSecret"
sudo security -i <<IMPORT
unlock-keychain -p "`sudo cat $PORTALKCS`" $PORTALKC
import "$P12FILE" -k $PORTALKC -T "$XCBIN/xcsbuildd" -T "$XCBIN/xcscontrol" -T "$XCBIN/xcodebuild" -T /usr/bin/codesign
lock-keychain $PORTALKC
IMPORT
}
echo "Please enter your account password:"
for p12 in "$#"
do
importP12 "$p12"
done
And do
> importP12.sh your-P12-file.p12
Password: your-administrator-password
A dialog asking you for the P12 import password should appear and you are set.
This answer from Matt Moriarity brought me to a solution: https://devforums.apple.com/message/1022214#1022214
I just re-connected the build server with our development team. This made the Xcode-service to re-initialize all certificates and provisioning profiles it needs. Now the integration builds run without errors.
In Server > Xcode > Settings > Builds > Development Teams click on Edit...
Remove your development team(s) from the list and press OK
After ther Server.app finished its work, there should be no entry behinde "Development Teams" and the list of devices is also empty.
Now open Server > Xcode > Settings > Builds > Development Teams > Edit... again and add your development team
After your team and devices re-appeared, you can start the integration build
It's important not to use your own provisioning profiles. Take the "iOS Developer (Automatic)" setting.
If you had it working with the old osx server and xcode 5. You just do:
$ mv /Library/Developer/XcodeServer/Keychains/Portal.keychain /Library/Developer/XcodeServer/Keychains/Portal.keychain.bkp
$ ln -s /Library/Keychains/System.keychain /Library/Developer/XcodeServer/Keychains/Portal.keychain
The old server used the system keychain.
When you export a .p12 file Keychain Access will ask you for a password. Try adding the password for the p12 file to your command. Like so,
sudo security import "/Users/administrator/Desktop/Greener Pastures Enterprise Distribution TEST Certificate.p12" -P PASSWORD -k /Library/Developer/XcodeServer/Keychains/Portal.keychain -A -T /usr/bin/codesign -T /usr/bin/xcodebuild -T /usr/bin/pkgbuild
I have a script on our build server that imports p12 files from a drop off folder. The import line looks like this:
security import $_ -k /Library/Developer/XcodeServer/Keychains/Portal.keychain -P PASSWORD -A
I had the same issue. I fixed it through the following methods :
Xcode > Preferences > Accounts > View Details > And just refresh the Provisioning Profile
Then Restart the Xcode and Clean & Build.
For OX X Server 4.0 and XCode 6.1 is a much easier way:
Open your Project with XCode on the Server add your Developer Account to "Accounts" and download all required provisioning profiles.
Copy your Privisioning Profiles from /Users//Library/MobileDevices/Provisioning Profiles/ into /Library/Developer/XcodeServer/ProvisioningProfiles/
Give read and write access for administrators for the folder /Library/Developer/XcodeServer/ProvisioningProfiles/
Open KeyChaine Access double click on the provisioning profile keys (for example iOS Developer: XY) and allow access for all apps.
Done.
Install certificates(*.p12) to keychain on machine with Xcode server
In Keychain.app copy "Login-My Certificates" to "System-My Certificates"
Related
I would very much like to take my Git install with me wherever I go, so I have installed GitPortable via PortableApps.
Unfortunately, the OpenSSH utilities available in git-bash insists on placing/searching for the .ssh folder in a nonsensical place (C/.ssh).
Now, I have seen others with the same problem, but the solution generally was to set HOME as a Windows environment variable. But this is not working for me.
From the usual Windows command prompt:
C:\Users\snb>echo %HOME%
C:\Users\snb
Showing that the environment variable is apparently set correctly.
From git-bash:
snb#SNB-WORKSTATION /c/Users/snb
$ echo $HOME
C:\Users\snb
Showing that git-bash agrees. However if I test out an SSH command, OpenSSH has the completely wrong idea of where to locate the .ssh folder:
snb#SNB-WORKSTATION /c/Users/snb
$ ssh -T git#bitbucket.org
Could not create directory 'C/.ssh'.
The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?
I'm at a loss at what to do to make OpenSSH in the GitPortable installation understand where my home directory is. Do you have any ideas other than giving in and just installing Git for Windows?
EDIT:
The OpenSSH version is:
$ ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1i 6 Aug 2014
The command uses the correct .ssh folder location in a Windows command prompt when using git-cmd.bat:
C:\Users\snb>ssh -T git#bitbucket.org
The authenticity of host 'bitbucket.org (131.103.20.168)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bitbucket.org,131.103.20.168' (RSA) to the list of known hosts.
Enter passphrase for key '/c/Users/snb/.ssh/id_rsa':
But I truly hate cmd.exe, I need this to work for git-bash! :)
The SSH command git-bash uses is:
$ which ssh
/bin/ssh
The /bin folder is located inside the GitPortable installation, so this would be the OpenSSH version distributed with GitPortable.
This GitPortable is based on msysgit PortableGit-1.9.5-preview20141217 github commit
The proper path for HOME in a bash session should be set with:
export HOME=/c/Users/snb
That would make it compatible with ssh in a unix shell.
Using posix path seems safer considering Git is running on top of a posix run-time environment.
I am on Windows 7 - Sourcetree 1.4.1.0 - Embedded Mercurial 2.6.1
Target is a private mercurial repo hosted on bitbucket.
How do I enable SSH compression so that my transactions are faster?
A quick Google search yielded this document:
Edit the Mercurial global configuration file (~/.hgrc). Add the following line to the UI section:
ssh = ssh -C
When you are done the file should look similar to the following:
[ui]
# Name data to appear in commits
username = Mary Anthony <manthony#atlassian.com>
ssh = ssh -C
On Windows, the Mercurial settings file is located here:
C:\Users\{username}\AppData\Local\Atlassian\SourceTree\hg_local\Mercurial.ini
The contents of the file are actually not to be changed, as its header explains:
; System-wide Mercurial config file.
;
; !!! Do Not Edit This File !!!
;
; This file will be replaced by the installer on every upgrade.
; Editing this file can cause strange side effects on Vista.
;
; http://bitbucket.org/tortoisehg/stable/issue/135
;
; To change settings you see in this file, override (or enable) them in
; your user Mercurial.ini file, where USERNAME is your Windows user name:
;
; XP or older - C:\Documents and Settings\USERNAME\Mercurial.ini
; Vista or later - C:\Users\USERNAME\Mercurial.ini
I don't have a Mac, so I can't test this, but this Atlassian answer states that the location of this file for Mac is:
/Applications/SourceTree.app/Contents/Resources/mercurial_local/hg_local/
In my case, I'm using TortoiseHg, but the concept should be the same.
Here is my original c:\somerepo\.hg\hgrc file:
[paths]
default = ssh://hg#bitbucket.org/someuser/somerepo
So what's happening with ssh? Let's debug a pull statement, hg pull --debug on the command-line. I noticed it is running C:\Program Files\TortoiseHg\lib\TortoisePlink.exe instead of ssh to make the call:
PS C:\somerepo> hg pull --debug
pulling from ssh://hg#bitbucket.org/someuser/somerepo
running "C:\Program Files\TortoiseHg\lib\TortoisePlink.exe" -ssh -2 hg#bitbucket.org "hg -R someuser/somerepo serve --stdio"
sending hello command
sending between command
abort: no suitable response from remote hg!
So let's just reuse the call, add compression (yay!), non-interactive (batch) and our key:
[paths]
default = ssh://hg#bitbucket.org/someuser/somerepo
[ui]
ssh = "C:\Program Files\TortoiseHg\lib\TortoisePlink.exe" -ssh -2 -C -batch -i "c:\keys\somekey.ppk"
Though I have followed the usual steps for using the dotCloud CLI under Cygwin, dotcloud push fails in all cases: --rsync, --hg, and --git.
I am on Windows 8 and Cygwin.
How can I push successfully?
Sample output:
me#host /cygdrive/d/project
$ dotcloud push --rsync
==> Pushing code with rsync from "./" to application myapp
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at /home/lapo/package/rsync-3.0.9-1/src/rsync-3.0.9/io.c(605) [sender=3.0.9]
me#host /cygdrive/d/project
$ dotcloud push --git
Permission denied (publickey,password).r from "./" to application myapp
fatal: The remote end hung up unexpectedly
me#host /cygdrive/d/project
$ dotcloud push --hg
==> Pushing code with mercurial from "./" to application myapp
abort: no suitable response from remote hg!
Error: Mercurial returned a fatal error
You may be running into a bug in Cygwin's group permissions. Vineet Gupta gives a workaround in his blog. The problem comes from the very strict permissions expected by ssh around the keys, and the solution is to set the permission on the ssh key properly (to 600, rw by owner only). Cygwin seems to need the group to be added manually.
Updating the steps to get the dotCloud CLI installed, including setting the permissions, leads to:
Start the Cygwin Setup.
Select default choices until you reach the package selection dialog.
Enable the following packages:
net/openssh
net/rsync
devel/git
devel/mercurial
python/python (make sure it’s at least 2.6!)
web/wget
After the installation, you should have a Cygwin icon on your desktop. Start it: you will get a command-line shell.
Download easy_install
wget http://peak.telecommunity.com/dist/ez_setup.py
Install easy_install
python ez_setup.py
You now have easy_install; let’s use it to install pip:
easy_install pip
Now install dotcloud (the CLI)
pip install dotcloud
Set up the CLI with your credentials. This will also download the ssh key.
dotcloud setup
New Step Update the permissions on your dotCloud key:
chgrp Users ~/.dotcloud_cli/dotcloud.key
chmod 600 ~/.dotcloud_cli/dotcloud.key
Now you should be able to dotcloud push
If you have multiple dotCloud accounts, then you will need to repeat this process for each account, since each account has its own key. Also note that you shouldn't have to set these permissions manually, but it seems like the group ownership is sometimes the wrong default in Cygwin. Linux and OSX don't seem to show this problem, though the permissions must be 600 for all OSes, so it is worth checking.
I'm setting up a git environment on Windows XP (msysGit 1.7.11, TortoiseGit 1.7.14) and trying to achieve following points :
ssh connection on a port different than default 22
ssh authentification handled by ssh-agent
So I create a ~/.ssh/config file :
Host gitbox
User gitolite
Hostname XX.XX.XX.XX
Port 154
PreferredAuthentications publickey
IdentityFile "/c/Documents and Settings/kraymer/.ssh/id_rsa"
When using the git bash CLI, everything works as intended.
I'm struggling with TortoiseGit.
I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite#gitbox/repo.git.
I then decided to install TortoiseGit using openssh client, so the config file can be read by the ssh client, and to mimic the git CLI setup.
I picked the ssh.exe shipped with msys git as ssh client in TortoiseGit settings.
When doing a git pull, the remote url is now resolved but the passphrase password is asked while I expect ssh-agent automatic authentication to occur.
Is it possible to make TortoiseGit work with ssh-agent ?
Or make TortoiseGit (Plink) aware of .ssh/config ?
Edit #1
Following #VonC advice I configured my $HOME variable.
When I click Show environment variables in TortoiseGit I now have :
HOME=C:\Documents and Settings\kraymer
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kraymer
But git pull still require I enter passphrase.
No tweaks needed.
Just make TortoiseGit point to the same ssh client used by git itself, see the screenshot:
This should be C:\Program Files\Git\usr\bin\ssh.exe in latest version of Git as mentioned by Aleksey Kontsevich in the comments.
I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite#gitbox/repo.git.
I finally found a workaround which consist to create a PuTTY session with the same name that the ssh alias (ie gitbox in the question).
This way I can clone as git clone gitbox/monrepo in the CLI and the origin syntax is correctly handled by TortoiseGit.
Windows10 System
#TortoiseGit
In Network Section
From : C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe
To : "C:\Users{user}\AppData\Local\Programs\Git\usr\bin\ssh.exe"
There seems to be a whole variety of options to solve this. As none of the above have worked for me, I tought I'd share what helped for me.
In Settings... -> Network -> SSH -> SSH client, set the client to C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe. Using Pageant, you're then automatically authenticated as expected, otherwise you are prompted for your private key passphrase. Make sure the "Autoload Putty Key" option is checked in the push dialog.
Cygwin
Use approach described in the following article:
https://help.github.com/articles/working-with-ssh-key-passphrases
Password will be asked only once on the cygwin session startup.
!!! Before exiting cygwin session don't forget to kill ssh-agent process (use ps for find process PID and kill -9).
We are using separate approach for cygwin, because cygwin by some reason doesn't see processes started externally in windows environment.
2, 3) MsysGit, TortoiseGit
Useful link:
http://dogbiscuit.org/mdub/weblog/Tech/WindowsSshAgent
Install MsysGit.
Install TortoiseGit (check openssh instead of plink during installation).
!!! Check systems variables. If there is GIT_SSH variable present - remove it.
Go to TortoiseGit->Settings->General
Set Git exe Path to /bin
Set External dll path to /mingw/bin
Go to TortoiseGit->Settings->Network
Set SSH Client property to /bin/ssh.exe
Define system variable SSH_AUTH_SOCK=C:\temp.ssh-socket
Start cmd.exe and execute following commands(since we installed MsysGit all following commands are accessible in cmd - /bin is added to system PATH variable):
# following command is required to execute for avoiding Address already bind message when ssh-agen is not started yet but .ssh-socket exists after previous agent session
rm "%SSH_AUTH_SOCK%"
# Starting ssh-agent
ssh-agent -a "%SSH_AUTH_SOCK%"
# Adding our openssh key
ssh-add "%USERPROFILE%\.ssh\id_rsa"
# Type password for your key
That's it. From that moment you can execute git push, git pull from TortoiseGit and MsysGit without prompting passphrase.
When ssh-agent is no longer required you can kill it through windows task manager.
None of the above answers worked for me.
I created this batch file to solve the problem.
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"
Run this once, and enter your passphrase.
Then you can use tortoisegit with openssh without having to enter your passphrase for every operation.
Make sure to launch your TortoiseGit in an environment where HOME is defined, and reference the parent directory of .ssh.
This is important since, on Windows, HOME isn't defined by default.
See as an example: "Auth fails on Windows XP with git and tortoisegit".
(Other possible sources: "How to I tell Git for Windows where to find my private RSA key?")
Since the explanations here are a bit outdated, I decided to post my solution.
I am using Git Bash and TortoiseGit 2.8.0 in Windows 10, which are common nowadays.
I set ssh.exe as SSH client in Settings->Network as explained in previous posts.
I created a script with the following commands, as explained in a previous comment. You might also want to set a HOME environment variable, in case your system does not do it automatically. Assuming your home is in drive H:\ you can add the following lines:
SETX HOME /h
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"
I added the script using Win logo+R shell:startup to the startup folder. Alternatively, you can add the script to the registry to guarantee that it runs before other processes:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Make sure to type exit to close the console and allow for the variable to be set for future processes.
If you use RSA keys in repositories, add at the end of the script as described above^
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
...
"C:\Program Files\Git\usr\bin\ssh-add" ~/.ssh/myid.rsa
Works with Git 2.24.0, TortoiseGit 2.9.0, Windows 10 and no any Putty using.
I am reading Michael Hartl's "Ruby On Rails 3 Tutorial" and have come to the point where I am pushing my first_app to Github. When I first tried this I got the error "Permission denied: (publickey). I thought the problem was I did not have a SSH keypair for Github. So in following their advice for generation a new keypair from the URL https://help.github.com/articles/generating-ssh-keys
I typed in
ssh-keygen -t rsa -C "your_email#youremail.com"
To which I received the error
"ssh-keygen is not recognized as an external or internal command, operable program, or batch file."
I am using Windows 7 OS. So I think my problem is that this command line entry is for Mac or Linux based command lines. Can someone please tell me the Windows 7 OS equivalent of this entry, so that I can create a new SSH keypair and continue on with the tutorial?
Flip the url to windows-specific:
https://help.github.com/articles/generating-ssh-keys#platform-windows
and note that they say to "Open the GIT bash", not the windows CMD.
ssh-keygen is part of Openssh package which you can install separately (Look for CopSSH for Windows, which is a Windows port of OpenSSH).
The first step is installing open-ssh, one way is indeed by installing Git for Windows. During the installation choose the third option of being able to use the "unix" tools from the command line.
I have a small wrapper utility that loads the agent to memory in github (#selfplug) and your identities, allowing an easy use from the command line.