Prior to Xcode 9.3, Xcode stored the credentials (Xcode-Token & Xcode-AlternateDSID) to the developer portal in the login keychain. To access the credentials for command line builds, you needed to unlock the keychain via security unlock-keychain -p <password> ~/Library/Keychains/login.keychain . Now, Xcode stores those values in the local items keychain (which isn't a "real keychain" so the security tool cannot read from it) which leads to command line builds via SSH unable to authenticate with the developer portal (it knows that the user is signed in, but has no credentials).As a previous workaround, Xcode 9.2 could be used to sign in or reauthenticate for expired sessions. However, on Mojave, Xcode 9.2 is unable to open the preferences window with the following error: [NSApplication orderFrontPreferencesPanel] was invoked but there is no custom implementation and no Settings.bundle in the app bundle. Nothing will be displayed.Now, I have no way of creating or updating developer portal sessions without using a newer version of Xcode which puts the credentials in a location that I am unable to unlock. Does anyone know of any workarounds to get a SSH session to unlock the local items keychain?
Post
Replies
Boosts
Views
Activity
Since the sample code was provided in Swift, I want to confirm that the following code in Objective-C will configure NSURLSession to use encrypted DNS and that you can have more than one fallback resolver:
nw_privacy_context_t defaultPrivacyContext = NW_DEFAULT_PRIVACY_CONTEXT;
nw_endpoint_t dohResolverEndpoint = nw_endpoint_create_url("https://dnsserver.example.net/dns-query");
nw_endpoint_t v4ResolverEndpoint = nw_endpoint_create_host("1.1.1.1", "443");
nw_endpoint_t v6ResolverEndpoint = nw_endpoint_create_host("2606:4700:4700::1111", "443");
nw_resolver_config_t fallbackResolvers = nw_resolver_config_create_https(dohResolverEndpoint);
nw_resolver_config_add_server_address(fallbackResolvers, v4ResolverEndpoint);		
nw_resolver_config_add_server_address(fallbackResolvers, v6ResolverEndpoint);
nw_privacy_context_require_encrypted_name_resolution(defaultPrivacyContext, true, fallbackResolvers);
I did not see webView:authenticationChallenge:shouldAllowDeprecatedTLS: (WKNavigationDelegate) mentioned in the session. I have two questions about how to use this API:
What versions of TLS does WebKit define as deprecated?
If an app is compliant with App Transport Security, is this method even called?
Does setting my domain(s) in the app's Info.plist in the WKAppBoundDomains array impact how Intelligent Tracking Prevention acts on my domains? I.E. can I make ITP leave my content alone?
With the recently introduced Enterprise API Program, this should allow us to interact with the developer portal via the API instead of needing an account signed into Xcode.
I followed the following steps to generate a key:
Logged into App Store Connect.
Navigated to Users and Access.
Selected Integrations.
Generated an API key with the Admin role.
Saved the key, the key identifier, and the issuer identifier.
Now, when using xcodebuild with the -allowProvisioningUpdates switch, I added -authenticationKeyPath, -authenticationKeyID, and -authenticationKeyIssuerID with the correct values.
xcodebuild spits out the following error:
xcodebuild: error: Invalid authentication key credential specified (CryptoKit.CryptoKitASN1Error.invalidPEMDocument)
What am I doing wrong/what did I miss? The developer portal shows that the key was "used" by updating the last used date.