I use Jenkins to build and notarize a device driver on a .dmg. The problem I am now getting a new notarization error:
when a bash script is trying to run the following command:
This happens after the driver is signed and the installer is signed and a bunch of things have already worked that involve accessing the keychain and code signing working correctly. The command to perform the notarization is in a bash script. The bash script that is failing was working recently and still works just fine if I run it from a local terminal session on the build machine. The .dmg gets notarized successfully.
When I interactively log in to that computer using ssh and attempt to run the command (copied right out of the script), I get an error that says:
In the past when I have seen this it is because the tool isn't able to pull something out of the keychain. So I would assume the problem would have to do with pulling AC_PASSWORD out of the keychain. The access control for this item was set to allow "security" and "altool" in Keychain Access. Sometimes in the past I have seen this fail because of a system update caused the access control to no longer recognize the app that is trying to access the item. So I went into Keychain Access and set the Access Control settings to allow any application to access the item. I know this is insecure, but it would have confirmed that I had the correct item and also that it was the access control settings that were causing the problem. Unfortunately when I rerun the "xcrun altool --notarize-app" command from my ssh session, I get the same error ("User interaction is not allowed.")
What can I do to fix this?
Code Block altool[1980:21149] *** Error: The operation couldn’t be completed. ( error -1.)
when a bash script is trying to run the following command:
Code Block xcrun altool --notarize-app --primary-bundle-id "com.xxxxxxxxxxx" --username "$AC_USERNAME" --password "@keychain:AC_PASSWORD" --file ./build/xxxxxxxxx.dmg
This happens after the driver is signed and the installer is signed and a bunch of things have already worked that involve accessing the keychain and code signing working correctly. The command to perform the notarization is in a bash script. The bash script that is failing was working recently and still works just fine if I run it from a local terminal session on the build machine. The .dmg gets notarized successfully.
When I interactively log in to that computer using ssh and attempt to run the command (copied right out of the script), I get an error that says:
Code Block 2020-07-17 15:16:07.499 altool[2082:27150] *** Error: User interaction is not allowed.
In the past when I have seen this it is because the tool isn't able to pull something out of the keychain. So I would assume the problem would have to do with pulling AC_PASSWORD out of the keychain. The access control for this item was set to allow "security" and "altool" in Keychain Access. Sometimes in the past I have seen this fail because of a system update caused the access control to no longer recognize the app that is trying to access the item. So I went into Keychain Access and set the Access Control settings to allow any application to access the item. I know this is insecure, but it would have confirmed that I had the correct item and also that it was the access control settings that were causing the problem. Unfortunately when I rerun the "xcrun altool --notarize-app" command from my ssh session, I get the same error ("User interaction is not allowed.")
What can I do to fix this?