1 Reply
      Latest reply on Oct 25, 2019 5:22 AM by turquoiseresistenza
      jamesfromweebly Level 1 Level 1 (0 points)



        I'm trying to get our CI servers migrated over to Catalina, but I'm having quite the struggle. During the build phase, Xcode 11 is attempting to give the xctest bundles an execution policy exception in order to run, but it always fails with:


        note: Execution policy exception registration failed and was skipped: Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"


        This note is shown after the builtin-RegisterExecutionPolicyException build step is performed on the test bundle.


        After everything is built, the run just hangs until it gets aborted by timeout, likely because it can't execute the test bundle.


        This problem was occurring when running the CI script directly from terminal, but adding Terminal to the list of applications under Developer tools in the `Settings -> Security & Privacy -> Privacy` screen resolved the issue with terminal; I no longer get the error and the tests run successfully. Unfortunately, this did not fix the CI system. I've added a number of other applications to this list, including fastlane (which is the tool used to run the code), ruby, java (for jenkins), sh, bash, zsh, xcodebuild (along with every other tool in the directory that xcodebuild is in), etc. I've also attempted to disable gatekeeper with `sudo spctl --master-disable`, but I continue to see this error from Jenkins.


        Has anyone else ran into this or know the proper way to get Jenkins to work on Catalina?




        • Re: Execution policy exception registration failed with Jenkins on Catalina
          turquoiseresistenza Level 1 Level 1 (0 points)

          Hi James!


          I'm having the same problem as you: trying to set up a Jenkins node on macOS Catalina. When a build is running, it fails with this error message when trying to code sign an app. Interestingly, there are other codesigning steps before the failing one, which do succeed.


          I looked at the command parameters and found differences between the successful and unsuccessful one. The first one has "--preserve-metadata=identifier,entitlements,flags" set, the failing one "--entitlements ..."


          Which process fails during your build pase exactly?