Open Radar

 
When executing an Xcode Server bot for the first time on a newly set-up environment, the bot will try to request access to the code signing identity from the keychain.

Since the bot is running within the context of its own user and has no user interface or interactive user session, the prompt to request access is never shown, and the error is logged to the console: "User interaction is not allowed. Command /user/bin/codesign failed with exit code 1".

When building the project in Xcode manually, I am prompted for access to the keychain item which I allow. This is expected, and only happens once. But it appears that this access is not shared with the bot, since it still fails to access the keychain item, with the "user interaction not allowed" error.

Some people stated that copying the signing identities to the System keychain would allow the bots to access the items, but this did not work for me. Same error.

The only work around I have found to work is to specify that `codesign` is allowed access to the keychain item in the Keychain Access GUI using the Access Control tab for the keychain item, as described here: http://stackoverflow.com/a/14761060/76559

The process of setting up an Xcode bot to work with code signing is unintuitive at best and not documented anywhere.

Steps to Reproduce:
1. Setup an Xcode Server bot to build a project that requires code signing.

2. Attempt to integrate

Expected Results:
1. Setup an Xcode Server bot to build a project that requires code signing.

2. Attempt to integrate

3. Be properly prompted for access to the code signing identity from the keychain.

4. Build successfully.

Actual Results:
1. Setup an Xcode Server bot to build a project that requires code signing.

2. Attempt to integrate

3. Observe that integration fails thanks to `code sign` being unable to access the keychain item for the code signing identity. The logged error is "User interaction is not allowed. Command /usr/bin/codesign failed with exit code 1".