詹金斯删除钥匙串中的钥匙
Posted
技术标签:
【中文标题】詹金斯删除钥匙串中的钥匙【英文标题】:Jenkins deletes keys in keychain 【发布时间】:2016-11-21 16:07:36 【问题描述】:在 Jenkins 上运行时,我们遇到了 fastlane 的问题。由于某种原因,在运行 jenkins 脚本时,钥匙串中的钥匙会被删除。但是,如果我从命令行运行命令,它每次都有效。我第一次向 gitrepo 提供密码,第二次运行良好,但切换到 Jenkins,您可以看到密钥已从钥匙串中删除,随后无法构建(要求输入密码)。请参阅下面的错误日志。
我已经查看了我可以在 jenkins 中找到的所有配置,但找不到与 jenkins 和钥匙串有关的任何内容。我们为钥匙串安装了一个模块: Keychains and Provisioning Profiles Management,但是这个被禁用只是为了看看那个是否是问题所在。但是禁用后也没有用。所以我不认为是这样。
我们正在运行 Jenkins 版本。由于 ssh 和苹果的问题,zipfile 提供了 1.625.3 和 fastlane 最新版本。请参阅以下版本。我们缺少什么?
我们的 fastlane 构建输出:
16:42:50 [EnvInject] - Loading node environment variables.
16:42:50 Building remotely on myapp-mac-001 in workspace /Users/bob/workspace/myapp-ios
16:42:50 [WS-CLEANUP] Deleting project workspace...
16:42:50 [WS-CLEANUP] Done
16:42:50 Cloning the remote Git repository
16:42:50 Cloning repository ssh://server/git/myapp-ios.git
16:42:50 > /usr/bin/git init /Users/bob/workspace/myapp-ios # timeout=10
16:42:50 Fetching upstream changes from ssh://server/git/myapp-ios.git
16:42:50 > /usr/bin/git --version # timeout=10
16:42:50 using GIT_SSH to set credentials This key can authenticate against source servers
16:42:50 > /usr/bin/git fetch --tags --progress ssh://server/git/myapp-ios.git +refs/heads/*:refs/remotes/origin/*
16:42:52 > /usr/bin/git config remote.origin.url ssh://server/git/myapp-ios.git # timeout=10
16:42:52 > /usr/bin/git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
16:42:52 > /usr/bin/git config remote.origin.url ssh://server/git/myapp-ios.git # timeout=10
16:42:52 Fetching upstream changes from ssh://server/git/myapp-ios.git
16:42:52 using GIT_SSH to set credentials This key can authenticate against source servers
16:42:52 > /usr/bin/git fetch --tags --progress ssh://server/git/myapp-ios.git +refs/heads/feature/*:refs/remotes/origin/feature/*
16:42:53 Seen branch in repository origin/develop
16:42:53 Seen branch in repository origin/feature/fastlane_fix
16:42:53 Seen branch in repository origin/feature/new_structure
16:42:53 Seen branch in repository origin/master
16:42:53 Seen 4 remote branches
16:42:53 Checking out Revision 13a27f98eb9e879ccf31729401160af4217b3520 (origin/feature/new_structure)
16:42:53 > /usr/bin/git config core.sparsecheckout # timeout=10
16:42:53 > /usr/bin/git checkout -f 13a27f98eb9e879ccf31729401160af4217b3520
16:42:53 > /usr/bin/git rev-list 13a27f98eb9e879ccf31729401160af4217b3520 # timeout=10
16:42:53 Set build name.
16:42:53 New build name is '#213-origin/feature/new_structure'
16:42:53 [myapp-ios] $ /bin/sh -xe /var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/hudson1075118741175647034.sh
16:42:53 + whoami
16:42:53 bob
16:42:53 + security list-keychains
16:42:53 "/Users/bob/Library/Keychains/login.keychain-db"
16:42:53 "/Library/Keychains/System.keychain"
16:42:53 + security default-keychain
16:42:53 "/Users/bob/Library/Keychains/login.keychain-db"
16:42:53 + security dump-keychain
16:42:53 + grep match
16:42:53 0x00000007 <blob>="match_ssh://server/git/myapp-configuration.git"
16:42:53 "srvr"<blob>="match_ssh://server/git/myapp-configuration.git"
16:42:53 [myapp-ios] $ /bin/sh -xe /var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/hudson8479113557469598261.sh
16:42:53 + fastlane ios build app_identifier:com.myapp configuration:debug scheme:myapp verbose
16:42:54 [ 16:42:50]: Your Fastfile has had smart quotes sanitised. To avoid issues in the future, you should not use TextEdit for editing it. If you are not using TextEdit, you should turn off smart quotes in your editor of choice.
16:42:54 [ 16:42:50]: -------------------------------------------------
16:42:54 [ 16:42:50]: --- Step: Verifying required fastlane version ---
16:42:54 [ 16:42:50]: -------------------------------------------------
16:42:54 [ 16:42:50]: Your fastlane version 1.110.0 matches the minimum requirement of 1.102.0 ✅
16:42:54 [ 16:42:50]: ------------------------------
16:42:54 [ 16:42:50]: --- Step: default_platform ---
16:42:54 [ 16:42:50]: ------------------------------
16:42:54 [ 16:42:50]: Driving the lane 'ios build' ????
16:42:54 [ 16:42:50]: starting build
16:42:54 [ 16:42:50]: -------------------
16:42:54 [ 16:42:50]: --- Step: match ---
16:42:54 [ 16:42:50]: -------------------
16:42:55 Successfully loaded Appfile at path '/Users/bob/workspace/myapp-ios/fastlane/Appfile'
16:42:55 - app_identifier: 'com.myapp'
16:42:55 - apple_id: 'mymail'
16:42:55 - team_id: 'someid'
16:42:55 -------
16:42:55 INFO [2016-11-21 16:42:51.55]: Successfully loaded '/Users/bob/workspace/myapp-ios/fastlane/Matchfile' ????
16:42:55
16:42:55 +----------------------+------------------------------------------------------------+
16:42:55 | Detected Values from './fastlane/Matchfile' |
16:42:55 +----------------------+------------------------------------------------------------+
16:42:55 | git_url | ssh://server/git/myapp-configuration.git |
16:42:55 | username | mymail |
16:42:55 +----------------------+------------------------------------------------------------+
16:42:55
16:42:55 DEBUG [2016-11-21 16:42:51.55]: Taking value for 'team_id' from environment variable 'FASTLANE_TEAM_ID'
16:42:55
16:42:55 +-----------------------+------------------------------------------------------------+
16:42:55 | Summary for match 0.11.0 |
16:42:55 +-----------------------+------------------------------------------------------------+
16:42:55 | app_identifier | com.myapp |
16:42:55 | type | development |
16:42:55 | readonly | true |
16:42:55 | verbose | true |
16:42:55 | git_url | ssh://server/git/myapp-configuration.git |
16:42:55 | username | mymail |
16:42:55 | git_branch | master |
16:42:55 | keychain_name | login.keychain |
16:42:55 | team_id | someid |
16:42:55 | force | false |
16:42:55 | skip_confirmation | false |
16:42:55 | shallow_clone | false |
16:42:55 | force_for_new_devices | false |
16:42:55 | skip_docs | false |
16:42:55 +-----------------------+------------------------------------------------------------+
16:42:55
16:42:55 INFO [2016-11-21 16:42:51.55]: Cloning remote git repo...
16:42:55 INFO [2016-11-21 16:42:51.55]: $ GIT_TERMINAL_PROMPT=0 git clone 'ssh://server/git/myapp-configuration.git' '/var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/d20161121-19169-opcqhe'
16:42:55 INFO [2016-11-21 16:42:51.57]: ▸ Cloning into '/var/folders/bw/fw05xx_12gjgrylcs4vcvf4c0000gp/T/d20161121-19169-opcqhe'...
16:42:55 INFO [2016-11-21 16:42:51.76]: ▸ remote: Counting objects: 1195, done.
16:42:56 INFO [2016-11-21 16:42:52.09]: ▸ remote: Compressing objects: 100% (1131/1131), done.
16:42:56 INFO [2016-11-21 16:42:52.31]: ▸ remote: Total 1195 (delta 116), reused 0 (delta 0)
16:42:56 INFO [2016-11-21 16:42:52.31]: ▸ Receiving objects: 100% (1195/1195), 2.26 MiB | 0 bytes/s, done.
16:42:56 INFO [2016-11-21 16:42:52.32]: ▸ Resolving deltas: 100% (116/116), done.
16:42:56 INFO [2016-11-21 16:42:52.34]: ▸ Checking connectivity... done.
16:42:56 WARN [2016-11-21 16:42:52.41]: Enter the passphrase that should be used to encrypt/decrypt your certificates
16:42:56 WARN [2016-11-21 16:42:52.41]: This passphrase is specific per repository and will be stored in your local keychain
16:42:56 WARN [2016-11-21 16:42:52.41]: Make sure to remember the password, as you'll need it when you run match on a different machine
16:42:56 WARN [2016-11-21 16:42:52.41]: Passphrase for Git Repo:
16:42:56 ERROR [2016-11-21 16:42:52.41]: Couldn't decrypt the repo, please make sure you enter the right password!
16:42:56 keychain: "/Users/bob/Library/Keychains/login.keychain-db"
【问题讨论】:
你有没有为这个 ENV['FASTLANE_PASSWORD'] 找到解决方案?我的 CI-CD 管道也有类似的问题 【参考方案1】:要在 CI 上提供加密密码,您可以使用 MATCH_PASSWORD 环境变量。
【讨论】:
不想将密码存储在文件中或作为环境变量 也可以存放在钥匙串里 是的,这就是我们正在尝试的。但后来我得到了上述错误。在命令上本地运行它工作正常。【参考方案2】:您可以尝试在您的 Fastfile 中设置 ENV['FASTLANE_PASSWORD'](Apple Developer Portal 密码 - 在您的示例中为 mymail),这应该可以让您的构建使用它。
附带说明:我也有 Keychains and Provisioning Profiles Management 插件,但不需要它来让 match 工作。希望这会有所帮助。
【讨论】:
我真的不想将密码作为环境变量打印出来。以上是关于詹金斯删除钥匙串中的钥匙的主要内容,如果未能解决你的问题,请参考以下文章
撤销钥匙串中的所有证书后,命令 PhaseScriptExecution 以非零退出代码失败
即使在从钥匙串访问和 App Store Connect 中删除后,重新启动 Xcode 时,已删除的 iOS 证书仍会继续显示在钥匙串中