OTHER_CODE_SIGN_FLAGS keychain flag ignored?

Question

I have just learned about the possibility to use OTHER_CODE_SIGN_FLAGS to specify the keychain which includes the cert needed for building and signing an app. But unfortunately

Answer 1

The answer is to upgrade: Xcode 4.3 respects the OTHER_CODE_SIGN_FLAGS flag during the Check dependencies build step.

Answer 2

None of these really works unless you have the simplest of scripted builds going. Like @Tyler said, PackageApplication doesn't support specifying the keychain, and some versions of xcode will require there be no duplicate certificates across keychains when they check dependencies.

Don't waste your times, just call Apple and ask them to rename one of your certificates (they will actually rename your company --- by appending a suffix --- and you just have to regenerate your certificates and update your profiles).

Answer 3

I ran into the same problem while trying to set up CI for our iOS projects. I ended up updating the PackageApplication Perl script to support passing a keychain option. Location:

 /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/PackageApplication

I'm still waiting for some licensing clarification from Apple so that I can publish my updated script to GitHub.

Answer 4

I found that if I didn't add the keychain to keychain search list, xcodebuild would not respect the OTHER_CODE_SIGN_FLAG --keychain setting. I had to add this code:

// Early in the script
ORIGINAL_KEYCHAINS=`security list-keychains -d user`

// After I create my keychain, add it to the list
security list-keychains -d user -s ${ORIGINAL_KEYCHAINS} "${KEYCHAIN_NAME}"

// On cleanup
security list-keychains -d user -s ${ORIGINAL_KEYCHAINS} 

Needless to say, I lost hours figuring this out.

Also of help, making sure the keychain stays open for the length of your build. As advised here:

security -v set-keychain-settings -lut 7200 ${KEYCHAIN_NAME}