|
At the beginning of a build, after the keychain is copied the following commands are issued:
security list-keychain -s <KeychainName>
security default-keychain -d user <KeychainName>
This creates some unintended effects.
Imagine two jobs longjob and shortjob that are started in that order on jenkins.
when longjob starts it sets the keychain-list and default keychain to its keychain, displays the signing identities and all seems right with the world. longjob starts its build..
shortjob starts and sets the keychain-list and default keychain to its keychain, displays the signing identities and all seems right with the world.
longjob is nearly finished and tries to sign the build, but alas, it can't find its keychain (because its keychain is not in the searchlist) and its signing credentials are not in shortjob's keychain (which is the default keychain, and the only keychain in the list) so longjob fails with a signing error.
shortjob signs its build correctly and succeeds.
A job's keychain should be added to the keychain list, instead of replacing the list.
|
