目录
  1. 1. IOS 签名错误排查
  2. 2. No certificate for team xxxx matching
  3. 3. errSecInternalComponent 错误
  4. 4. Invalid trust settings.
MobileIOS
, ,
lipengzha
New
Edit

打包 IOS 签名错误排查

IOS 签名错误排查

在 Mac 上直接打包 iOS 时遇到以下错误:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2020-09-27 19:23:48:778 :         /usr/bin/codesign --force --sign 2C74981D1576F95021XXXXXXXXXXA7ECBD8A81A0 --entitlements /Users/buildmachine/Documents/BuildWorkspace/workspace/PackageClient/Client/Intermediate/ProjectFilesIOS/build/FGame.build/Development-iphoneos/FGame.build/FGame.app.xcent --timestamp=none /Users/buildmachine/Documents/BuildWorkspace/workspace/PackageClient/Client/Binaries/IOS/Payload/FGame.app
2020-09-27 19:23:59:896 :     /Users/buildmachine/Documents/BuildWorkspace/workspace/PackageClient/Client/Binaries/IOS/Payload/FGame.app: errSecInternalComponent
2020-09-27 19:23:59:896 :     Command /usr/bin/codesign failed with exit code 1
2020-09-27 19:23:59:896 :   
2020-09-27 19:23:59:899 :     ** BUILD FAILED **
2020-09-27 19:23:59:899 : 
2020-09-27 19:23:59:899 :     The following build commands failed:
2020-09-27 19:23:59:899 :     	CodeSign /Users/buildmachine/Documents/BuildWorkspace/workspace/PackageClient/Client/Binaries/IOS/Payload/FGame.app
2020-09-27 19:23:59:900 :     (1 failure)
2020-09-27 19:23:59:915 :   Took 15.181822s to run env, ExitCode=65
2020-09-27 19:23:59:920 :   ERROR: CodeSign Failed
2020-09-27 19:23:59:920 :          (see /Users/buildmachine/Library/Logs/Unreal Engine/LocalBuildLogs/BuildCookRun/Log.txt for full exception trace)
2020-09-27 19:23:59:922 :   AutomationTool exiting with ExitCode=32 (Error_FailedToCodeSign)
2020-09-27 19:23:59:962 : Took 568.832115s to run mono, ExitCode=32
2020-09-27 19:23:59:974 : AutomationTool exiting with ExitCode=1 (Error_Unknown)
2020-09-27 19:24:00:010 : RunUAT ERROR: AutomationTool was unable to run successfully.

可以看到是执行 codesign 的时候遇到了错误导致打包失败的。

这是因为打包时会访问钥匙串,需要输入密码授权,如果弹窗之后没有授权就会导致 codesign 执行失败。Stack overflow 上有相同的问题:Xcode Command /usr/bin/codesign failed with exit code 1 : errSecInternalComponent

解决方案有三种:

  1. 在打包时的弹窗中输入密码解锁钥匙串
  2. 在打包之前的解锁钥匙串
  3. 在弹窗中输入密码后选择始终允许 codesign 访问钥匙串

解锁钥匙串使用以下终端命令:

1
$ security unlock-keychain login.keychain

No certificate for team xxxx matching

如果有以下错误提示:

1
Code Signing Error: No certificate for team '9TV4ZYSS4J' matching 'iPhone Developer: Created via API (JDPXHYVWYZ)' found: Select a different signing certificate for CODE_SIGN_IDENTITY, a team that matches your selected certificate, or switch to autom atic provisioning.

解决办法:

  1. 在 Mac 上的 ~/Library/MobileDevice/Provisioning\ Profiles 清理掉多余的 mobileprovision 文件。
  2. 在 Mac 钥匙串中清理掉过期的开发者证书
  3. 重新导入 mobileprovision 与证书

注意:导入的 mobileprovision 的文件命名要与在 BaseEngine.ini 中指定的 MobileProvision 相同。

errSecInternalComponent 错误

是因为通过 ssh 去调用 /usr/bin/codesign 访问钥匙串没有权限,可以使用以下命令在 ssh 中执行解锁:

1
security unlock-keychain -p password login.keychain

在 UE 远程构建时,可以先执行这条命令在当前的 ssh 环境下解锁 keychain,使后面的签名可以正常执行。
修改 UE 中的 Engine\Build\BatchFiles\Mac\Build.sh 文件,在调用 UBT 编译之前,写入以下内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#!/bin/sh

cd "`dirname "$0"`/../../../.."

# Setup Mono
source Engine/Build/BatchFiles/Mac/SetupMono.sh Engine/Build/BatchFiles/Mac

if ["$4" == "-buildscw" ] || ["$5" == "-buildscw" ]; then
  echo Building ShaderCompileWorker...
  mono Engine/Binaries/DotNET/UnrealBuildTool.exe ShaderCompileWorker Mac Development
fi
echo unlock mac keychain...
security unlock-keychain -p password login.keychain
echo Running command : Engine/Binaries/DotNET/UnrealBuildTool.exe "$@"
mono Engine/Binaries/DotNET/UnrealBuildTool.exe "$@"

ExitCode=$?
if [$ExitCode -eq 254 ] || [$ExitCode -eq 255 ] || [$ExitCode -eq 2 ]; then
  exit 0
else
  exit $ExitCode
fi

因为编译时会把 Build.sh 通过 RSync 传递到 Mac 上,所以可以看到以下 log:

1
2
3
4
5
6
7
8
9
10
11
[Remote] Executing build
  Running bundled mono, ue_version: Mono JIT compiler version 5.16.0.220 (2018-06/bb3ae37d71a Fri Nov 16 17:12:11 EST 2018)
  unlock mac keychain...
  Running command : Engine/Binaries/DotNET/UnrealBuildTool.exe UnrealHeaderTool Mac Development -SkipRulesCompile -XmlConfigCache=/Users/buildmachine/UE4/Builds/lipengzha-PC2/C/BuildAgent/workspace/FGameEngine/Engine/Engine/Intermediate/Build/XmlConfigCache.bin -precompile -allmodules -Log=/Users/buildmachine/UE4/Builds/lipengzha-PC2/C/BuildAgent/workspace/FGameEngine/Engine/Engine/Programs/AutomationTool/Saved/Logs/UBT-UnrealHeaderTool-Mac-Development_Remote.txt -Manifest=/Users/buildmachine/UE4/Builds/lipengzha-PC2/C/BuildAgent/workspace/FGameEngine/Engine/Engine/Intermediate/Remote/UnrealHeaderTool/Mac/Development/Manifest.xml
  Target is up to date
  Deploying UnrealHeaderTool Mac Development...
  Deploying now!
  Total execution time: 1.01 seconds
[Remote] Downloading C:\BuildAgent\workspace\FGameEngine\Engine\Engine\Intermediate\Remote\UnrealHeaderTool\Mac\Development\Manifest.xml
[Remote] Downloading build products
  receiving file list ... done

这样每次编译都会解锁 keychain,从而避免 ssh 连接时没有访问 codesign 导致的签名错误。

注意:也需要排查 BaseEngine.ini 中 SigningCertificate 的值是否被指定。

Invalid trust settings.

如果 Log 中出现以下错误:

1
2
Code Signing Error: Invalid trust settings. Restore system default trust settings for certificate "iPhone Developer: Created via API (JDPXHYVWYZ)" in order to sign code with it.
Code Signing Error: Code signing is required for product type 'Application' in SDK 'iOS 13.6'

这是因为在 Mac 上的钥匙串中对证书的设置被修改为了 始终信任 ,修改回 使用系统默认 即可。