codesign returns User Interaction is not allowed


I have a mac builder setup/connected through team city and already have build scripts running/working to compile my cpp code. I am trying to codesign my libraries using codesign application on Mac OS X Leopard.

Here is the sample command to do codesign

codesign -s "Identity" "ApplicationName"

If I connect to my mac builder through VNC and run this command, it works fine. However, when i put this command in my buildscirpt and call this script from team city, the above command returns "User Interaction is not allowed."

After doing some research, I found out that i may have to unlock the keychain before i use the certificate from that keychain.

I am using this command to unlock my keychain:

security unlock-keychain -p "password" "/Library/Keychains/System.keychain"

I have tested the above command by connecting my mac builder from other mac machine using SSH and call the codesign script and it works fine. However, I run the same script from teamcity and still getting the same error message.

I believe teamcity connects to the mac builder over a HTTP protocol. I tried to google that error for http connection but I didnt find anything significant answer.

Can someone please help me how can I call codesign command from team city to my mac builder.

Thanks in advance,

Comment actions Permalink


   Sorry for delay with answer.

   I'm not very familiar with codesign tool, but a couple of things to consider:

   - did you run your tests with SSH command using the same account which is used to run TeamCity build agent?
   - are you sure that you've unlocked the correct keychain?

  Can you probably run "env" command from TeamCity and from the command line and compare results?


Comment actions Permalink

Hi Kirill,

Thanks a lot for replying to my post. I had followed the suggestions you mentioned and nothing worked.

I found a way to fix the problem so just posting it here for people out there struggling with the same problem.


If you are trying to codesign the mac libraries and compiling your code in Xcode then you can call the codesign commands under xcode project settings and that way you dont have to create a separate script.

Second, under your certificate private key, do right click -> Get Info. Under Access Control tab, select the "Allow all application to access this item".

That is all and you should be able to access the codesign from team city builders.


Comment actions Permalink

Thanks, this was helpful. Perhaps this could be added to the TeamCity documentation somewhere?

One other little tidbit of (hopefully) helpful information...

When I set up the LaunchDaemon plist for the TeamCity macosx agent, I added:


When TeamCity auto-loads after a reboot, this will create a session for the security to work. I still need to call "security unlock-keychain ..." before I run "codesign ..." in my command-line runner step.


Patrick Baker
Pointwise, Inc.


Please sign in to leave a comment.