Hi In order to support continuous integration, I've made a builder image with macOS and Xcode installed and I'd like to automate the process of building my workspace targets. So I'm using the following command /usr/bin/xcodebuild clean build -workspace ./myproj.xcworkspace -configuration Release -scheme myScheme In my development machine I'm setting derived data location as relative to project directory from Xcode UI, so the build outputs are written under: my project path/DerivedData/myProj/Build/Products/Debug However, in the build image I cannot set the derived data path since it also serves other projects. Therefore, I'd like to find the appropriate flag to achieve similar behaviour from the xcodebuild command. This means setting derived data location accordingly for all the targets which are being created in the build command. I've tried flags like CONFIGURATION_BUILD_DIR=./DerivedData or  -derivedDataPath ./DerivedData but without success. Any idea where am I go wrong ?

I set the following global environment variables to launchd derives services : sudo launchctl setenv CA_DEBUG_TRANSACTIONS 1 sudo launchctl setenv CA_ASSERT_MAIN_THREAD_TRANSACTIONS 1 And indeed I saw that reflected on SecurityAgent (of type launchAgent) : sudo ps eww 3194 	PID	 TT	STAT			TIME COMMAND 3194	 ??	Ss		 0:00.19 /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent LaunchInstanceID=00000000-0000-0000-0000-00000001873A XPC_SERVICE_NAME=com.apple.security.agent.login CA_DEBUG_TRANSACTIONS=1 CA_ASSERT_MAIN_THREAD_TRANSACTIONS=1 PATH=/usr/bin:/bin:/usr/sbin:/sbin XPC_FLAGS=19 LOGNAME=_securityagent USER=_securityagent HOME=/var/db/securityagent SHELL=/usr/bin/false TMPDIR=/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/T/ But unfortunately, his helper XPC Service doesn’t get them : sudo ps eww 3195 	PID	 TT	STAT			TIME COMMAND 3195	 ??	Ss		 0:00.53 /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/XPCServices/SecurityAgentHelper.xpc/Contents/MacOS/SecurityAgentHelper XPC_SERVICE_NAME=com.apple.SecurityAgentHelper PATH=/usr/bin:/bin:/usr/sbin:/sbin HOME=/var/db/securityagent TMPDIR=/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/T/ XPC_FLAGS=19 LOGNAME=_securityagent USER=_securityagent SHELL=/usr/bin/false Any idea how set it in the helper too even if it’s an xpc service and not an agent, since they both runs by launchd: 	 92	3194		 1	 0 11:42AM ??				 0:00.19 /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent 	 92	3195		 1	 0 11:42AM ??				 0:00.53 /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/XPCServices/SecurityAgentHelper.xpc/Contents/MacOS/SecurityAgentHelper

Hi, I'm currently trying to build my project from command line using Jenkins automation. However, although both methods are using the same code sign parameters, the UI based signing (from Xcode) succeed and when running from xcodebuild it fails for the reason below : /usr/bin/codesign --force --sign my_cert_id --timestamp\=none /Users/bla/file.dylib and the result is : Warning: unable to build chain to self-signed root for signer "Apple Development: userBuilder (...)" /Users/bla/file.dylib: errSecInternalComponent But the same command runs successfully when being invoked from Xcode. My questions are Do the certificate+private key are taken from the keychain in both cases ? Are there are environment variables that may exist only in the Xcode mode ? thanks

I'm running the following command that means to decrypt object from type CFDataRef using key object from type SecKeyRef CFDataRef encryptedCfData = 			 SecKeyCreateDecryptedData(privateKeySecKey,	 						 kSecKeyAlgorithmRSAEncryptionOAEPSHA256, 						 (__bridge CFDataRef)[NSData dataWithBytes:payloadBuff length:payloadLen], 					 &cfErr); Unfortunately, on some scenarios it fails and I get the following errors : Error Domain=NSOSStatusErrorDomain Code=-50 "RSAdecrypt wrong input (err -27)" (paramErr: error in user parameter list) UserInfo={NSDescription=RSAdecrypt wrong input (err -27)} or this one : Error Domain=NSOSStatusErrorDomain Code=-50 "rsa_priv_crypt failed, ccerr=-23" (paramErr: error in user parameter list) UserInfo {NSDescription=rsa_priv_crypt failed, ccerr=-23} I'm trying to understand their meaning, the -50 indicate the one or more of the params are invalid. But what about the inner error codes (-23 and -27) and the meaning of their related strings ("error in user parameter list" and "RSAdecrypt wrong input"). Perhaps someone already have encountered those error messages and can tell me their meaning ? Thanks for the help !

For smartcard login, my certificate contain UPN which is lowercase formatted (i.e. user123). However, in DC its capitalized (i.e. User123). The login fails with the following log (taken from log show) : SmartCard - User is not paired with any smartcard . From the logs it seems that an attempt has been made to lookup this name by opendirectoryd but it has failed since the match policy is case sensitive (or as the logs says, CaseExact.) Here's the relevant message : 2020-12-24 12:40:44.901571+0200 0x1f237&#9;&#9;Info&#9;&#9;&#9;&#9;0x14742&#9;&#9;&#9;&#9;&#9;&#9;&#9;85&#9;&#9; 0 opendirectoryd: [com.apple.opendirectoryd:session] ODQueryCreateWithNode request, NodeID: E4648A1C-B2E1-4329-B702-5CADC51B9235, RecordType(s): dsRecTypeStandard:Users, Attribute:dsAttrTypeNative:dn, MatchType: EqualTo, Equality: CaseExact, Value(s): <private>, RequestedAttributes: dsAttrTypeStandard:AuthenticationHint,dsAttrTypeNative:_guest,dsAttrTypeStandard:AuthenticationAuthority,dsAttrTypeStandard:AppleMetaNodeLocation,dsAttrTypeStandard:Rec ordType,dsAttrTypeStandard:GeneratedUID,dsAttrTypeStandard:PrimaryGroupID,dsAttrTypeStandard:RecordName,dsAttrTypeNative:original_authentication_authority, dsAttrTypeStandard:HomeDirectory,dsAttrTypeStandard:UniqueID,dsAttrTypeStandard:RealName,dsAttrTypeStandard:AppleMetaRecordName, dsAttrTypeNative:home_info,dsAttrTypeStandard:NFSHomeDirectory, Max Results: 1 Does the lookup make deliberately in case sensitive. I presume that it simply take the name from the certificate inside the smartCard, but is there an option to match with lowercase ? thanks