Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: tonygo_
tonygo_ Author
User level: Level 1
4 points

Facing "User interaction is not allowed" when using "xcrun notarytool store-credentials" on CircleCI

Hi 👋


I'm trying to use `xcrun notarytool store-credentials` on CircleCI.


Here is my script:

xcrun notarytool store-credentials "PROFILE_NAME" --apple-id $MACOS_APPLE_ID --team-id $MACOS_TEAM_ID --password $MACOS_ APP_SPECIFIC_PASSWORD


And the message I got:



This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name.

Validating your credentials...
Success. Credentials validated.
Error: An error occurred while accessing the keychain. User interaction is not allowed.

Exited with code exit status 1


I try this approach but it didn't work: https://discuss.circleci.com/t/macos-setting-password-in-keychain-for-ui-tests-fails-9-10-times/30860/2

Posted on Feb 17, 2023 1:36 AM

Reply
Question marked as Best reply
User profile for user: tonygo_
tonygo_ Author
User level: Level 1
4 points

Posted on Feb 20, 2023 6:50 AM

I finally spotted it!


By default, notarytool will use the default keychain. However, the default keychain may not be accessible in non-interactive shells. We'll add the --keychain flag to the command:


- run:
    name: Add notarization identity
    command: |
        sudo xcrun notarytool store-credentials "PROFILE_NAME" \
            --apple-id $MACOS_APPLE_ID \
            --team-id $MACOS_TEAM_ID \
            --password $APPLE_DEVELOPER_CERT_PASSWORD
            --keychain /Library/Keychains/System.keychain


Also you need to use the `sudo` if you want to avoid a write access issue.


I wrote a little post on my blog: https://tonygo.ghost.io/user-interaction-not-allowed-notarytool-circleci/


Hope it helps ^^

View in context

Similar questions

4 replies
Question marked as Best reply
User profile for user: tonygo_
tonygo_ Author
User level: Level 1
4 points

Feb 20, 2023 6:50 AM in response to tonygo_

I finally spotted it!


By default, notarytool will use the default keychain. However, the default keychain may not be accessible in non-interactive shells. We'll add the --keychain flag to the command:


- run:
    name: Add notarization identity
    command: |
        sudo xcrun notarytool store-credentials "PROFILE_NAME" \
            --apple-id $MACOS_APPLE_ID \
            --team-id $MACOS_TEAM_ID \
            --password $APPLE_DEVELOPER_CERT_PASSWORD
            --keychain /Library/Keychains/System.keychain


Also you need to use the `sudo` if you want to avoid a write access issue.


I wrote a little post on my blog: https://tonygo.ghost.io/user-interaction-not-allowed-notarytool-circleci/


Hope it helps ^^

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
117,729 points

Feb 17, 2023 7:18 AM in response to tonygo_

See if there’s already an entry in Keychain using Keychain Access app, and remove it, and try again?


To re-add:

xcrun notarytool store-credentials "your-notarytool-profile" --apple-id "your-apple-id" --team-id "your-team-id"


Related doc:

Apple Developer Documentation


Good overview:

https://scriptingosx.com/2021/07/notarize-a-command-line-tool-with-notarytool/


Given altool was deprecated and replaced with notarytool, sequences involving altool can be suspect.

Reply

Facing "User interaction is not allowed" when using "xcrun notarytool store-credentials" on CircleCI

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up