[Solved] Xcode Server Build: “Multiple matching codesigning identities found”

It looks like a bug in Server did in fact introduce a duplicate signing identity. I reported it as rdar://21080937, if you’d like to dupe it.

In order to fix it, I had to learn about how Xcode Server stores signing identities (thanks entirely to an extremely helpful answer to an unrelated question).

Xcode Server stores Developer Program certificates in

/Library/Developer/XcodeServer/Keychains/Portal.keychain

Following the steps below, I was able to open the keychain, find the duplicate, remove it, and put it back. These steps are adapted from the answer linked above.

1. Sign out of the Developer Portal from Server.app by removing the developer team you’re having issues with

2. Copy the Portal keychain to your desktop:

   > sudo cp /Library/Developer/XcodeServer/Keychains/Portal.keychain ~/Desktop/
   

   Password: your-administrator-password

   > sudo chown `whoami`:staff ~/Desktop/Portal.keychain 
   

3. Set the Portal keychain password to “123”

   > security set-keychain-password -o "`sudo cat /Library/Developer/XcodeServer/SharedSecrets/PortalKeychainSharedSecret`" ~/Desktop/Portal.keychain 
   

   New Password: 123

   Retype New Password: 123

4. Open the Keychain in Keychain Access:

   > open -b com.apple.keychainaccess ~/Desktop/Portal.keychain
   

5. Unlock the “Portal” keychain using password “123”

6. Find the duplicate keys with the name listed in the error

7. Remove one (I picked the one modified less recently, but it may not matter)

8. Lock the “Portal” keychain, quit “Keychain Access”

9. Reset the Portal keychain password:

   > security set-keychain-password -p "`sudo cat /Library/Developer/XcodeServer/SharedSecrets/PortalKeychainSharedSecret`" ~/Desktop/Portal.keychain 
   

   Password: your-administrator-password (optional step)

   Old Password: 123

   It may or may not ask you for your administrator password again, pay attention to the prompt.

10. Backup the original keychain

    > sudo cp /Library/Developer/XcodeServer/Keychains/Portal.keychain /Library/Developer/XcodeServer/Keychains/Portal.keychain.old
    

11. Copy the Portal keychain back

    > sudo cp ~/Desktop/Portal.keychain /Library/Developer/XcodeServer/Keychains/
    

12. Fix the new keychain’s permissions

    > sudo chown _xcsbuildd:_xcs /Library/Developer/XcodeServer/Keychains/Portal.keychain
    

13. Since the system caches open keychains, restart the server

14. Add your developer team back, in Server.app

15. Run a build, verifying everything looks good. If so, remove the backup copies of the keychain

    > rm ~/Desktop/Portal.keychain
    > sudo rm /Library/Developer/XcodeServer/Keychains/Portal.keychain.old