The unlock keychain option causes the plugin to unlock the keychain at the beginning of the build.
The keychain may have a lock timeout though (the login.keychain has a default timeout of 300s). If the build takes longer than 300 seconds, the codesign command fails with "User interaction is not allowed."
This can be workaround by increasing the keychain timeout, for example:
$ security set-keychain-settings -l -u -t 3600 /Users/Shared/Jenkins/Library/Keychains/login.keychain
To see the current timeout:
security show-keychain-info /Users/Shared/Jenkins/Library/Keychains/login.keychain
I suggest that the plugin either:
- Removes/increases the keychain timeout
- Emits a warning for when the keychain has a timeout
- Documents this behavior on the plugin page
This seems to be a pretty common problem (judging by stackoverflow posts), and the work-around is not obvious.