For a few days, our macOS VMs spontaneously switch between having an enabled or disabled System Integrity Protection (SIP). Our build process relies on having SIP turned off so the build often fails. We can’t identify a pattern here but it’s failing more than it succeeds and rebuilding a couple of times solves the issue most of the time.
Where did the issue happen?
We’re using a macOS VM with an Xcode 11.3.x on macOS 10.14.6 (Mojave) Stack triggered by Bitbucket via a pull request.
Which build Step causes the issue and which version of the step?
The issue happens in a bash Script step (v1.1.5) when we attempt to write into an SIP protected directory (~/Library/Containers/com.apple.mail/…).
Most of the time when we trigger Bitrise using a pull request, the build fails. Manually rebuilding a couple times finally makes the build succeed. The issue seems to have started a few days ago.
We can verify that the unintentionally enabled Security Integrity Protection is the cause of this error because we’re echoing
csrutil status in the script step before we make the failing call and the result is often:
System Integrity Protection status: enabled.