Passphrase Required for Code Signing Certificate

[Nathan-Heller]

Troubleshooting

• [X] I've searched discuss.bitrise.io for possible solutions.
• Which version of the step is effected? 1.2.3
• Is the issue reproducible with the latest version? YES
• Does the issue happen sporadically, or every time? EVERY TIME
• Is the issue reproducible locally by following our local debug guide? NOT APPLICABLE

Useful information

• FAQ
• devcenter.bitrise.io

Issue description

This step expects a passphrase to be provided with the .p12 certificate, but that passphrase isn't REQUIRED to be provided during passphrase generation. This leads to passphraseless certs being unusable.

NOTE: I have replaced our old certificate with a new one that was generated with a passphrase as a workaround.

Bitrise info

• Build URL
• Bitrise Support enabled: _YES
• Log:

Config: failed to parse config:
- CertificatePassphraseList: required variable is not present
Config:
- distribution_method: app-store
- project_path: ./ios/Runner.xcworkspace
- scheme: Staging
- configuration: Release
- apple_service_connection: api-key
- register_test_devices: false
- min_profile_validity: 0
- sign_uitest_targets: false
- apple_team_id: 
- certificate_url_list: [REDACTED]
- passphrase_list: 
- keychain_path: /Users/[REDACTED]/Library/Keychains/login.keychain
- keychain_password: *****
- build_api_token: [REDACTED]
- build_url: https://app.bitrise.io/build/9820f0ba-8ba7-417d-92da-6bcd4f375788
- verbose_log: true
  

Steps to reproduce

1. Create an Apple Service Connection with an API key See here
2. Generate a code signing cert without a passphrase
3. Upload it to bitrise
4. Add this step to a bitrise workflow
5. Run workflow
6. Observe failure

[OscarGorog]

Having this same problem...

[ofalvai]

Hey, thank you for the bugreport. It's indeed not working when the passphrase is empty, we'll take a look and fix it. I can't provide an ETA, but in the meantime please use a certificate with a password as a workaround (which is a good security practice in itself).

[spacedema]

@ofalvai Hi. Is this error related to the current one? Automatic code signing failed: failed to install codesigning files: failed to install certificate: security set-key-partition-list -S apple-tool:,apple: -k ***** /Users/[REDACTED]/Library/Keychains/login.keychain-db failed: security: SecKeychainItemSetAccessWithPassword: The user name or passphrase you entered is not correct.

Update: It seems that this error is reproduced only on Xcode 13.3.x on MacOS 12.2(Monterey) Everything is OK on Xcode 13.2.x on MacOS 12.0(Monterey)

[ofalvai]

This issue is now fixed in the latest version of the step.

[OscarGorog]

Great, thanks!