Closed BlackWolf closed 7 years ago
It seems like this issue might be related to code signing :no_entry_sign:
Have you seen our new Code Signing Troubleshooting Guide? It will help you resolve the most common code signing issues :+1:
As an update to this: The problem seems to be that match never imports the Distribution Certificate into the keychain on the CI.
It initially worked because the old certificate was already imported via the XCode plugin. At some point, match created a new certificate and new provisioning profiles on the ADP. Everything is also correctly uploaded to the git repo. It seems match does download and use the new provisioning profiles, it apparently does NOT import the new certificate, obviously leading to a signing error.
Strangely enough, I think everything works correctly on my local machine.
Any idea on why this happens? I would love to eventually automate the entire process, so manually uploading the new distribution certificate does not seem like a good solution, and as far as I understand, match should handle this, right?
I can definitely confirm this is the issue. I provided a separate .keychain file that already contains the Distribution Certificate to match (using unlock_keychain()
) and everything is all peachy. But, like I said, doing this manually is not really an option for me (since the whole point of using match for us is to fully automate the whole certificate/profile stuff)
I was able to track this down further to an error with escaping paths when importing certificates. I moved this to a new issue: #8929
New Issue Checklist
Issue Description
When running
match
on Jenkins withreadonly: false
, the appstore certificate returns:Could not find a matching code signing identity for type 'AppStore'
Strangely enough, development and adhoc work just fine and everything runs fine on my local machine (and did initially on the CI as well). Another oddity is that the last part of the app identifier is masked with asterisks in the output on the CI, while the app identifier appears normal on my local machine. The lane I'm running is
jenkins_push_certs
(see below for the fastfile).Also, I added the whole
create_keychain()
stuff later in an attempt to fix things. The behaviour is the same when using the default keychain.Complete output when running fastlane, including the stack trace and command used
(sorry the output is a bit messed up, this is how Jenkins hands it to me, though):
Environment
Please run
fastlane env
and copy the output below. This will help us help you :+1: If you used--capture_output
option please remove this block - as it is already included there.✅ fastlane environment ✅
### Stack | Key | Value | | --------------------------- | ------------------------------------------- | | OS | 10.12.1 | | Ruby | 2.2.4 | | Bundler? | false | | Git | git version 2.10.1 (Apple Git-78) | | Installation Source | ~/.fastlane/bin/bundle/bin/fastlane | | Host | Mac OS X 10.12.1 (16B2555) | | Ruby Lib Dir | ~/.fastlane/bin/bundle/lib | | OpenSSL Version | OpenSSL 1.0.2g 1 Mar 2016 | | Is contained | true | | Is homebrew | false | | Is installed via Fabric.app | false | | Xcode Path | /Applications/Xcode.app/Contents/Developer/ | | Xcode Version | 8.2.1 | ### System Locale | Variable | Value | | | -------- | ----------- | - | | LANG | en_US.UTF-8 | ✅ | | LC_ALL | en_US.UTF-8 | ✅ | | LANGUAGE | en_US.UTF-8 | ✅ | ### fastlane files:`./fastlane/Fastfile`
```ruby # More documentation about how to customize your build # can be found here: # https://docs.fastlane.tools fastlane_version "1.109.0" # This value helps us track success metrics for Fastfiles # we automatically generate. Feel free to remove this line # once you get things running smoothly! generated_fastfile_id "72d2852a-5534-4249-ae1d-1e74de2b5b4a" default_platform :ios # Fastfile actions accept additional configuration, but # don't worry, fastlane will prompt you for required # info which you can add here later lane :jenkins_prepare do setup_jenkins end lane :jenkins_update_certs do match(app_identifier: "com.example.****", type: "development", readonly: true, git_url: ""ssh://thegiturl/repo.git") match(app_identifier: "com.example.****", type: "adhoc", readonly: true, git_url: ""ssh://thegiturl/repo.git") match(app_identifier: "com.example.****", type: "appstore", readonly: true, git_url: ""ssh://thegiturl/repo.git") end lane :jenkins_push_certs do # Create a new keychain where we can store our cert so we don't do it in a global keychain if File.exists?(File.expand_path('../fastlane/match.keychain')) delete_keychain( keychain_path: File.expand_path('../fastlane/match.keychain') ) end create_keychain( path: File.expand_path('../fastlane/match.keychain'), password: "somepassword", default_keychain: false, unlock: true, timeout: 60, lock_when_sleeps: true, lock_after_timeout: 60, add_to_search_list: false ) setup_jenkins() match(app_identifier: "com.example.fastlanetest", type: "development", readonly: false, git_url: "ssh://thegiturl/repo.git", force_for_new_devices: true, username: "someone@mycompany.com", verbose: true, keychain_name: "./fastlane/match.keychain", keychain_password: "somepassword") match(app_identifier: "com.example.fastlanetest", type: "adhoc", readonly: false, git_url: "ssh://thegiturl/repo.git", force_for_new_devices: true, username: "someone@mycompany.com", verbose: true, keychain_name: "./fastlane/match.keychain", keychain_password: "somepassword") match(app_identifier: "com.example.fastlanetest", type: "appstore", readonly: false, git_url: "ssh://thegiturl/repo.git", force_for_new_devices: true, username: "someone@mycompany.com", verbose: true, keychain_name: "./fastlane/match.keychain", keychain_password: "somepassword") end lane :jenkins_build do gym(scheme: "Fastlanetest - Adhoc", clean: true) end lane :create_snapshots do snapshot(scheme: "FastlanetestUITests", languages: ["en-US", "de-DE"], clear_previous_screenshots: true) frameit end ````./fastlane/Appfile`
```ruby # The Appfile can be used to specify information that's used across all fastlane # tools, like your username or the app's bundle identifier. # # For more details, check out the documentation at: # https://github.com/fastlane/fastlane/blob/master/fastlane/docs/Appfile.md # app_identifier "com.your.app" # the bundle identifier of your app # apple_id "apple@fastlane.tools" # Your Apple ID ```Loaded gems
| Gem | Version | | ------------------------- | ------------ | | CFPropertyList | 2.3.5 | | activesupport | 4.2.7.1 | | addressable | 2.5.0 | | babosa | 1.0.2 | | bigdecimal | 1.2.6 | | bundler | 1.14.3 | | claide | 1.0.1 | | colored | 1.2 | | commander | 4.4.3 | | commander-fastlane | 4.4.4 | | domain_name | 0.5.20161129 | | dotenv | 2.2.0 | | excon | 0.54.0 | | faraday | 0.11.0 | | faraday-cookie_jar | 0.0.6 | | faraday_middleware | 0.11.0.1 | | fastimage | 2.0.1 | | gh_inspector | 1.0.3 | | google-api-client | 0.9.26 | | googleauth | 0.5.1 | | highline | 1.7.8 | | http-cookie | 1.0.3 | | httpclient | 2.8.3 | | hurley | 0.2 | | i18n | 0.7.0 | | io-console | 0.4.3 | | json | 1.8.1 | | jwt | 1.5.6 | | libxml-ruby | 2.9.0 | | little-plugger | 1.1.4 | | logging | 2.1.0 | | memoist | 0.15.0 | | mime-types | 3.1 | | mime-types-data | 3.2016.0521 | | mini_magick | 4.5.1 | | minitest | 5.4.3 | | multi_json | 1.12.1 | | multi_xml | 0.6.0 | | multipart-post | 2.0.0 | | nanaimo | 0.2.3 | | nokogiri | 1.5.6 | | os | 0.9.6 | | plist | 3.2.0 | | power_assert | 0.2.2 | | psych | 2.0.8 | | public_suffix | 2.0.5 | | rake | 10.4.2 | | rdoc | 4.2.0 | | representable | 2.3.0 | | retriable | 2.1.0 | | rouge | 1.11.1 | | rubygems-update | 2.5.2 | | rubyzip | 1.2.0 | | security | 0.1.3 | | signet | 0.7.3 | | slack-notifier | 1.5.1 | | sqlite3 | 1.3.13 | | terminal-notifier | 1.7.1 | | terminal-table | 1.7.3 | | test-unit | 3.0.8 | | thread_safe | 0.3.5 | | tty-screen | 0.5.0 | | tzinfo | 1.2.2 | | uber | 0.0.15 | | unf | 0.1.4 | | unf_ext | 0.0.7.2 | | unicode-display_width | 1.1.3 | | word_wrap | 1.0.0 | | xcodeproj | 1.4.2 | | xcpretty | 0.2.4 | | xcpretty-travis-formatter | 0.0.4 |