Missing Apple WWDR intermediate certificate #20518
Comments
|
It seems like you have not included the output of |
|
Not exactly, I was able to reproduce it locally as well on my Mac Mini, where the default keychain was used. |
|
thanks, i got stuck not knowing to use the G3 cert but read you had a workaround with this. personally, i added it to login and system keychains and seems to be work now for me, appears my default is the login keychain. |
|
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Friendly reminder: contributions are always welcome! Check out CONTRIBUTING.md for more information on how to help with This issue will be auto-closed if there is no reply within 1 month. |
|
This issue will be auto-closed because there hasn't been any activity for a few months. Feel free to open a new one if you still experience this problem 👍 |
New Issue Checklist
Issue Description
The top-level issue is that fastlane will error with no codesigning certificates found. This boils down to the correct certificates not being marked as trusted on the machine as they can't form the chain to the root CA (missing ICA)
The ICA that fastlane downloads is:
Subject name:
CN: Apple Worldwide Developer Relations Certification Authority
OU: G6
...
Issuer name:
CN: Apple Root CA - G3
OU: Apple Certification Authority
....
but the needed ICA is:
Subject name:
CN: Apple Worldwide Developer Relations Certification Authority
OU: G3
...
Issuer name:
CN: Apple Root CA
OU: Apple Certification Authority
...
This is the link to the certificate - https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
Further proof is that manually adding that certificate to the Keychain resolves the problem.
Command executed
Complete output when running fastlane, including the stack trace and command used
$ bundle exec fastlane ios internal [00:36:01]: Sending anonymous analytics information [00:36:01]: Learn more at https://docs.fastlane.tools/#metrics [00:36:01]: No personal or sensitive data is sent. [00:36:01]: You can disable this by adding `opt_out_usage` at the top of your Fastfile [00:36:01]: ------------------------------ [00:36:01]: --- Step: default_platform --- [00:36:01]: ------------------------------ [00:36:01]: --------------------------------------- [00:36:01]: --- Step: app_store_connect_api_key --- [00:36:01]: --------------------------------------- [00:36:01]: Driving the lane 'ios internal' 🚀 [00:36:01]: ---------------------- [00:36:01]: --- Step: setup_ci --- [00:36:01]: ---------------------- [00:36:01]: Creating temporary keychain: "fastlane_tmp_keychain". [00:36:02]: $ security list-keychains -d user [00:36:02]: ▸ "/Users/travis/Library/Keychains/fastlane_tmp_keychain-db" [00:36:02]: Found keychain '/Users/travis/Library/Keychains/fastlane_tmp_keychain-db' in list-keychains, adding to search list skipped [00:36:02]: Enabling match readonly mode. [00:36:02]: ------------------- [00:36:02]: --- Step: match --- [00:36:02]: ------------------- [00:36:02]: Successfully loaded '/Users/travis/build/xxxxx/main/eque-app/fastlane/Matchfile' 📄 +----------------+--------------------------------------------+ | Detected Values from './fastlane/Matchfile' | +----------------+--------------------------------------------+ | git_url | https://xxxxx.git | | storage_mode | git | | type | development | | app_identifier | ["xxxxx"] | | username | xxxxx | +----------------+--------------------------------------------+ +----------------------------------------+--------------------------------------------+ | Summary for match 2.208.0 | +----------------------------------------+--------------------------------------------+ | type | adhoc | | api_key | ******** | | readonly | true | | generate_apple_certs | false | | skip_provisioning_profiles | false | | app_identifier | ["xxxxx"] | | username | xxxxx | | team_id | xxxxx | | storage_mode | git | | git_url | https://xxxxx.git | | git_branch | master | | shallow_clone | false | | clone_branch_directly | false | | git_basic_authorization | ******** | | skip_google_cloud_account_confirmation | false | | keychain_name | fastlane_tmp_keychain | | force | false | | force_for_new_devices | false | | include_all_certificates | false | | force_for_new_certificates | false | | skip_confirmation | false | | safe_remove_certs | false | | skip_docs | false | | platform | ios | | derive_catalyst_app_identifier | false | | fail_on_name_taken | false | | skip_certificate_matching | false | | skip_set_partition_list | false | | verbose | false | +----------------------------------------+--------------------------------------------+ [00:36:02]: Cloning remote git repo... [00:36:02]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match. [00:36:03]: Checking out branch master... [00:36:03]: 🔓 Successfully decrypted certificates repo [00:36:03]: Installing certificate... [00:36:03]: There are no local code signing identities found. You can run `security find-identity -v -p codesigning fastlane_tmp_keychain` to get this output. This Stack Overflow thread has more information: https://stackoverflow.com/q/35390072/774. (Check in Keychain Access for an expired WWDR certificate: https://stackoverflow.com/a/35409835/774 has more info.) [00:36:04]: Setting key partition list... (this can take a minute if there are a lot of keys installed) [00:36:04]: security: SecItemCopyMatching: The specified item could not be found in the keychain. [00:36:04]: Setting key partition list... (this can take a minute if there are a lot of keys installed) +-------------------+---------------------------------------------------+ | Installed Certificate | +-------------------+---------------------------------------------------+ | User ID | xxxxx | | Common Name | Apple Distribution: xxxxx (xxxxx) | | Organisation Unit | xxxxx | | Organisation | xxxxx | | Country | xxxxx | | Start Datetime | xxxxx | | End Datetime | xxxxx | +-------------------+---------------------------------------------------+ [00:36:04]: Installing provisioning profile... [00:36:04]: get_cert_info: path name contains null byte +---------------------+-----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | Installed Provisioning Profile | +---------------------+-----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | Parameter | Environment Variable | Value | +---------------------+-----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ | App Identifier | | xxxxx | | Type | | adhoc | | Platform | | ios | | Profile UUID | sigh_xxxxx_adhoc | c837154a-7686-4649-b6fc-1daecee4058a | | Profile Name | sigh_xxxxx_profile-name | match AdHoc xxxxx | | Profile Path | sigh_xxxxx_profile-path | /Users/travis/Library/MobileDevice/Provisioning Profiles/c837154a-7686-4649-b6fc-1daecee4058a.mobileprovision | | Development Team ID | sigh_xxxxx_adhoc_team-id | xxxxx | | Certificate Name | sigh_xxxxx_adhoc_certificate-name | | +---------------------+-----------------------------------------------+---------------------------------------------------------------------------------------------------------------+ [00:36:04]: All required keys, certificates and provisioning profiles are installed 🙌 [00:36:04]: Setting Provisioning Profile type to 'ad-hoc' [00:36:04]: -------------------------------------------- [00:36:04]: --- Step: latest_testflight_build_number --- [00:36:04]: -------------------------------------------- [00:36:04]: Creating authorization token for App Store Connect API [00:36:04]: Fetching the latest build number for any version [00:36:05]: Latest upload for version 1.0 on ios platform is build: 2 [00:36:05]: ------------------------------------ [00:36:05]: --- Step: increment_build_number --- [00:36:05]: ------------------------------------ There does not seem to be a CURRENT_PROJECT_VERSION key set for this project. Add this key to your target's expert build settings. [00:36:05]: $ cd /Users/travis/build/xxxxx/ios/App && agvtool new-version -all 3 && cd - [00:36:06]: ▸ Setting version of project App to: [00:36:06]: ▸ xxxxx. [00:36:06]: ▸ Also setting CFBundleVersion key (assuming it exists) [00:36:06]: ▸ Updating CFBundleVersion in Info.plist(s)... [00:36:06]: ▸ Updated CFBundleVersion in "App.xcodeproj/../App/Info.plist" to 3 [00:36:06]: ▸ /Users/travis/build/xxxxx [00:36:06]: ----------------- [00:36:06]: --- Step: gym --- [00:36:06]: ----------------- [00:36:06]: $ xcodebuild -showBuildSettings -workspace ./ios/App/App.xcworkspace -scheme App [00:36:07]: Detected provisioning profile mapping: {:"xxxxx"=>"match AdHoc xxxxx"} +-------------------------------------------------------+-----------------------------------------------------------+ | Summary for gym 2.208.0 | +-------------------------------------------------------+-----------------------------------------------------------+ | workspace | ./ios/App/App.xcworkspace | | scheme | App | | clean | true | | export_team_id | xxxxx | | export_method | ad-hoc | | export_options.provisioningProfiles.xxxxx | match AdHoc xxxxx | | output_directory | . | | output_name | App | | silent | false | | skip_package_ipa | false | | skip_package_pkg | false | | build_path | /Users/travis/Library/Developer/Xcode/Archives/2022-07-31 | | result_bundle | false | | buildlog_path | ~/Library/Logs/gym | | destination | generic/platform=iOS | | xcodebuild_formatter | xcpretty | | skip_profile_detection | false | | xcodebuild_command | xcodebuild | | skip_package_dependencies_resolution | false | | disable_package_automatic_updates | false | | use_system_scm | false | | xcode_path | /Applications/Xcode-9.4.1.app | +-------------------------------------------------------+-----------------------------------------------------------+ [00:36:07]: $ set -o pipefail && xcodebuild -workspace ./ios/App/App.xcworkspace -scheme App -destination 'generic/platform=iOS' -archivePath /Users/travis/Library/Developer/Xcode/Archives/2022-07-31/App\ 2022-07-31\ 00.36.07.xcarchive clean archive | tee /Users/travis/Library/Logs/gym/App-App.log | xcpretty [00:36:09]: ▸ Cleaning App/App [Debug] [00:36:09]: ▸ Check Dependencies [00:36:09]: ▸ ** CLEAN FAILED ** [00:36:09]: ▸ The following build commands failed: [00:36:09]: ▸ Check dependencies [00:36:09]: ▸ (1 failure) [00:36:09]: ▸ Building App/App [Release] [00:36:09]: ▸ Check Dependencies [00:36:09]: ▸ ** ARCHIVE FAILED ** [00:36:09]: ▸ The following build commands failed: [00:36:09]: ▸ Check dependencies [00:36:09]: ▸ (1 failure) ▸ Cleaning App/App [Debug] ▸ Check Dependencies ** CLEAN FAILED ** The following build commands failed: Check dependencies (1 failure) ▸ Building App/App [Release] ▸ Check Dependencies ** ARCHIVE FAILED ** The following build commands failed: Check dependencies (1 failure) [00:36:09]: Exit status: 65 [00:36:09]: [00:36:09]: Maybe the error shown is caused by using the wrong version of Xcode [00:36:09]: Found multiple versions of Xcode in '/Applications/' [00:36:09]: Make sure you selected the right version for your project [00:36:09]: This build process was executed using '/Applications/Xcode-9.4.1.app' [00:36:09]: If you want to update your Xcode path, either [00:36:09]: [00:36:09]: - Specify the Xcode version in your Fastfile [00:36:09]: ▸ xcversion(version: "8.1") # Selects Xcode 8.1.0 [00:36:09]: [00:36:09]: - Specify an absolute path to your Xcode installation in your Fastfile [00:36:09]: ▸ xcode_select "/Applications/Xcode8.app" [00:36:09]: [00:36:09]: - Manually update the path using [00:36:09]: ▸ sudo xcode-select -s /Applications/Xcode.app [00:36:09]: +---------------+-------------------------------+ | Build environment | +---------------+-------------------------------+ | xcode_path | /Applications/Xcode-9.4.1.app | | gym_version | 2.208.0 | | export_method | ad-hoc | | sdk | iPhoneOS11.4.sdk | +---------------+-------------------------------+ [00:36:09]: ▸ Check dependencies [00:36:09]: ▸ The file “Pods-App.release.xcconfig” couldn’t be opened because there is no such file. (/Users/travis/build/xxxxx/ios/App/Pods/Target Support Files/Pods-App/Pods-App.release.xcconfig) [00:36:09]: ▸ Code Signing Error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID "xxxxx" with a private key was found. [00:36:09]: ▸ The “Swift Language Version” (SWIFT_VERSION) build setting must be set to a supported value for targets which use Swift. This setting can be set in the build settings editor. [00:36:09]: ▸ Code Signing Error: Code signing is required for product type 'Application' in SDK 'iOS 11.4' [00:36:09]: [00:36:09]: ⬆️ Check out the few lines of raw `xcodebuild` output above for potential hints on how to solve this error [00:36:09]: 📋 For the complete and more detailed error log, check the full log at: [00:36:09]: 📋 /Users/travis/Library/Logs/gym/App-App.log [00:36:09]: [00:36:09]: Looks like fastlane ran into a build/archive error with your project [00:36:09]: It's hard to tell what's causing the error, so we wrote some guides on how [00:36:09]: to troubleshoot build and signing issues: https://docs.fastlane.tools/codesigning/getting-started/ [00:36:09]: Before submitting an issue on GitHub, please follow the guide above and make [00:36:09]: sure your project is set up correctly. [00:36:09]: fastlane uses `xcodebuild` commands to generate your binary, you can see the [00:36:09]: the full commands printed out in yellow in the above log. [00:36:09]: Make sure to inspect the output above, as usually you'll find more error information there [00:36:09]: +------------------------------------+--------------------------------------------------------+ | Lane Context | +------------------------------------+--------------------------------------------------------+ | DEFAULT_PLATFORM | android | | PLATFORM_NAME | ios | | LANE_NAME | ios internal | | KEYCHAIN_PATH | ~/Library/Keychains/fastlane_tmp_keychain | | ORIGINAL_DEFAULT_KEYCHAIN | "/Users/travis/Library/Keychains/login.keychain-db" | | SIGH_PROFILE_TYPE | ad-hoc | | MATCH_PROVISIONING_PROFILE_MAPPING | {"xxxxxx"=>"match AdHoc xxxxx"} | | LATEST_TESTFLIGHT_BUILD_NUMBER | 2 | | LATEST_TESTFLIGHT_VERSION | 1.0 | | BUILD_NUMBER | 3 | +------------------------------------+--------------------------------------------------------+ [00:36:09]: Error building the application - see the log above +------+--------------------------------+-------------+ | fastlane summary | +------+--------------------------------+-------------+ | Step | Action | Time (in s) | +------+--------------------------------+-------------+ | 1 | default_platform | 0 | | 2 | app_store_connect_api_key | 0 | | 3 | setup_ci | 0 | | 4 | match | 2 | | 5 | latest_testflight_build_number | 0 | | 6 | increment_build_number | 1 | | 💥 | gym | 3 | +------+--------------------------------+-------------+ [00:36:09]: fastlane finished with errors [!] Error building the application - see the log above The command "bundle exec fastlane ios internal" exited with 1. Done. Your build exited with 1.Environment
It's a CI environment, but I could successfully reproduce it on a couple of Macs I've tried.
The text was updated successfully, but these errors were encountered: