Support generation of unsigned IPAs

[richardszalay]

New Issue Checklist

• Updated fastlane to the latest version
• I have read the Contribution Guidelines

Issue Description

🔑 I'm doing a blog series on creating a "build-once" deployment pipeline using fastlane. As part of this process, the signing of the IPA happens at deployment time, at the moment the configuration is known, rather than at build.

I'd like to propose the addition of an "unsigned" option for gym.

tl;dr I'm happy to contribute the PR, which would simply add "CODE_SIGNING_REQUIRED=NO CODE_SIGN_IDENTITY=''" to the archive command when the "unsigned"option is true

As for why it's needed: It's currently possible without a flag, but hoops need to be jumped. Namely, xcodebuild's archive command requires a SIGNING_IDENTITY value, even if it's blank. However, providing a "signing_identity" option as a blank string also causes it to trigger the "--signed" argument for the export command.

The feature could also be implemented by having the export archive command generator deal with blank signing_identity values, but I feel that an explicit option would better express intent.

Thoughts?

[fastlane-bot]

It seems like this issue might be related to code signing 🚫

Have you seen our new Code Signing Troubleshooting Guide? It will help you resolve the most common code signing issues 👍

[mgrebenets]

I assume the build environment has no signing identity in the keychain at all. Is that the case?

Otherwise, it doesn't really matter how you sign the app initially, you can resign it afterwards, e.g. using sigh resign command.

[richardszalay]

@mgrebenets Correct, the idea is to have no signing identities involved at all until deployment, when resign is called.

But my issue is that fastlane actually makes it difficult to create an unsigned IPA for this purpose. It's still possible, via the workaround I mentioned above, but it would be cleaner to have an unsigned flag supported by gym.

[mgrebenets]

I haven't tried it myself yet, what happens if you pass CODE_SIGNING_REQUIRED=NO to gym's xcargs option?

I've looked through the source (build_command_generator.rb).
If I read it correctly, using codesigning_identity does not set CODE_SIGNING_REQUIRED to YES, so using blank identity plus CODE_SIGNING_REQUIRED=NO added to xcargs should result into unsigned build.

Adding new unsigned option would be a convenience shortcut instead of using xcargs.

[richardszalay]

@mgrebenets That would indeed work, but the exporting half of gym sees a (blank) value for signing_identity and supplies a --sign value to xcodebuild exportArchive, which fails.

I did mention this in the original post, apologies if it wasn't clear.

[jjochen]

@richardszalay I can't figure out what your workaround is.

I'm setting xcargs to "CODE_SIGNING_REQUIRED=NO CODE_SIGN_IDENTITY=", but the exportArchive command fails.

I would, by the way, be very much interested in this addition to gym.

[richardszalay]

@jjochen Blog series incoming (when I can get around to finishing it)

Are you passing anything at all as signing_identity to gym? The option needs to be absent. Failing that, what error are you seeing?

Feel free to create a stack overflow question, or email me (firstname@firstnamelastname.com)

[richardszalay]

I've finally published my blog series, which might give some context as to why I wanted to do this - https://blog.richardszalay.com/2016/08/22/ios-deploy-pipeline-1-introduction/

[TKBurner]

@richardszalay Awesome! Thanks so much for sharing.

[fastlane-bot]

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.

Please make sure to update to the latest fastlane version and check if that solves the issue. Let us know if that works for you by adding a comment 👍

[fastlane-bot]

This issue will be auto-closed because there hasn't been any activity for a few months. Feel free to open a new one if you still experience this problem 👍