New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support generation of unsigned IPAs #5617

Closed
richardszalay opened this Issue Aug 5, 2016 · 11 comments

Comments

Projects
None yet
6 participants
@richardszalay

richardszalay commented Aug 5, 2016

New Issue Checklist

Issue Description

馃攽 I'm doing a blog series on creating a "build-once" deployment pipeline using fastlane. As part of this process, the signing of the IPA happens at deployment time, at the moment the configuration is known, rather than at build.

I'd like to propose the addition of an "unsigned" option for gym.

tl;dr I'm happy to contribute the PR, which would simply add "CODE_SIGNING_REQUIRED=NO CODE_SIGN_IDENTITY=''" to the archive command when the "unsigned"option is true

As for why it's needed: It's currently possible without a flag, but hoops need to be jumped. Namely, xcodebuild's archive command requires a SIGNING_IDENTITY value, even if it's blank. However, providing a "signing_identity" option as a blank string also causes it to trigger the "--signed" argument for the export command.

The feature could also be implemented by having the export archive command generator deal with blank signing_identity values, but I feel that an explicit option would better express intent.

Thoughts?

@fastlane-bot

This comment has been minimized.

fastlane-bot commented Aug 5, 2016

It seems like this issue might be related to code signing 馃毇

Have you seen our new Code Signing Troubleshooting Guide? It will help you resolve the most common code signing issues 馃憤

@mgrebenets

This comment has been minimized.

Contributor

mgrebenets commented Aug 10, 2016

I assume the build environment has no signing identity in the keychain at all. Is that the case?

Otherwise, it doesn't really matter how you sign the app initially, you can resign it afterwards, e.g. using sigh resign command.

@richardszalay

This comment has been minimized.

richardszalay commented Aug 10, 2016

@mgrebenets Correct, the idea is to have no signing identities involved at all until deployment, when resign is called.

But my issue is that fastlane actually makes it difficult to create an unsigned IPA for this purpose. It's still possible, via the workaround I mentioned above, but it would be cleaner to have an unsigned flag supported by gym.

@mgrebenets

This comment has been minimized.

Contributor

mgrebenets commented Aug 10, 2016

I haven't tried it myself yet, what happens if you pass CODE_SIGNING_REQUIRED=NO to gym's xcargs option?

I've looked through the source (build_command_generator.rb).
If I read it correctly, using codesigning_identity does not set CODE_SIGNING_REQUIRED to YES, so using blank identity plus CODE_SIGNING_REQUIRED=NO added to xcargs should result into unsigned build.

Adding new unsigned option would be a convenience shortcut instead of using xcargs.

@richardszalay

This comment has been minimized.

richardszalay commented Aug 10, 2016

@mgrebenets That would indeed work, but the exporting half of gym sees a (blank) value for signing_identity and supplies a --sign value to xcodebuild exportArchive, which fails.

I did mention this in the original post, apologies if it wasn't clear.

@jjochen

This comment has been minimized.

Contributor

jjochen commented Aug 15, 2016

@richardszalay I can't figure out what your workaround is.

I'm setting xcargs to "CODE_SIGNING_REQUIRED=NO CODE_SIGN_IDENTITY=", but the exportArchive command fails.

I would, by the way, be very much interested in this addition to gym.

@richardszalay

This comment has been minimized.

richardszalay commented Aug 15, 2016

@jjochen Blog series incoming (when I can get around to finishing it)

Are you passing anything at all as signing_identity to gym? The option needs to be absent. Failing that, what error are you seeing?

Feel free to create a stack overflow question, or email me (firstname@firstnamelastname.com)

@richardszalay

This comment has been minimized.

richardszalay commented Aug 22, 2016

I've finally published my blog series, which might give some context as to why I wanted to do this - https://blog.richardszalay.com/2016/08/22/ios-deploy-pipeline-1-introduction/

@TKBurner

This comment has been minimized.

TKBurner commented Aug 23, 2016

@richardszalay Awesome! Thanks so much for sharing.

@fastlane-bot

This comment has been minimized.

fastlane-bot commented Oct 22, 2016

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.

Please make sure to update to the latest fastlane version and check if that solves the issue. Let us know if that works for you by adding a comment 馃憤

@fastlane-bot

This comment has been minimized.

fastlane-bot commented Oct 31, 2016

This issue will be auto-closed because there hasn't been any activity for a few months. Feel free to open a new one if you still experience this problem 馃憤

@fastlane fastlane locked and limited conversation to collaborators Jan 29, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.