Github Action and fastlane p12 import failing - ios

I'm following up this doc for github actions using fastlane.
As per doc's example, I tried
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
security import $DEV_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
But in logs i'm getting this
▸ security: SecKeychainItemImport: Unknown format in import.
▸ security: SecKeychainItemImport: Unknown format in import.
Hence I'm getting this error:
No signing certificate "iOS Development" found: No "iOS Development"
signing certificate matching team ID "XXXXXXXXX" with a private key
was found. (in target 'MyCICDAppDemo' from project
'MyCICDAppDemo')
Let me know what is wrong.
P.S.: Using manual code signin in xcode. And not want to try with match, sigh etc.

Related

While using Github Actions, I'm facing "Permission denied error"

I'm working with Github actions lately and facing trouble while importing .p12 certificate to build.keychain and getting error as follows:
/Users/runner/work/_temp/47c4b40a-b302-4da8-a26c-562eaae4c0ee.sh: line 1: ./provisioning/import_provisioning.sh: Permission denied
Error: Process completed with exit code 1.
After struggling for many hours I even tried to run this script manually on my terminal and everything seems to be working fine! I rechecked whether my passwords are wrong or whether i'm not able to access it or not! But i think i able to access my github secret properly, Any Idea why this may happening!
Here is my shell script file
import_provisioning.sh
gpg --quiet --batch --yes --decrypt --passphrase="$PROVISIONING_PASSWORD" --output provisioning/AppStoreCertificates.p12 provisioning/AppStoreCertificates.p12.gpg
gpg --quiet --batch --yes --decrypt --passphrase="$PROVISIONING_PASSWORD" --output provisioning/demo.mobileprovision provisioning/demo.mobileprovision.gpg
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
echo "List profiles"
ls ~/Library/MobileDevice/Provisioning\ Profiles/
echo "Move profiles"
cp provisioning/*.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/
echo "List profiles"
ls ~/Library/MobileDevice/Provisioning\ Profiles/
security create-keychain -p "" build.keychain
security import provisioning/AppStoreCertificates.p12 -t agg -k ~/Library/Keychains/build.keychain -P "$PROVISIONING_PASSWORD" -A
security list-keychains -s ~/Library/Keychains/build.keychain
security default-keychain -s ~/Library/Keychains/build.keychain
security unlock-keychain -p "" ~/Library/Keychains/build.keychain
security set-key-partition-list -S apple-tool:,apple: -s -k "" ~/Library/Keychains/build.keychain
And just in case you're not getting it properly you can check github repo for reference https://github.com/dheerajghub/GithubPipeline/blob/master/provisioning/import_provisioning.sh

I just found out that the problem was in the file permission so i set file permission and everything thing seems to be working fine!
git update-index --chmod=+x provisioning/import_provisioning.sh
git commit -m "Changing file permissions"

xcodebuild error - SecKey API returned: -25308

I'm receiving the error below while trying to build my iOS app. This error only occurs while building for the Release configuration. Also, I'm using CocoaPods for my third-party dependencies and these builds are running on Jenkins through SSH.
SecKey API returned: -25308, (null)/Users/iosbuilder/Library/Developer/Xcode/DerivedData/*/Build/Intermediates/ArchiveIntermediates/Production/InstallationBuildProductsLocation/Applications/*.app/Frameworks/AFNetworking.framework:
unknown error -1=ffffffffffffffff
Command /bin/sh failed with exit code 1
I've tried unlocking the keychain on the build server to make sure there isn't a UI block for keychain permissions, but the issue still persists...
Any idea why this is occurring and how I might fix the issue?

It is a keychain access issue. Solution is Here
With the code in the link you can try to execute that in shell on the build config of the project

You can use the security command to lookup the error code.
In this case, it says "User interaction not allowed".
This is typical if you're trying to sign your app via SSH, script of through Jenkins.
security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.
You need to do a security command to enable codesigning of your application through a non interactive shell:
security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private <your.keychain>
Here is a "complete" Jenkins / SSH friendly script to signing your app:
MY_KEYCHAIN="temp.keychain"
MY_KEYCHAIN_PASSWORD="secret"
CERT="certificate.p12"
CERT_PASSWORD="certificate secret"
security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Create temp keychain
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g) # Append temp keychain to the user domain
security set-keychain-settings "$MY_KEYCHAIN" # Remove relock timeout
security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN" # Unlock keychain
security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -T "/usr/bin/codesign" # Add certificate to keychain
CERT_IDENTITY=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | sed -e 's/[^"]*"//' -e 's/".*//') # Programmatically derive the identity
CERT_UUID=$(security find-identity -v -p codesigning "$MY_KEYCHAIN" | head -1 | grep '"' | awk '{print $2}') # Handy to have UUID (just in case)
security set-key-partition-list -S apple-tool:,apple: -s -k $MY_KEYCHAIN_PASSWORD -D "$CERT_IDENTITY" -t private $MY_KEYCHAIN # Enable codesigning from a non user interactive shell
### INSERT BUILD COMMANDS HERE ###
security delete-keychain "$MY_KEYCHAIN" # Delete temporary keychain
Shout out to Bochun Bai for spending 3 weeks with Apple support to finding the solution to the -25308 issue and posting it to https://sinofool.net/blog/archives/322

Just restarted my machine. And it worked.

Travis throws Code Sign error

▸ Check Dependencies
❌ Code Sign error: No code signing identities found: No valid signing identities (i.e. certificate and private key pair) were found.
I'm configuring Keychains in the following way:
security create-keychain -p travis ios-build.keychain
# Make the custom keychain default, so xcodebuild will use it for signing
security default-keychain -s ios-build.keychain
# Unlock the keychain
security unlock-keychain -p travis ios-build.keychain
# Set keychain timeout to 1 hour for long builds
security set-keychain-settings -t 3600 -l ~/Library/Keychains/ios-build.keychain
# Add certificates to keychain and allow codesign to access them
security import scripts/certs/apple.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
# security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import scripts/certs/distribution.p12 -k ~/Library/Keychains/ios-build.keychain -P {pass} -T /usr/bin/codesign
echo "list keychains: "
security list-keychains
echo " ****** "
echo "find indentities keychains: "
security find-identity -p codesigning ~/Library/Keychains/ios-build.keychain
echo " ****** "
# Put the provisioning profile in place
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp "scripts/certs/AdHoc.mobileprovision" ~/Library/MobileDevice/Provisioning\ Profiles/
cp "scripts/certs/AppStore.mobileprovision" ~/Library/MobileDevice/Provisioning\ Profiles/
Have someone ideas how to fix it?
Line:
# security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
Doesn't affect for result.

It's perfectly working script. Problem was in another thing in Travis CI.
But it needs uncomment line:
security import scripts/certs/distribution.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign

A permission issue with deploy an iOS app use travis ci

.travis.yml is validated
Travis CI is build succeeded.
Xcode 7.1.1, Mac OSX El Capitan 10.11 Beta
fir:http://fir.im
Do these progress from : https://www.objc.io/issues/6-build-tools/travis-ci/#encrypt-certificates-and-profiles
** BUILD SUCCEEDED **
Then I try to deploy to fir,I received from Travis CI:
/Users/travis/build.sh: line 41: ./scripts/sign-and-upload.sh: Permission denied
I thought the file "sign-and-upload.sh" isn't been permission. So I give these files appropriate permissions:
before_install:
- chmod +x scripts/add-key.sh
- chmod +x scripts/remove-key.sh
But it still failed.
This is the add-key.sh:
#!/bin/sh
security create-keychain -p travis ios-build.keychain
security default-keychain -s ios-build.keychain
security unlock-keychain -p travis ios-build.keychain
security set-keychain-settings -t 3600 -l ~/Library/Keychains/ios-build.keychain
security import ./scripts/certs/apple.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import ./scripts/certs/dist.cer -k ~/Library/Keychains/ios-build.keychain -T /usr/bin/codesign
security import ./scripts/certs/dist.p12 -k ~/Library/Keychains/ios-build.keychain -P 123 -T /usr/bin/codesign
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp ./scripts/profile/$PROFILE_NAME.mobileprovision ~/Library/MobileDevice/Provisioning\ Profiles/

You are right that sign-and-upload.sh needs execute permission. But your response was to change some different files! You need to add
- chmod +x scripts/sign-and-upload.sh

Unable to unlock login.keychain ( Jenkins build )

I'm trying to build app via jenkins, but this is the line where it crashes:
[ios] $ /usr/bin/security list-keychains -s /Users/admin/Library/Keychains/login.keychain
[ios] $ /usr/bin/security default-keychain -d user -s /Users/admin/Library/Keychains/login.keychain
Will not set default: file /Users/admin/Library/Keychains/login.keychain does not exist
security: SecKeychainSetDomainDefault user: write permissions error
[ios] $ /usr/bin/security unlock-keychain -p ******** /Users/admin/Library/Keychains/login.keychain
security: SecKeychainUnlock /Users/admin/Library/Keychains/login.keychain: write permissions error
FATAL: Unable to unlock the keychain.
Weird thing is that it shows that this file doesn't exists - it is probably because of permissions to file, but I was unlocking this keychain in Keychain manager.
When I changed path to login.keychain ( after importing it ):
Cleaning build directory: /Users/Shared/Jenkins/Home/workspace/iOS-build/platforms/ios/build/Debug-iphoneos
[ios] $ /usr/bin/security list-keychains -s /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
[ios] $ /usr/bin/security default-keychain -d user -s /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
[ios] $ /usr/bin/security unlock-keychain -p ******** /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
[ios] $ /usr/bin/security show-keychain-info /Users/Shared/Jenkins/Home/Library/Keychains/login.keychain
Keychain "/Users/Shared/Jenkins/Home/Library/Keychains/login.keychain" no-timeout
===========================================================
== Available provisioning profiles
[ios] $ /usr/bin/security find-identity -p codesigning -v
0 valid identities found
And it ends with this error:
Code Sign error: No matching provisioning profile found: Your build settings specify a provisioning profile with the UUID “xxxx”, however, no such provisioning profile was found.
Of course under Xcode everything works just fine..

Resources