ipa upload to Testflight fails via Jenkins but passes via terminal - ios

So I have been trying to automate ipa uploads to Testflight via Jenkins. I am using the following command to achieve the same :
xcodebuild -exportArchive -archivePath Archive/application.xcarchive -exportPath Builds -exportOptionsPlist ~/Desktop/jenkins_slave/AppstoreExportOptions.plist -quiet
When executed via terminal, it works fine and the ipa is uploaded to Testflight.
However, when I am running via Jenkins, the upload fails citing authentication error.
Logs below :
2022-01-10 17:58:24.681 xcodebuild[14144:25274615] DVTPortal: Error:
Error Domain=DVTPortalServiceErrorDomain Code=1100 "Your session has expired. Please log in." UserInfo={payload={
creationTimestamp = "2022-01-10T17:58:24Z";
httpCode = 200;
protocolVersion = QH65B2;
requestUrl = "https://developerservices2.apple.com/services/QH65B2/viewDeveloper.action";
responseId = "207a4f29-2863-4dce-b290-7f28e845cc44";
resultCode = 1100;
resultString = "Your session has expired. Please log in.";
userLocale = "en_US";
userString = "Your session has expired. Please log in.";
}, NSLocalizedDescription=Your session has expired. Please log in.}
2022-01-10 17:58:24.682 xcodebuild[14144:25274618] IDEDistribution: Failed to log in with account 'xyz#gmail.com' while checking for an App Store Connect account
error: exportArchive: Failed to log in.
Error Domain=IDEDistributionErrorDomain Code=9 "Failed to log in." UserInfo={IDEDistributionErrorsAccountIssues=(
"Account \"xyz#gmail.com\": Failed to log in"
), NSLocalizedDescription=Failed to log in., NSLocalizedRecoverySuggestion=App Store Connect access for “Company xyz.” is required. Ensure that your Apple ID account usernames and passwords are correct in the Accounts preference pane.}
I can't figure out what is going wrong. I have already tried the following as mentioned in numerous places, but it still doesn't work :
defaults write com.apple.dt.Xcode DVTDeveloperAccountUseKeychainService_2 -bool NO
I know you'll would suggest to use fastlane to achieve this faster and effectively. Eventually I would integrate fastlane in my project, but I want to understand what is going wrong here.

Related

Jenkins with Azure AD integration fails with "A problem occurred while processing the request"

There is lot of help available. Not able to fix it. After I enter my user name and password.
Jenkins with Azure AD login is successful and it return the token also. After that it fails with "A problem occurred while processing the request". Login is successful when I see the Azure side and jenkins ui prints token also.
When I see the error logs, I see
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:53.374 EDT|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=login.microsoftonline.com) was replaced with (type=host_name (0), value=login.microsoftonline.com)
2021-07-15 23:36:55.398+0000 [id=326] INFO c.m.a.a.AuthenticationAuthority#doInstanceDiscovery: [Correlation ID: e11160be-50c3-43d7-96a8-dc02c3cc2b2c] Instance discovery was successful
javax.net.ssl|ERROR|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.769 EDT|TransportContext.java:344|Fatal **** (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {
Also
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.773 EDT|SSLSocketImpl.java:1569|close the underlying socket
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.773 EDT|SSLSocketImpl.java:1588|close the SSL connection (initiative)
2021-07-15 23:36:55.787+0000 [id=19] SEVERE c.m.j.azuread.AzureSecurityRealm#doFinishLogin: error
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have imported certs for login.microsoftonline.com and portal.azure.com, my jenkins.xml has
-Djavax.net.ssl.trustStore="C:\Program Files (x86)\Jenkins\.cacerts\jssecacerts" -Djavax.net.ssl.trustStorePassword=changeit
Not sure what website it says "unable to find valid certification path to requested target"
As posted in another entry in stack overflow I'd try to debug what is happening with your trustStore with something like:
java -Djavax.net.debug=all -Djavax.net.ssl.trustStore="C:\Program Files (x86)\Jenkins\.cacerts\jssecacerts" -Djavax.net.ssl.trustStorePassword=changeit
You may want to have a look at this post

Azure error "Your certificate file was invalid, or the password was incorrect" loading certificate into portal

I generated a public_privatekey.pfx via the xero instructions and was able to access a Xero demo file from a Visual Studio solution that used Xerp.Api.Sdk.Core
Now I want to put the certificate in an Azure Key Vault so that I can port my code to an Azure Function App.
However when I try to use the Azure Portal to load the certificate via
Create a secret -> Certificates ->Create a certificate
I get an error
Your certificate file was invalid, or the password was incorrect
I can load the certificate using Powershell.
Connect-AzureRmAccount -tenantid mytenantid
$pfxFilePath = 'C:\OpenSSL-Win64\bin\AzureXeroSync\public_privatekey.pfx'
$pwd = 'mypassword'
$flag = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable
$collection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
$collection.Import($pfxFilePath, $pwd, $flag)
$pkcs12ContentType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12
$clearBytes = $collection.Export($pkcs12ContentType)
$fileContentEncoded = [System.Convert]::ToBase64String($clearBytes)
$secret = ConvertTo-SecureString -String $fileContentEncoded -AsPlainText –Force
$secretContentType = 'application/x-pkcs12'
Set-AzureKeyVaultSecret -VaultName 'MyAzureFunctionsVault' -Name 'XeroPfxSecret' -SecretValue $Secret -ContentType $secretContentType
what am I missing using the portal ?
You mentioned this in your question:
Create a secret -> Certificates ->Create a certificate
I think the issue here is that you're starting with "Create a secret". Uploading/Importing a certificate as a secret is a deprecated feature as you can see in screenshot.
Can you try doing the same thing, but starting from "Certificates" and then do an import instead?

Not able to authenticate CKAN using WSO2 IDM by ckanext-oauth2 plugin

I am using CKAN 2.7.2.
I have added the following configurations in my development.ini file of ckan:
ckan.oauth2.authorization_endpoint = https://wso2IP/oauth2/authorize
ckan.oauth2.token_endpoint = https://wso2IP/oauth2/token
ckan.oauth2.profile_api_url = https://wso2IP/userinfo
ckan.oauth2.client_id = *client-id*
ckan.oauth2.client_secret = *clientsecret*
ckan.oauth2.profile_api_user_field = abc
ckan.oauth2.profile_api_mail_field = abc#gmail.com
Also, have exported the following while running ckan using paster serve :
export OAUTHLIB_INSECURE_TRANSPORT=True
Also, I have added an application (ckan provider) in WSO2 Identity Server also with callback URL = (http://ckan-url:5000/oauth2/callback) where the CKAN instance is running (i.e a private IP of 172.30.66.XX type running on port 5000).
So, what configuration need to be done in WSO2 Identity Server and ckan development.ini file?
Also, configuring on both sides, I get the error Client authentication Failed in CKAN GUI.
I am using Ckan 2.7.2 , WSO2-IS 5.1 and ckanext-oauth2 (oauthlib==0.8.0)
will it be giving a problem in authentication process??Can it be a version dependency issue??
I have followed the given steps. Kindly correct if I am missing or doing something wrong:
I have used API store and published ckan application.
Entered the ckan callback url as http://oauth2/callback
Entered the generated client ID and client secret from step 1 in ckan configuration.
Also, made the given changes mentioned by you regarding claim configurations and ckanext-oauth2 configurations.
Now, it gives above error.or sometimes Invalid Client (Client Authentication Failed)
Inbound settings:
enter image description here
Error Logs :
[2018-07-25 19:29:25,432] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2018-07-25 19:29:25,431+0530]
[2018-07-25 21:55:15,930] INFO {org.wso2.carbon.identity.application.authentication.framework.store.OperationCleanUpService} - Session Operation Data cleanup task is running successfully for removing expired Operation Data
[2018-07-25 23:40:15,929] INFO {org.wso2.carbon.identity.application.authentication.framework.store.SessionCleanUpService} - Session Data cleanup task is running successfully for removing expired Data
[2018-07-26 09:21:18,948] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2018-07-26 09:21:18,948+0530]
[2018-07-26 09:21:39,307] INFO {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - 'admin#carbon.super [-1234]' logged out at [2018-07-26 09:21:39,0306]
[2018-07-26 09:55:15,975] INFO {org.wso2.carbon.identity.application.authentication.framework.store.OperationCleanUpService} - Session Operation Data cleanup task is running successfully for removing expired Operation Data
After configuring the settings I receive the following Message:
Your application settings at WSO2-IS seems to be correct. The only thing to take into consideration, it is that ckanext-oauth2 is only able to use the Code and, the Refresh Token grant types, so only those types need to be allowed.
Using this configuration for ckanext-oauth2:
ckan.oauth2.authorization_endpoint = https://wso2IP/oauth2/authorize
ckan.oauth2.token_endpoint = https://wso2IP/oauth2/token
ckan.oauth2.profile_api_url = https://wso2IP/userinfo
ckan.oauth2.client_id = *** OAuth Client Key from the Inbound Authentication Configuration at WSO2 ***
ckan.oauth2.client_secret = *** OAuth Client Secret from the Inbound Authentication Configuration at WSO2 ***
ckan.oauth2.scope = all_info openid
ckan.oauth2.profile_api_user_field = email
ckan.oauth2.profile_api_fullname_field = name
ckan.oauth2.profile_api_mail_field = email
and using your claim mapping configuration (http://wso2.org/claims/fullname and http://wso2.org/claims/emailaddress); I was able to sign in into CKAN. I have tested using CKAN v2.7.4, v2.8.0 and v2.8.1; ckanext-oauth2 v0.6.1 and WSO2-IS v5.5.0 (although it should work using WSO2-IS v5.1).

APNS_CERTIFICATE - Push Notification does not send in production

I've had this issue for about 2 weeks, when I suddenly stopped sending notifications in production. I am using the django-push-notifications library and by django admin I can send a test message, but it does not send messages through the system.
On my local computer, everything works flawlessly. I discovered a command to test the certificate:
openssl s_client -connect gateway.push.apple.com:2195 -cert apns-cert.pem
With this one I had the return: Timeout: 7200 (sec) Verify return
code: 20 (unable to get local issuer certificate) Extended master
secret: yes
So with a lot of research, I discovered that I needed to put the path of "CA":
openssl s_client -CApath /etc/ssl/certs/ -connect gateway.push.apple.com:2195 -cert apns-cert.pem
Who was taking me to: Verify return code: 0 (ok)
However, for use in the library, I needed to put the full path of a .pem file. Then I found this command:
ls /etc/ssl/certs/Entrust*
I tested all the .pem files that were there, until I reached what appeared to have worked perfectly:
openssl s_client -CAfile /etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem -connect gateway.push.apple.com:2195 -cert apns-cert.pem
Soon, I formatted my PUSH_NOTIFICATIONS_SETTINGS:
PUSH_NOTIFICATIONS_SETTINGS = {
"GCM_API_KEY": "xxxx",
"APNS_CERTIFICATE": os.path.join(BASE_DIR, "apns-cert.pem"),
"APNS_CA_CERTIFICATES": "/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem",
"APNS_ERROR_TIMEOUT": 3,
}
IOS_VERIFY_RECEIPT_API = 'https://buy.itunes.apple.com/verifyReceipt'
ANDROID_VERIFY_RECEIPT_API = 'https://www.googleapis.com/androidpublisher/v2/applications/{packageName}/purchases/subscriptions/{subscriptionId}/tokens/{token}'
Unfortunately it still does not send PUSH, and no error because I have configured it to pop errors to send by email.
PS: Remembering that by sending a test text via django admin: OK. Sending via sandbox (debug): OK.
In fact it was not an SSL issue, it was a bulk upload error by the library.
The tokens registered in the system were expired and the library does not know how to work with it and canceled the action, causing no other token to be attempted. I corrected the problem by looping and ignoring the individual error by sending a test to my email:
def send_push(self):
errors = []
# IOS
queryset_ios = APNSDevice.objects.filter(user=self.authentication)
for device in queryset_ios:
try:
device.send_message(self.subject, badge=1, sound=self.kind.sound)
except APNSServerError as e:
errors.append(APNS_ERROR_MESSAGES[e.status])
except Exception:
pass
# ANDROID
queryset_android = GCMDevice.objects.filter(user=self.authentication)
extra = {'notification': self.pk, 'kind': self.kind.kind, 'sound': self.kind.sound}
for device in queryset_android:
try:
queryset_android.send_message(self.subject, badge=1, extra=extra)
except GCMError as e:
errors.append(str(e))
except Exception:
pass
if errors:
send_mail("Push Error",
"Push: %s \n User: %s \n\n Errors: %s" % (self.subject, self.authentication.full_name, errors),
settings.DEFAULT_FROM_EMAIL, ["my#mail.com"])

iTMSTransporter fails with error -20101

I've received an email from Apple yesterday stating that it's now possible to deliver App Store metadata localizations using a command-line tool called Transporter.
I've downloaded iTunes_Store_Transporter_Quick_Start_Guide_v2.pdf from iTunes Connect and followed the example for a simple lookup of the metadata of an app:
To initiate lookup mode, use the following command:
$ iTMSTransporter -m lookupMetadata -u [iTunes Connect user name]
-p [iTunes Connect password] -vendor_id [App SKU]
-destination [destination path for App Store Package]
However, although my login credentials and all other informations entered are correct, I always receive the following error:
[2013-07-19 14:34:40 MESZ] <main> DBG-X: parameter Errors = [Directory Services reported the following error: Your Apple ID or password was entered incorrectly. (-20101)]
[2013-07-19 14:34:40 MESZ] <main> ERROR: Apple's web service operation was not successful
[2013-07-19 14:34:40 MESZ] <main> ERROR: An error occurred while looking up the metadata.
[2013-07-19 14:34:40 MESZ] <main> ERROR: Directory Services reported the following error: Your Apple ID or password was entered incorrectly. (-20101)
[2013-07-19 14:34:40 MESZ] <main> DBG-X: The error code is: -20101
INFOS: My password contains special characters. Thus I've tried to pass the password with and without quotation marks.
#Tafkadasoh It's the dollar sign that's causing the problem. Since the $ character is reserved for different kind of variables in unix, you have to escape it.
Instead of
-p 'Pass$123'
Use
-p 'Pass\$123'
What OS are you using and what are the special characters that your password contains? If you're using OS X try it with single quotes, e.g. 'password' not "password".
If you're going to be using iTMSTransporter a lot I would recommend
using this program.
As a workaround, it worked for me to remove the password parameter. iTMSTransporter will then ask for password entry on the command-line. This isn't a real solution, as you can't use this for automated scripts (for which iTMSTransporter is intended to use for). For infrequent use however, this might be enough.
#Tafkadasoh - that workaround worked great for me too, I can now connect and grab the metadata package.
Cheers!
For me, I had FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD and FASTLANE_PASSWORD in my environment variables. So I remove FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD and it worked.
If you have FASTLANE_SESSION along with FASTLANE_PASSWORD, you may need to remove FASTLANE_SESSION.

Resources