[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS #20474

Merged
merged 2 commits into from
Jul 18, 2022
Merged

[match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS #20474

merged 2 commits into from
Jul 18, 2022

Conversation

DuMaM
Copy link
Contributor
@DuMaM DuMaM commented Jul 14, 2022
edited
Loading

Checklist

  • I've run bundle exec rspec from the root directory to see all new and existing tests pass
  • I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
  • I've read the Contribution Guidelines
  • I've updated the documentation if necessary.

Motivation and Context

This allows for MacOS CI to run without need of any user action from GUI.

Description

Signing MacOS in CI right now is impossible when somebody is using match or sigh for cert management.
I'm looking for official documentation, where the process is well described, but for now this will do the job.
https://www.hexnode.com/mobile-device-management/help/how-to-sign-macos-pkg-files-for-deployment-with-hexnode-mdm/

When somebody will follow those steps, now it will fail on productsign command.
Instead of using certs from keychain, user will see password prompt in GUI (even though all certs are added to be accessible for all), until password will not be correct command will fail.

Testing Steps

  1. Create new keychain
  2. Pull any cert with match for appstore (Apple Distribution) with option additional_cert_types: mac_installer_distribution
  3. This should install two certs it's recommended to enable --verbose during lane run to see how import behaves.
  4. Execute xcrun productsign --keychain <new_keychain> --sing <Installer_Cert_From_Match> unsigned.pkg signed.pkg

@DuMaM DuMaM changed the title Add productsign to import script command [match][sigh][macos] Fix access to certs installed by fastlane tools for productsign command Jul 14, 2022
@DuMaM
Copy link
Contributor Author
DuMaM commented Jul 14, 2022

It's ready to merge.

@DuMaM
Copy link
Contributor Author
DuMaM commented Jul 16, 2022

@getaaron Could you also review this one?

@getaaron
Copy link
Collaborator

@DuMaM this LGTM but the CircleCI builds didn't run, can you connect CircleCI to GitHub and rerun the build? (you should see ~11 checks passed instead of 2 if it worked)

getaaron
getaaron approved these changes Jul 18, 2022
View reviewed changes
Copy link
Collaborator
@getaaron getaaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved to merge pending CI

@DuMaM
Copy link
Contributor Author
DuMaM commented Jul 18, 2022
edited
Loading

It passed everything :)

cc: @getaaron

@getaaron getaaron merged commit c7a5725 into fastlane:master Jul 18, 2022
@getaaron
Copy link
Collaborator

Awesome thank you so much for your contribution! ❤️

@DuMaM
Copy link
Contributor Author
DuMaM commented Jul 18, 2022

Thanks for merging it 👍
It really helps me and I hope also for other users 😉

@DuMaM DuMaM deleted the bugfix/add-missing-productsign-for-mac branch July 18, 2022 22:40
@joshdholtz joshdholtz changed the title [match][sigh][macos] Fix access to certs installed by fastlane tools for productsign command [match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS Jul 19, 2022
@joshdholtz joshdholtz mentioned this pull request Jul 19, 2022
Merged
fastlane-bot
fastlane-bot reviewed Jul 19, 2022
View reviewed changes
Copy link
@fastlane-bot fastlane-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Congratulations! 🎉 This was released as part of fastlane 2.208.0 🚀

@DuMaM DuMaM changed the title [match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS [match] [sigh] Add productsign to import script command Jul 19, 2022
@DuMaM DuMaM changed the title [match] [sigh] Add productsign to import script command [match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS Jul 19, 2022
@fastlane fastlane locked and limited conversation to collaborators Sep 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@fastlane-bot fastlane-bot fastlane-bot left review comments

@getaaron getaaron getaaron approved these changes

Assignees
No one assigned
Labels
status: released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@DuMaM @getaaron @fastlane-bot