-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS #20474
[match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS #20474
Conversation
It's ready to merge. |
@getaaron Could you also review this one? |
@DuMaM this LGTM but the CircleCI builds didn't run, can you connect CircleCI to GitHub and rerun the build? (you should see ~11 checks passed instead of 2 if it worked) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approved to merge pending CI
It passed everything :) cc: @getaaron |
Awesome thank you so much for your contribution! ❤️ |
Thanks for merging it 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Congratulations! 🎉 This was released as part of fastlane 2.208.0 🚀
Checklist
bundle exec rspec
from the root directory to see all new and existing tests passbundle exec rubocop -a
to ensure the code style is validMotivation and Context
This allows for MacOS CI to run without need of any user action from GUI.
Description
Signing MacOS in CI right now is impossible when somebody is using match or sigh for cert management.
I'm looking for official documentation, where the process is well described, but for now this will do the job.
https://www.hexnode.com/mobile-device-management/help/how-to-sign-macos-pkg-files-for-deployment-with-hexnode-mdm/
When somebody will follow those steps, now it will fail on
productsign
command.Instead of using certs from keychain, user will see password prompt in GUI (even though all certs are added to be
accessible for all
), until password will not be correct command will fail.Testing Steps
match
for appstore (Apple Distribution) with optionadditional_cert_types: mac_installer_distribution
--verbose
during lane run to see how import behaves.xcrun productsign --keychain <new_keychain> --sing <Installer_Cert_From_Match> unsigned.pkg signed.pkg