Manually manage the fastlane match Repo

2

I have to setup fastlane match without revoking the existing Profiles and Certificates. So i did my research and found this neat tutorial here: Medium and the official doc from fastlane (click on Instructions at the bottom of the page).

After some time I have managed to create my repo, decrypt it, add my certificates and profiles, encrypt them and push them back to the repo. So far so good!

When i run fastlane match --readonly --verbose (readonly because again I don't want to replace the existing certs) I get this result:

[!] Error packaging up the application
*******-MacBook-Pro:*******-3 *******$ fastlane match --readonly --verbose
[✔] 🚀 
[12:53:34]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
WARNING: You are running Ruby 2.3.7, which is nearing end-of-life.
The Google Cloud API clients work best on supported versions of Ruby. Consider upgrading to Ruby 2.4 or later.
See https://www.ruby-lang.org/en/downloads/branches/ for more info on the Ruby maintenance schedule.
To suppress this message, set the GOOGLE_CLOUD_SUPPRESS_RUBY_WARNINGS environment variable.
INFO [2019-03-12 12:53:35.72]: Successfully loaded '/Users/*******/Documents/work/*******/fastlane/Matchfile' 📄

+----------------+--------------------------------------------------------------+
|                  Detected Values from './fastlane/Matchfile'                  |
+----------------+--------------------------------------------------------------+
| git_url        | git@bitbucket.org:******.git |
| storage_mode   | git                                                          |
| type           | development                                                  |
| app_identifier | com.********                                  |
| username       | *******                                            |
| git_branch     | *******                                               |
+----------------+--------------------------------------------------------------+


+-----------------------+--------------------------------------------------------------+
|                              Summary for match 2.117.1                               |
+-----------------------+--------------------------------------------------------------+
| verbose               | true                                                         |
| readonly              | true                                                         |
| type                  | development                                                  |
| app_identifier        | ["*******"]                              |
| username              | *******                                            |
| storage_mode          | git                                                          |
| git_url               | git@bitbucket.org:******* |
| git_branch            | *******                                              |
| shallow_clone         | false                                                        |
| clone_branch_directly | false                                                        |
| keychain_name         | login.keychain                                               |
| force                 | false                                                        |
| force_for_new_devices | false                                                        |
| skip_confirmation     | false                                                        |
| skip_docs             | false                                                        |
| platform              | ios                                                          |
+-----------------------+--------------------------------------------------------------+

INFO [2019-03-12 12:53:35.74]: Cloning remote git repo...
INFO [2019-03-12 12:53:35.74]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
INFO [2019-03-12 12:53:35.74]: $ git clone git@bitbucket.org:******* /var/folders/qf/2fgm_41x0pj6mytxdd8ksgnh0000gn/T/d20190312-39387-3rq3n2
INFO [2019-03-12 12:53:35.77]: ▸ Cloning into '/var/folders/qf/2fgm_41x0pj6mytxdd8ksgnh0000gn/T/d20190312-39387-3rq3n2'...
INFO [2019-03-12 12:53:38.15]: ▸ remote: Counting objects: 42, done.
INFO [2019-03-12 12:53:38.47]: ▸ remote: Compressing objects: 100% (37/37), done.
INFO [2019-03-12 12:53:38.87]: ▸ remote: Total 42 (delta 1), reused 0 (delta 0)
INFO [2019-03-12 12:53:38.87]: ▸ Receiving objects: 100% (42/42), 221.58 KiB | 575.00 KiB/s, done.
INFO [2019-03-12 12:53:38.87]: ▸ Resolving deltas: 100% (1/1), done.
INFO [2019-03-12 12:53:38.89]: $ git --no-pager branch --list origin/******* --no-color -r
INFO [2019-03-12 12:53:38.90]: ▸ origin/*******
INFO [2019-03-12 12:53:38.90]: Checking out branch *******...
INFO [2019-03-12 12:53:38.90]: $ git checkout *******
INFO [2019-03-12 12:53:38.92]: ▸ Branch '*******' set up to track remote branch '*******' from 'origin'.
INFO [2019-03-12 12:53:38.92]: ▸ Switched to a new branch '*******'
INFO [2019-03-12 12:53:38.97]: 🔓  Decrypted '5DDF2PK5F3.cer'
INFO [2019-03-12 12:53:39.01]: 🔓  Decrypted '5DDF2PK5F3.cer'
INFO [2019-03-12 12:53:39.05]: 🔓  Decrypted '5DDF2PK5F3.cer'
INFO [2019-03-12 12:53:39.09]: 🔓  Decrypted '5DDF2PK5F3.p12'
INFO [2019-03-12 12:53:39.13]: 🔓  Decrypted '5DDF2PK5F3.p12'
INFO [2019-03-12 12:53:39.17]: 🔓  Decrypted '5DDF2PK5F3.p12'
INFO [2019-03-12 12:53:39.21]: 🔓  Decrypted '*******_Appstore.mobileprovision'
INFO [2019-03-12 12:53:39.25]: 🔓  Decrypted '*******_Development.mobileprovision'
INFO [2019-03-12 12:53:39.29]: 🔓  Decrypted '*******_APP_Development.mobileprovision'
INFO [2019-03-12 12:53:39.33]: 🔓  Decrypted '*******_APP_Adhoc.mobileprovision'
INFO [2019-03-12 12:53:39.37]: 🔓  Decrypted '*******_DEV_Adhoc.mobileprovision'
INFO [2019-03-12 12:53:39.37]: 🔓  Successfully decrypted certificates repo
DEBUG [2019-03-12 12:53:39.37]: Your certificate '5DDF2PK5F3.cer' is valid
INFO [2019-03-12 12:53:39.37]: Installing certificate...
INFO [2019-03-12 12:53:39.37]: $ security list-keychains -d user
INFO [2019-03-12 12:53:39.39]: ▸     "/Users/*******/Library/Keychains/login.keychain-db"
INFO [2019-03-12 12:53:39.39]: $ security find-certificate -c 'Apple Worldwide Developer Relations Certification Authority' /Users/*******/Library/Keychains/login.keychain-db
INFO [2019-03-12 12:53:39.42]: ▸ keychain: "/Users/*******/Library/Keychains/login.keychain-db"
INFO [2019-03-12 12:53:39.42]: ▸ version: 512
INFO [2019-03-12 12:53:39.42]: ▸ class: 0x80001000 
INFO [2019-03-12 12:53:39.42]: ▸ attributes:
INFO [2019-03-12 12:53:39.42]: ▸     "alis"<blob>="Apple Worldwide Developer Relations Certification Authority"
INFO [2019-03-12 12:53:39.42]: ▸     "cenc"<uint32>=0x00000003 
INFO [2019-03-12 12:53:39.42]: ▸     "ctyp"<uint32>=0x00000001 
INFO [2019-03-12 12:53:39.42]: ▸     "hpky"<blob>=0x88271709A9B618608BECEBBAF64759C55254A3B7  "\210'\027\011\251\266\030`\213\354\353\272\366GY\305RT\243\267"
INFO [2019-03-12 12:53:39.42]: ▸     "issu"<blob>=0x3062310B300906035504061302555331133011060355040A130A4150504C4520494E432E31263024060355040B131D4150504C452043455254494649434154494F4E20415554484F52495459311630140603550403130D4150504C4520524F4F54204341  "0b1\0130\011\006\003U\004\006\023\002US1\0230\021\006\003U\004\012\023\012APPLE INC.1&0$\006\003U\004\013\023\035APPLE CERTIFICATION AUTHORITY1\0260\024\006\003U\004\003\023\015APPLE ROOT CA"
INFO [2019-03-12 12:53:39.42]: ▸     "labl"<blob>="Apple Worldwide Developer Relations Certification Authority"
INFO [2019-03-12 12:53:39.42]: ▸     "skid"<blob>=0x88271709A9B618608BECEBBAF64759C55254A3B7  "\210'\027\011\251\266\030`\213\354\353\272\366GY\305RT\243\267"
INFO [2019-03-12 12:53:39.42]: ▸     "snbr"<blob>=0x01DEBCC4396DA010  "\001\336\274\3049m\240\020"
INFO [2019-03-12 12:53:39.42]: ▸     "subj"<blob>=0x308196310B300906035504061302555331133011060355040A0C0A4170706C6520496E632E312C302A060355040B0C234170706C6520576F726C647769646520446576656C6F7065722052656C6174696F6E733144304206035504030C3B4170706C6520576F726C647769646520446576656C6F7065722052656C6174696F6E732043657274696669636174696F6E20417574686F72697479  "0\201\2261\0130\011\006\003U\004\006\023\002US1\0230\021\006\003U\004\012\014\012Apple Inc.1,0*\006\003U\004\013\014#Apple Worldwide Developer Relations1D0B\006\003U\004\003\014;Apple Worldwide Developer Relations Certification Authority"
DEBUG [2019-03-12 12:53:40.96]: Certificate '5DDF2PK5F3.cer' is already installed on this machine
INFO [2019-03-12 12:53:40.96]: $ security import /var/folders/qf/2fgm_41x0pj6mytxdd8ksgnh0000gn/T/d20190312-39387-3rq3n2/certs/development/5DDF2PK5F3.p12 -k '/Users/*******/Library/Keychains/login.keychain-db' -P '' -T /usr/bin/codesign -T /usr/bin/security
INFO [2019-03-12 12:53:41.05]: ▸ 1 identity imported.
[⠋] Setting key partition list... (this can take a minute if there are a lot of keys installed) INFO [2019-03-12 12:53:41.06]: $ security set-key-partition-list -S apple-tool:,apple: -k '' /Users/*******/Library/Keychains/login.keychain-db 1> /dev/null
WARN [2019-03-12 12:53:41.10]: 
WARN [2019-03-12 12:53:41.10]: Could not configure imported keychain item (certificate) to prevent UI permission popup when code signing
Check if you supplied the correct `keychain_password` for keychain: `/Users/*******/Library/Keychains/login.keychain-db`
security: SecKeychainItemSetAccessWithPassword: The user name or passphrase you entered is not correct.
WARN [2019-03-12 12:53:41.10]: 
WARN [2019-03-12 12:53:41.10]: Please look at the following docs to see how to set a keychain password:
WARN [2019-03-12 12:53:41.10]:  - https://docs.fastlane.tools/actions/sync_code_signing
WARN [2019-03-12 12:53:41.10]:  - https://docs.fastlane.tools/actions/get_certificates
[✔] Setting key partition list... (this can take a minute if there are a lot of keys installed) 

+-------------------+--------------------------------------------+
|                     Installed Certificate                      |
+-------------------+--------------------------------------------+
| User ID           | 959S873XG9                                 |
| Common Name       | iPhone Developer: ******* (*******) |
| Organisation Unit | *******                                 |
| Organisation      | *******                         |
| Country           | DE                                         |
| Start Datetime    | 2019-01-15 13:57:48 UTC                    |
| End Datetime      | 2020-01-15 13:57:48 UTC                    |
+-------------------+--------------------------------------------+

ERROR [2019-03-12 12:53:41.11]: No matching provisioning profiles found for 'Development_com.*******'
ERROR [2019-03-12 12:53:41.11]: A new one cannot be created because you enabled `readonly`
ERROR [2019-03-12 12:53:41.11]: Provisioning profiles in your repo for type `development`:
ERROR [2019-03-12 12:53:41.11]: - '*******_DEV_Development.mobileprovision'
ERROR [2019-03-12 12:53:41.11]: - '*******_APP_Development.mobileprovision'
ERROR [2019-03-12 12:53:41.11]: If you are certain that a profile should exist, double-check the recent changes to your match repository
/Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane_core/lib/fastlane_core/ui/interface.rb:141:in `user_error!': [!] No matching provisioning profiles found and can not create a new one because you enabled `readonly`. Check the output above for more information. (FastlaneCore::Interface::FastlaneError)
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane_core/lib/fastlane_core/ui/ui.rb:17:in `method_missing'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:254:in `fetch_provisioning_profile'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:98:in `block (2 levels) in run'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:97:in `loop'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:97:in `block in run'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:96:in `each'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:96:in `run'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/commands_generator.rb:51:in `block (2 levels) in run'
	from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/command.rb:178:in `call'
	from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/command.rb:153:in `run'
	from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/runner.rb:476:in `run_active_command'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane_core/lib/fastlane_core/ui/fastlane_runner.rb:76:in `run!'
	from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/delegates.rb:15:in `run!'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/commands_generator.rb:172:in `run'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/commands_generator.rb:24:in `start'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane/lib/fastlane/cli_tools_distributor.rb:111:in `take_off'
	from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/bin/fastlane:23:in `<top (required)>'
	from /usr/local/bin/fastlane:22:in `load'
	from /usr/local/bin/fastlane:22:in `<main>'

So my questions are:

  • Is there a common known issue you see due to the verbose log?

  • Is it even possible to use this technique using automatically Xcode generated (Automatic Signing) Certificates?

  • If not, do you have any other idea how to use match without messing with the existing certificates?
ios
swift
xcode
code-signing
fastlane
asked on Stack Overflow Mar 12, 2019 by kooraz • edited Mar 12, 2019 by kooraz

1 Answer

2

It looks like your .mobileprovision files are named incorrectly. The correct format is

CertType_bundleid.mobileprovision

For example

Development_com.apple.podcasts.mobileprovision

This file needs to be in the /profiles/development directory of the match repo.

Unrelated, and not sure, but looks like you might also have an issue using the keychain, you might want to have a look at the unlock_keychain action if that proves to be the case.

answered on Stack Overflow Mar 15, 2019 by Aaron Brager

User contributions licensed under CC BY-SA 3.0