Manually manage the fastlane match Repo
I have to setup fastlane match without revoking the existing Profiles and Certificates. So i did my research and found this neat tutorial here: Medium and the official doc from fastlane (click on Instructions at the bottom of the page).
After some time I have managed to create my repo, decrypt it, add my certificates and profiles, encrypt them and push them back to the repo. So far so good!
When i run fastlane match --readonly --verbose (readonly because again I don't want to replace the existing certs) I get this result:
[!] Error packaging up the application
*******-MacBook-Pro:*******-3 *******$ fastlane match --readonly --verbose
[✔] 🚀
[12:53:34]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
WARNING: You are running Ruby 2.3.7, which is nearing end-of-life.
The Google Cloud API clients work best on supported versions of Ruby. Consider upgrading to Ruby 2.4 or later.
See https://www.ruby-lang.org/en/downloads/branches/ for more info on the Ruby maintenance schedule.
To suppress this message, set the GOOGLE_CLOUD_SUPPRESS_RUBY_WARNINGS environment variable.
INFO [2019-03-12 12:53:35.72]: Successfully loaded '/Users/*******/Documents/work/*******/fastlane/Matchfile' 📄
+----------------+--------------------------------------------------------------+
| Detected Values from './fastlane/Matchfile' |
+----------------+--------------------------------------------------------------+
| git_url | git@bitbucket.org:******.git |
| storage_mode | git |
| type | development |
| app_identifier | com.******** |
| username | ******* |
| git_branch | ******* |
+----------------+--------------------------------------------------------------+
+-----------------------+--------------------------------------------------------------+
| Summary for match 2.117.1 |
+-----------------------+--------------------------------------------------------------+
| verbose | true |
| readonly | true |
| type | development |
| app_identifier | ["*******"] |
| username | ******* |
| storage_mode | git |
| git_url | git@bitbucket.org:******* |
| git_branch | ******* |
| shallow_clone | false |
| clone_branch_directly | false |
| keychain_name | login.keychain |
| force | false |
| force_for_new_devices | false |
| skip_confirmation | false |
| skip_docs | false |
| platform | ios |
+-----------------------+--------------------------------------------------------------+
INFO [2019-03-12 12:53:35.74]: Cloning remote git repo...
INFO [2019-03-12 12:53:35.74]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
INFO [2019-03-12 12:53:35.74]: $ git clone git@bitbucket.org:******* /var/folders/qf/2fgm_41x0pj6mytxdd8ksgnh0000gn/T/d20190312-39387-3rq3n2
INFO [2019-03-12 12:53:35.77]: ▸ Cloning into '/var/folders/qf/2fgm_41x0pj6mytxdd8ksgnh0000gn/T/d20190312-39387-3rq3n2'...
INFO [2019-03-12 12:53:38.15]: ▸ remote: Counting objects: 42, done.
INFO [2019-03-12 12:53:38.47]: ▸ remote: Compressing objects: 100% (37/37), done.
INFO [2019-03-12 12:53:38.87]: ▸ remote: Total 42 (delta 1), reused 0 (delta 0)
INFO [2019-03-12 12:53:38.87]: ▸ Receiving objects: 100% (42/42), 221.58 KiB | 575.00 KiB/s, done.
INFO [2019-03-12 12:53:38.87]: ▸ Resolving deltas: 100% (1/1), done.
INFO [2019-03-12 12:53:38.89]: $ git --no-pager branch --list origin/******* --no-color -r
INFO [2019-03-12 12:53:38.90]: ▸ origin/*******
INFO [2019-03-12 12:53:38.90]: Checking out branch *******...
INFO [2019-03-12 12:53:38.90]: $ git checkout *******
INFO [2019-03-12 12:53:38.92]: ▸ Branch '*******' set up to track remote branch '*******' from 'origin'.
INFO [2019-03-12 12:53:38.92]: ▸ Switched to a new branch '*******'
INFO [2019-03-12 12:53:38.97]: 🔓 Decrypted '5DDF2PK5F3.cer'
INFO [2019-03-12 12:53:39.01]: 🔓 Decrypted '5DDF2PK5F3.cer'
INFO [2019-03-12 12:53:39.05]: 🔓 Decrypted '5DDF2PK5F3.cer'
INFO [2019-03-12 12:53:39.09]: 🔓 Decrypted '5DDF2PK5F3.p12'
INFO [2019-03-12 12:53:39.13]: 🔓 Decrypted '5DDF2PK5F3.p12'
INFO [2019-03-12 12:53:39.17]: 🔓 Decrypted '5DDF2PK5F3.p12'
INFO [2019-03-12 12:53:39.21]: 🔓 Decrypted '*******_Appstore.mobileprovision'
INFO [2019-03-12 12:53:39.25]: 🔓 Decrypted '*******_Development.mobileprovision'
INFO [2019-03-12 12:53:39.29]: 🔓 Decrypted '*******_APP_Development.mobileprovision'
INFO [2019-03-12 12:53:39.33]: 🔓 Decrypted '*******_APP_Adhoc.mobileprovision'
INFO [2019-03-12 12:53:39.37]: 🔓 Decrypted '*******_DEV_Adhoc.mobileprovision'
INFO [2019-03-12 12:53:39.37]: 🔓 Successfully decrypted certificates repo
DEBUG [2019-03-12 12:53:39.37]: Your certificate '5DDF2PK5F3.cer' is valid
INFO [2019-03-12 12:53:39.37]: Installing certificate...
INFO [2019-03-12 12:53:39.37]: $ security list-keychains -d user
INFO [2019-03-12 12:53:39.39]: ▸ "/Users/*******/Library/Keychains/login.keychain-db"
INFO [2019-03-12 12:53:39.39]: $ security find-certificate -c 'Apple Worldwide Developer Relations Certification Authority' /Users/*******/Library/Keychains/login.keychain-db
INFO [2019-03-12 12:53:39.42]: ▸ keychain: "/Users/*******/Library/Keychains/login.keychain-db"
INFO [2019-03-12 12:53:39.42]: ▸ version: 512
INFO [2019-03-12 12:53:39.42]: ▸ class: 0x80001000
INFO [2019-03-12 12:53:39.42]: ▸ attributes:
INFO [2019-03-12 12:53:39.42]: ▸ "alis"<blob>="Apple Worldwide Developer Relations Certification Authority"
INFO [2019-03-12 12:53:39.42]: ▸ "cenc"<uint32>=0x00000003
INFO [2019-03-12 12:53:39.42]: ▸ "ctyp"<uint32>=0x00000001
INFO [2019-03-12 12:53:39.42]: ▸ "hpky"<blob>=0x88271709A9B618608BECEBBAF64759C55254A3B7 "\210'\027\011\251\266\030`\213\354\353\272\366GY\305RT\243\267"
INFO [2019-03-12 12:53:39.42]: ▸ "issu"<blob>=0x3062310B300906035504061302555331133011060355040A130A4150504C4520494E432E31263024060355040B131D4150504C452043455254494649434154494F4E20415554484F52495459311630140603550403130D4150504C4520524F4F54204341 "0b1\0130\011\006\003U\004\006\023\002US1\0230\021\006\003U\004\012\023\012APPLE INC.1&0$\006\003U\004\013\023\035APPLE CERTIFICATION AUTHORITY1\0260\024\006\003U\004\003\023\015APPLE ROOT CA"
INFO [2019-03-12 12:53:39.42]: ▸ "labl"<blob>="Apple Worldwide Developer Relations Certification Authority"
INFO [2019-03-12 12:53:39.42]: ▸ "skid"<blob>=0x88271709A9B618608BECEBBAF64759C55254A3B7 "\210'\027\011\251\266\030`\213\354\353\272\366GY\305RT\243\267"
INFO [2019-03-12 12:53:39.42]: ▸ "snbr"<blob>=0x01DEBCC4396DA010 "\001\336\274\3049m\240\020"
INFO [2019-03-12 12:53:39.42]: ▸ "subj"<blob>=0x308196310B300906035504061302555331133011060355040A0C0A4170706C6520496E632E312C302A060355040B0C234170706C6520576F726C647769646520446576656C6F7065722052656C6174696F6E733144304206035504030C3B4170706C6520576F726C647769646520446576656C6F7065722052656C6174696F6E732043657274696669636174696F6E20417574686F72697479 "0\201\2261\0130\011\006\003U\004\006\023\002US1\0230\021\006\003U\004\012\014\012Apple Inc.1,0*\006\003U\004\013\014#Apple Worldwide Developer Relations1D0B\006\003U\004\003\014;Apple Worldwide Developer Relations Certification Authority"
DEBUG [2019-03-12 12:53:40.96]: Certificate '5DDF2PK5F3.cer' is already installed on this machine
INFO [2019-03-12 12:53:40.96]: $ security import /var/folders/qf/2fgm_41x0pj6mytxdd8ksgnh0000gn/T/d20190312-39387-3rq3n2/certs/development/5DDF2PK5F3.p12 -k '/Users/*******/Library/Keychains/login.keychain-db' -P '' -T /usr/bin/codesign -T /usr/bin/security
INFO [2019-03-12 12:53:41.05]: ▸ 1 identity imported.
[⠋] Setting key partition list... (this can take a minute if there are a lot of keys installed) INFO [2019-03-12 12:53:41.06]: $ security set-key-partition-list -S apple-tool:,apple: -k '' /Users/*******/Library/Keychains/login.keychain-db 1> /dev/null
WARN [2019-03-12 12:53:41.10]:
WARN [2019-03-12 12:53:41.10]: Could not configure imported keychain item (certificate) to prevent UI permission popup when code signing
Check if you supplied the correct `keychain_password` for keychain: `/Users/*******/Library/Keychains/login.keychain-db`
security: SecKeychainItemSetAccessWithPassword: The user name or passphrase you entered is not correct.
WARN [2019-03-12 12:53:41.10]:
WARN [2019-03-12 12:53:41.10]: Please look at the following docs to see how to set a keychain password:
WARN [2019-03-12 12:53:41.10]: - https://docs.fastlane.tools/actions/sync_code_signing
WARN [2019-03-12 12:53:41.10]: - https://docs.fastlane.tools/actions/get_certificates
[✔] Setting key partition list... (this can take a minute if there are a lot of keys installed)
+-------------------+--------------------------------------------+
| Installed Certificate |
+-------------------+--------------------------------------------+
| User ID | 959S873XG9 |
| Common Name | iPhone Developer: ******* (*******) |
| Organisation Unit | ******* |
| Organisation | ******* |
| Country | DE |
| Start Datetime | 2019-01-15 13:57:48 UTC |
| End Datetime | 2020-01-15 13:57:48 UTC |
+-------------------+--------------------------------------------+
ERROR [2019-03-12 12:53:41.11]: No matching provisioning profiles found for 'Development_com.*******'
ERROR [2019-03-12 12:53:41.11]: A new one cannot be created because you enabled `readonly`
ERROR [2019-03-12 12:53:41.11]: Provisioning profiles in your repo for type `development`:
ERROR [2019-03-12 12:53:41.11]: - '*******_DEV_Development.mobileprovision'
ERROR [2019-03-12 12:53:41.11]: - '*******_APP_Development.mobileprovision'
ERROR [2019-03-12 12:53:41.11]: If you are certain that a profile should exist, double-check the recent changes to your match repository
/Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane_core/lib/fastlane_core/ui/interface.rb:141:in `user_error!': [!] No matching provisioning profiles found and can not create a new one because you enabled `readonly`. Check the output above for more information. (FastlaneCore::Interface::FastlaneError)
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane_core/lib/fastlane_core/ui/ui.rb:17:in `method_missing'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:254:in `fetch_provisioning_profile'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:98:in `block (2 levels) in run'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:97:in `loop'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:97:in `block in run'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:96:in `each'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/runner.rb:96:in `run'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/commands_generator.rb:51:in `block (2 levels) in run'
from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/command.rb:178:in `call'
from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/command.rb:153:in `run'
from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/runner.rb:476:in `run_active_command'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane_core/lib/fastlane_core/ui/fastlane_runner.rb:76:in `run!'
from /Library/Ruby/Gems/2.3.0/gems/commander-fastlane-4.4.6/lib/commander/delegates.rb:15:in `run!'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/commands_generator.rb:172:in `run'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/match/lib/match/commands_generator.rb:24:in `start'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/fastlane/lib/fastlane/cli_tools_distributor.rb:111:in `take_off'
from /Library/Ruby/Gems/2.3.0/gems/fastlane-2.117.1/bin/fastlane:23:in `<top (required)>'
from /usr/local/bin/fastlane:22:in `load'
from /usr/local/bin/fastlane:22:in `<main>'So my questions are:
Is there a common known issue you see due to the verbose log?
Is it even possible to use this technique using automatically Xcode generated (Automatic Signing) Certificates?
- If not, do you have any other idea how to use match without messing with the existing certificates?
kooraz1 Answer
It looks like your .mobileprovision files are named incorrectly. The correct format is
CertType_bundleid.mobileprovision
For example
Development_com.apple.podcasts.mobileprovision
This file needs to be in the /profiles/development directory of the match repo.
Unrelated, and not sure, but looks like you might also have an issue using the keychain, you might want to have a look at the unlock_keychain action if that proves to be the case.
answered on Stack Overflow Mar 15, 2019 by 
Aaron Brager
Aaron BragerUser contributions licensed under CC BY-SA 3.0