fastlane: Cannot sign on headless machines : errSecInternalComponent
New Issue Checklist
- Updated fastlane to the latest version
- I read the Contribution Guidelines
- I read docs.fastlane.tools
- I searched for existing GitHub issues
Issue Description
I am trying to use Fastlane to build and sign code on headless (CICD) machines. Only SSH - No GUI session whatsoever. The consequence of the above is that THERE IS NO LOGIN KEYCHAIN.
I create the keychain with the following commands (variables are correctly defined)
security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
security set-keychain-settings -t 0 "${KEYCHAIN_NAME}"
$ security list-keychains
"/Users/ec2-user/Library/Keychains/macos_build-db"
"/Library/Keychains/System.keychain"
I am using Match to share the key and certificate between my laptop and the headless machine.
Codesigning works from Xcode on my laptop.
Codesigning works from Xcode on the headless machine (when enabling VNC and starting a GUI session)
Codesigning works using Match on my laptop (sharing the certificate, signing keys, and provisioning profile with headless machine)
Codesigning DOES NOT work using Match / Fastlane on the headless machine.
When trying from a GUI session, codesign asks to unlock the keychain, even when unlocked with security unlock-keychain
On the headless machine, compilation works but code sign fails with
[13:09:53]: ▸ Code Signing /Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Debug-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework with Identity Apple Development: Sebastien Stormacq (UF9TVM4GSV)
[13:09:53]: ▸ /usr/bin/codesign --force --sign 0884418F47DA5AC81C547608B01C78BE41852A5E --preserve-metadata=identifier,entitlements '/Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Debug-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework'
[13:09:53]: ▸ Warning: unable to build chain to self-signed root for signer "Apple Development: Sebastien Stormacq (UF9TVM4GSV)"
[13:09:53]: ▸ /Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Debug-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework: errSecInternalComponent
[13:09:53]: ▸ Command PhaseScriptExecution failed with a nonzero exit code
I noticed the warning : Warning: unable to build chain to self-signed root for signer "Apple Development: Sebastien Stormacq (UF9TVM4GSV)but when I analyse the certification using Keychain app, it reports the certificate is valid and the chain of certificates is correctly displayed : Apple Root CA => Apple Worldwide Developer GA3 => My certificate
I don’t think this is the root cause, but happy to be proven wrong.
This is probably related to https://github.com/fastlane/fastlane/issues/15185
Command executed
fastlane beta
Complete output when running fastlane, including the stack trace and command used
[✔] 🚀 [13:09:46]: fastlane detected a Gemfile in the current directory [13:09:46]: However, it seems like you didn't use `bundle exec` [13:09:46]: To launch fastlane faster, please use [13:09:46]: [13:09:46]: $ bundle exec fastlane ios build [13:09:46]: [13:09:46]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile [13:09:47]: ------------------------------ [13:09:47]: --- Step: default_platform --- [13:09:47]: ------------------------------ [13:09:47]: Driving the lane 'ios build' 🚀 [13:09:47]: ------------------- [13:09:47]: --- Step: match --- [13:09:47]: ------------------- [13:09:47]: Successfully loaded '/Users/ec2-user/amplify-ios-getting-started/code/fastlane/Matchfile' 📄±---------------±-------------------------------------------------+ | Detected Values from ‘./fastlane/Matchfile’ | ±---------------±-------------------------------------------------+ | s3_bucket | ios-certificates-private-sst | | s3_region | us-west-2 | | storage_mode | s3 | | type | development | | app_identifier | [“com.amazonaws.amplify.mobile.getting-started”] | | username | sebsto@mac.com | | keychain_name | macos_build | ±---------------±-------------------------------------------------+
±-------------------------------±-------------------------------------------------+ | Summary for match 2.194.0 | ±-------------------------------±-------------------------------------------------+ | type | development | | readonly | true | | generate_apple_certs | true | | skip_provisioning_profiles | false | | app_identifier | [“com.amazonaws.amplify.mobile.getting-started”] | | username | sebsto@mac.com | | team_id | 56U756R2L2 | | storage_mode | s3 | | git_branch | master | | shallow_clone | false | | clone_branch_directly | false | | s3_region | us-west-2 | | s3_bucket | ios-certificates-private-sst | | keychain_name | macos_build | | keychain_password | ******** | | force | false | | force_for_new_devices | false | | skip_confirmation | false | | skip_docs | false | | platform | ios | | derive_catalyst_app_identifier | false | | fail_on_name_taken | false | | skip_certificate_matching | false | | skip_set_partition_list | false | | verbose | false | ±-------------------------------±-------------------------------------------------+
[13:09:48]: 🔓 Successfully decrypted certificates repo [13:09:48]: Installing certificate…
±------------------±---------------------------------------------------+ | Installed Certificate | ±------------------±---------------------------------------------------+ | User ID | M939KL4CJR | | Common Name | Apple Development: Sebastien Stormacq (UF9TVM4GSV) | | Organisation Unit | 56U756R2L2 | | Organisation | Sebastien Stormacq | | Country | BE | | Start Datetime | 2021-09-20 16:19:50 UTC | | End Datetime | 2022-09-20 16:19:49 UTC | ±------------------±---------------------------------------------------+
[13:09:48]: Installing provisioning profile…
±--------------------±--------------------------------------------------±--------------------------------------------------+ | Installed Provisioning Profile | ±--------------------±--------------------------------------------------±--------------------------------------------------+ | Parameter | Environment Variable | Value | ±--------------------±--------------------------------------------------±--------------------------------------------------+ | App Identifier | | com.amazonaws.amplify.mobile.getting-started | | Type | | development | | Platform | | ios | | Profile UUID | sigh_com.amazonaws.amplify.mobile.getting-starte | 70a4dabf-6c70-4afd-9e7b-15c4bfc5d84e | | | d_development | | | Profile Name | sigh_com.amazonaws.amplify.mobile.getting-starte | match Development | | | d_development_profile-name | com.amazonaws.amplify.mobile.getting-started | | Profile Path | sigh_com.amazonaws.amplify.mobile.getting-starte | /Users/ec2-user/Library/MobileDevice/Provisionin | | | d_development_profile-path | g | | | | Profiles/70a4dabf-6c70-4afd-9e7b-15c4bfc5d84e.mo | | | | bileprovision | | Development Team ID | sigh_com.amazonaws.amplify.mobile.getting-starte | 56U756R2L2 | | | d_development_team-id | | ±--------------------±--------------------------------------------------±--------------------------------------------------+
[13:09:49]: All required keys, certificates and provisioning profiles are installed 🙌 [13:09:49]: Setting Provisioning Profile type to ‘development’ [13:09:49]: ----------------------- [13:09:49]: — Step: build_app — [13:09:49]: ----------------------- [13:09:49]: Resolving Swift Package Manager dependencies… [13:09:49]: $ xcodebuild -resolvePackageDependencies -workspace getting\ started.xcworkspace -scheme getting\ started [13:09:49]: ▸ Command line invocation: [13:09:49]: ▸ /Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild -resolvePackageDependencies -workspace “getting started.xcworkspace” -scheme “getting started” [13:09:49]: ▸ User defaults from command line: [13:09:49]: ▸ IDEPackageSupportUseBuiltinSCM = YES [13:09:50]: ▸ resolved source packages: [13:09:50]: $ xcodebuild -showBuildSettings -workspace getting\ started.xcworkspace -scheme getting\ started [13:09:51]: Detected provisioning profile mapping: {:“com.amazonaws.amplify.mobile.getting-started”=>“match Development com.amazonaws.amplify.mobile.getting-started”}
±-----------------------------------------------------------------------------±---------------------------------------------------------------+ | Summary for gym 2.194.0 | ±-----------------------------------------------------------------------------±---------------------------------------------------------------+ | workspace | getting started.xcworkspace | | scheme | getting started | | skip_archive | true | | export_method | development | | export_options.provisioningProfiles.com.amazonaws.amplify.mobile.getting-st | match Development com.amazonaws.amplify.mobile.getting-started | | arted | | | clean | false | | output_directory | . | | output_name | getting started | | silent | false | | skip_package_ipa | false | | skip_package_pkg | false | | build_path | /Users/ec2-user/Library/Developer/Xcode/Archives/2021-09-21 | | result_bundle | false | | buildlog_path | ~/Library/Logs/gym | | destination | generic/platform=iOS | | skip_profile_detection | false | | skip_package_dependencies_resolution | false | | disable_package_automatic_updates | false | | use_system_scm | false | | xcode_path | /Applications/Xcode.app | ±-----------------------------------------------------------------------------±---------------------------------------------------------------+
[13:09:51]: $ set -o pipefail && xcodebuild -workspace getting\ started.xcworkspace -scheme getting\ started -destination ‘generic/platform=iOS’ build | tee /Users/ec2-user/Library/Logs/gym/getting\ started-getting\ started.log | xcpretty [13:09:53]: ▸ Running script ‘[CP-User] Default’ [13:09:53]: ▸ Running script ‘[CP-User] AmplifyTools’ [13:09:53]: ▸ Running script ‘Run Amplify’ [13:09:53]: ▸ Running script ‘[CP] Embed Pods Frameworks’ [13:09:53]: ▸ ** BUILD FAILED ** [13:09:53]: ▸ The following build commands failed: [13:09:53]: ▸ PhaseScriptExecution [CP]\ Embed\ Pods\ Frameworks /Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Intermediates.noindex/getting\ started.build/Debug-iphoneos/getting\ started.build/Script-3C6CD1AB15DF55969B493797.sh [13:09:53]: ▸ (1 failure) ▸ Running script ‘[CP-User] Default’ ▸ Running script ‘[CP-User] AmplifyTools’ ▸ Running script ‘Run Amplify’ ▸ Running script ‘[CP] Embed Pods Frameworks’ ** BUILD FAILED **
The following build commands failed: PhaseScriptExecution [CP]\ Embed\ Pods\ Frameworks /Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Intermediates.noindex/getting\ started.build/Debug-iphoneos/getting\ started.build/Script-3C6CD1AB15DF55969B493797.sh (1 failure) [13:09:53]: Exit status: 65
±--------------±------------------------+ | Build environment | ±--------------±------------------------+ | xcode_path | /Applications/Xcode.app | | gym_version | 2.194.0 | | export_method | development | | sdk | iPhoneOS14.5.sdk | ±--------------±------------------------+
[13:09:53]: ▸ Code Signing /Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Debug-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework with Identity Apple Development: Sebastien Stormacq (UF9TVM4GSV) [13:09:53]: ▸ /usr/bin/codesign --force --sign 0884418F47DA5AC81C547608B01C78BE41852A5E --preserve-metadata=identifier,entitlements ‘/Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Debug-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework’ [13:09:53]: ▸ Warning: unable to build chain to self-signed root for signer “Apple Development: Sebastien Stormacq (UF9TVM4GSV)” [13:09:53]: ▸ /Users/ec2-user/Library/Developer/Xcode/DerivedData/getting_started-cvkdjbhbeisorvewfctokujbqufy/Build/Products/Debug-iphoneos/getting started.app/Frameworks/AWSAuthCore.framework: errSecInternalComponent [13:09:53]: ▸ Command PhaseScriptExecution failed with a nonzero exit code [13:09:53]: [13:09:53]: ⬆️ Check out the few lines of raw
xcodebuildoutput above for potential hints on how to solve this error [13:09:53]: 📋 For the complete and more detailed error log, check the full log at: [13:09:53]: 📋 /Users/ec2-user/Library/Logs/gym/getting started-getting started.log [13:09:53]: [13:09:53]: Yourexport_methodin gym is defined asdevelopment[13:09:53]: which might cause problems when signing your application [13:09:53]: Are you sure want to build and export for development? [13:09:53]: Please make sure to define the correct export methods when calling [13:09:53]: gym in your Fastfile or from the command line [13:09:53]: [13:09:53]: [13:09:53]: Looks like fastlane ran into a build/archive error with your project [13:09:53]: It’s hard to tell what’s causing the error, so we wrote some guides on how [13:09:53]: to troubleshoot build and signing issues: https://docs.fastlane.tools/codesigning/getting-started/ [13:09:53]: Before submitting an issue on GitHub, please follow the guide above and make [13:09:53]: sure your project is set up correctly. [13:09:53]: fastlane usesxcodebuildcommands to generate your binary, you can see the [13:09:53]: the full commands printed out in yellow in the above log. [13:09:53]: Make sure to inspect the output above, as usually you’ll find more error information there [13:09:53]: ±-----------------------------------±---------------------------------------------------------------------+ | Lane Context | ±-----------------------------------±---------------------------------------------------------------------+ | DEFAULT_PLATFORM | ios | | PLATFORM_NAME | ios | | LANE_NAME | ios build | | SIGH_PROFILE_TYPE | development | | MATCH_PROVISIONING_PROFILE_MAPPING | {“com.amazonaws.amplify.mobile.getting-started”=>“match Development | | | com.amazonaws.amplify.mobile.getting-started”} | ±-----------------------------------±---------------------------------------------------------------------+ [13:09:53]: Error building the application - see the log above±-----±-----------------±------------+ | fastlane summary | ±-----±-----------------±------------+ | Step | Action | Time (in s) | ±-----±-----------------±------------+ | 1 | default_platform | 0 | | 2 | match | 1 | | 💥 | build_app | 4 | ±-----±-----------------±------------+
[13:09:53]: fastlane finished with errors
[!] Error building the application - see the log above ec2-user@ip-172-31-40-42 code %
Environment
[✔] 🚀 [13:10:25]: fastlane detected a Gemfile in the current directory [13:10:25]: However, it seems like you didn't use `bundle exec` [13:10:25]: To launch fastlane faster, please use [13:10:25]: [13:10:25]: $ bundle exec fastlane env [13:10:25]: [13:10:25]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile [13:10:26]: Generating fastlane environment output, this might take a few seconds...[13:10:27]: Take notice that this output may contain sensitive information, or simply information that you don't want to make public. [13:10:27]: 🙄 Wow, that's a lot of markdown text... should fastlane put it into your clipboard, so you can easily paste it on GitHub? (y/n) y [13:10:30]: Successfully copied markdown into your clipboard 🎨 [13:10:30]: Open https://github.com/fastlane/fastlane/issues/new to submit a new issue ✅🚫 fastlane environment 🚫
Stack
Key Value OS 11.5.2 Ruby 3.0.2 Bundler? false Git git version 2.30.1 (Apple Git-130) Installation Source /usr/local/Cellar/fastlane/2.194.0/libexec/bin/fastlane Host macOS 11.5.2 (20G95) Ruby Lib Dir /usr/local/Cellar/ruby/3.0.2/lib OpenSSL Version OpenSSL 1.1.1k 25 Mar 2021 Is contained false Is homebrew true Is installed via Fabric.app false Xcode Path /Applications/Xcode.app/Contents/Developer/ Xcode Version 12.5.1 Swift Version 5.4.2 System Locale
Error No Locale with UTF8 found 🚫 fastlane files:
`./fastlane/Fastfile`
# This file contains the fastlane.tools configuration # You can find the documentation at https://docs.fastlane.tools # # For a list of all available actions, check out # # https://docs.fastlane.tools/actions # # For a list of all available plugins, check out # # https://docs.fastlane.tools/plugins/available-plugins # # Uncomment the line if you want fastlane to automatically update itself # update_fastlane default_platform(:ios) # before_all do # create_keychain( # name: "macos_build", # default_keychain: true, # unlock: true, # timeout: 0, # lock_when_sleeps: false, # password: "Passw0rd!" # ) # end platform :ios do lane :clean do clean_build_artifacts clear_derived_data end lane :beta do desc "Push a new beta build to TestFlight" match(type: "appstore", readonly: true) increment_build_number(xcodeproj: "getting started.xcodeproj") build_app(workspace: "getting started.xcworkspace", scheme: "getting started") upload_to_testflight end lane :build do desc "Build the project" match(type: "development", readonly: true) build_app(workspace: "getting started.xcworkspace", scheme: "getting started", skip_archive: true, export_method: "development") end end # after_all do # delete_keychain(name: "macos_build") # end`./fastlane/Appfile`
app_identifier("com.amazonaws.amplify.mobile.getting-started") # The bundle identifier of your app apple_id(ENV['APPLE_ID']) # Your Apple email address itc_team_id(ENV['ITC_TEAM_ID']) # App Store Connect Team ID team_id(ENV['TEAM_ID']) # Developer Portal Team ID # For more information about the Appfile, see: # https://docs.fastlane.tools/advanced/#appfilefastlane gems
Gem Version Update-Status fastlane 2.194.0 ✅ Up-To-Date Loaded fastlane plugins:
No plugins Loaded
Loaded gems
Gem Version did_you_mean 1.5.0 atomos 0.1.3 CFPropertyList 3.0.3 claide 1.0.3 colored2 3.1.2 nanaimo 0.3.0 rexml 3.2.5 xcodeproj 1.21.0 rouge 2.0.7 xcpretty 0.3.0 terminal-notifier 2.0.0 unicode-display_width 1.8.0 terminal-table 1.8.0 plist 3.6.0 public_suffix 4.0.6 addressable 2.8.0 multipart-post 2.0.0 word_wrap 1.0.0 optparse 0.1.1 tty-screen 0.8.1 tty-cursor 0.7.1 tty-spinner 0.9.3 artifactory 3.0.15 babosa 1.0.4 colored 1.2 highline 2.0.3 commander 4.6.0 excon 0.85.0 faraday-em_http 1.0.0 faraday-em_synchrony 1.0.0 faraday-excon 1.1.0 faraday-httpclient 1.0.1 faraday-net_http 1.0.1 faraday-net_http_persistent 1.2.0 faraday-patron 1.0.0 faraday-rack 1.0.0 ruby2_keywords 0.0.5 faraday 1.7.2 unf_ext 0.0.8 unf 0.1.4 domain_name 0.5.20190701 http-cookie 1.0.4 faraday-cookie_jar 0.0.7 faraday_middleware 1.1.0 fastimage 2.2.5 gh_inspector 1.1.3 json 2.5.1 mini_magick 4.11.0 naturally 2.2.1 rubyzip 2.3.2 security 0.1.3 xcpretty-travis-formatter 1.0.1 dotenv 2.7.6 bundler 2.2.22 simctl 1.6.8 jwt 2.2.3 uber 0.1.0 declarative 0.0.20 trailblazer-option 0.1.1 representable 3.1.1 retriable 3.1.2 mini_mime 1.1.1 memoist 0.16.2 multi_json 1.15.0 os 1.1.1 signet 0.16.0 googleauth 0.17.1 httpclient 2.8.3 webrick 1.7.0 google-apis-core 0.4.1 google-apis-playcustomapp_v1 0.5.0 google-apis-androidpublisher_v3 0.11.0 google-cloud-env 1.5.0 google-cloud-errors 1.1.0 google-cloud-core 1.6.0 google-apis-iamcredentials_v1 0.7.0 google-apis-storage_v1 0.6.0 rake 13.0.6 digest-crc 0.6.4 google-cloud-storage 1.34.1 emoji_regex 3.2.2 jmespath 1.4.0 aws-partitions 1.501.0 aws-eventstream 1.2.0 aws-sigv4 1.4.0 aws-sdk-core 3.121.0 aws-sdk-kms 1.48.0 aws-sdk-s3 1.102.0 tsort 0.1.0 uri 0.10.1 set 1.0.1 forwardable 1.3.2 logger 1.4.3 pathname 0.1.0 shellwords 0.1.0 cgi 0.2.0 date 3.1.0 timeout 0.1.1 stringio 3.0.0 openssl 2.2.0 io-nonblock 0.1.0 ipaddr 1.2.2 io-wait 0.1.0 zlib 1.1.0 resolv 0.2.0 securerandom 0.1.0 digest 3.0.0 time 0.1.0 open-uri 0.1.0 mutex_m 0.1.1 net-protocol 0.1.0 ostruct 0.3.1 english 0.7.1 erb 2.2.0 strscan 3.0.0 abbrev 0.1.0 io-console 0.5.7 tempfile 0.1.1 delegate 0.2.0 fileutils 1.5.0 tmpdir 0.1.2 base64 0.1.0 singleton 0.1.1 net-http 0.1.1 open3 0.1.1 nkf 0.1.0 prettyprint 0.1.0 pp 0.1.0 find 0.1.0 yaml 0.1.1 psych 3.3.0 generated on: 2021-09-21
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 1
- Comments: 16 (1 by maintainers)
Please Bot do not close this issue. It should be addressed by fastlane match