fastlane: Could not install WWDR certificate
New Issue Checklist
- Updated fastlane to the latest version
- I read the Contribution Guidelines
- I read docs.fastlane.tools
- I searched for existing GitHub issues
Issue Description
Hello everyone 👋🏻
We are using circle ci with fastlane 2.211.0.
Randomly when we do the matching certificates, the CI fails with the following error Could not install WWDR certificate.
I say randomly because it does not happen each time and the logs are not relevant both ways.
Thanks in advance for your insights
Command executed
match
Complete output when running fastlane, including the stack trace and command used
Here is the output when the CI fails
chruby: unknown Ruby: ruby-2.6.8 Your RubyGems version (3.0.3.1) has a bug that prevents `required_ruby_version` from working for Bundler. Any scripts that use `gem install bundler` will break as soon as Bundler drops support for your Ruby version. Please upgrade RubyGems to avoid future breakage and silence this warning by running `gem update --system 3.2.3` [⠋] 🚀 [⠙] 🚀 [⠹] 🚀 [⠸] 🚀 [⠼] 🚀 [⠴] 🚀 [⠦] 🚀 [✔] 🚀 +------------------------------------------+---------+--------------------------+ | Used plugins | +------------------------------------------+---------+--------------------------+ | Plugin | Version | Action | +------------------------------------------+---------+--------------------------+ | fastlane-plugin-diawi | 2.1.0 | diawi | | fastlane-plugin-clean_testflight_testers | 0.3.0 | clean_testflight_testers | +------------------------------------------+---------+--------------------------+[15:43:52]: Sending anonymous analytics information [15:43:52]: Learn more at https://docs.fastlane.tools/#metrics [15:43:52]: No personal or sensitive data is sent. [15:43:52]: You can disable this by adding
opt_out_usageat the top of your Fastfile [15:43:53]: ---------------------------------------- [15:43:53]: — Step: Verifying fastlane version — [15:43:53]: ---------------------------------------- [15:43:53]: Your fastlane version 2.211.0 matches the minimum requirement of 2.114.0 ✅ [15:43:53]: ------------------------------ [15:43:53]: — Step: default_platform — [15:43:53]: ------------------------------ [15:43:53]: Driving the lane ‘ios build_and_release_ci’ 🚀 [15:43:53]: ----------------------------- [15:43:53]: — Step: setup_circle_ci — [15:43:53]: ----------------------------- [15:43:53]: Skipping Log Path setup as FL_OUTPUT_DIR is unset [15:43:53]: Creating temporary keychain: “fastlane_tmp_keychain”. [15:43:53]: $ security list-keychains -d user [15:43:53]: ▸ “/Users/distiller/Library/Keychains/fastlane_tmp_keychain-db” [15:43:53]: Found keychain ‘/Users/distiller/Library/Keychains/fastlane_tmp_keychain-db’ in list-keychains, adding to search list skipped [15:43:53]: Enabling match readonly mode. [15:43:53]: ---------------------------------- [15:43:53]: — Step: get_info_plist_value — [15:43:53]: ---------------------------------- [15:43:53]: ---------------------------------- [15:43:53]: — Step: get_info_plist_value — [15:43:53]: ---------------------------------- [15:43:53]: ⚙️ Start building 6.0.4 Build 1 [15:43:53]: --------------------------------------------------- [15:43:53]: — Step: Switch to ios post_slack_message lane — [15:43:53]: --------------------------------------------------- [15:43:53]: Cruising over to lane ‘ios post_slack_message’ 🚖 [15:43:53]: ------------------- [15:43:53]: — Step: slack — [15:43:53]: ------------------- [15:43:53]: Successfully sent Slack notification [15:43:53]: Cruising back to lane ‘ios build_and_release_ci’ 🚘 [15:43:53]: --------------------------------------------------------------- [15:43:53]: — Step: Switch to ios test_app_store_connect_api_key lane — [15:43:53]: --------------------------------------------------------------- [15:43:53]: Cruising over to lane ‘ios test_app_store_connect_api_key’ 🚖 [15:43:53]: --------------------------------------- [15:43:53]: — Step: app_store_connect_api_key — [15:43:53]: --------------------------------------- [15:43:53]: Cruising back to lane ‘ios build_and_release_ci’ 🚘 [15:43:53]: 🤝 Match for com.toto [15:43:53]: ------------------- [15:43:53]: — Step: match — [15:43:53]: ------------------- [15:43:53]: Successfully loaded ‘/Users/distiller/project/fastlane/Matchfile’ 📄±-------------±-------------------------------------------------+ | Detected Values from ‘./fastlane/Matchfile’ | ±-------------±-------------------------------------------------+ | git_url | git@github.com:MyTeam/FastlaneMatch.git | | storage_mode | git | | type | appstore | ±-------------±-------------------------------------------------+
±---------------------------------------±-------------------------------------------------+ | Summary for match 2.211.0 | ±---------------------------------------±-------------------------------------------------+ | type | appstore | | readonly | true | | app_identifier | [“com.toto”] | | api_key | ******** | | generate_apple_certs | true | | skip_provisioning_profiles | false | | storage_mode | git | | git_url | git@github.com:MyTeam/FastlaneMatch.git | | git_branch | master | | shallow_clone | false | | clone_branch_directly | false | | skip_google_cloud_account_confirmation | false | | keychain_name | fastlane_tmp_keychain | | force | false | | force_for_new_devices | false | | include_mac_in_profiles | false | | include_all_certificates | false | | force_for_new_certificates | false | | skip_confirmation | false | | safe_remove_certs | false | | skip_docs | false | | platform | ios | | derive_catalyst_app_identifier | false | | fail_on_name_taken | false | | skip_certificate_matching | false | | skip_set_partition_list | false | | verbose | false | ±---------------------------------------±-------------------------------------------------+
[15:43:53]: Cloning remote git repo… [15:43:53]: If cloning the repo takes too long, you can use the
clone_branch_directlyoption in match. [15:43:54]: Checking out branch master… [15:43:54]: 🔓 Successfully decrypted certificates repo [15:43:54]: Installing certificate… [15:43:54]: $ security find-certificate -a -c ‘Apple Worldwide Developer Relations’ -p /Users/distiller/Library/Keychains/fastlane_tmp_keychain-db [15:43:55]: -------------------------------------------- [15:43:55]: — Step: mv Appfile.tmp Appfile || true — [15:43:55]: -------------------------------------------- [15:43:55]: $ mv Appfile.tmp Appfile || true [15:43:55]: ▸ mv: rename Appfile.tmp to Appfile: No such file or directory [15:43:55]: --------------------------------------------------------- [15:43:55]: — Step: Switch to ios post_slack_error_message lane — [15:43:55]: --------------------------------------------------------- [15:43:55]: Cruising over to lane ‘ios post_slack_error_message’ 🚖 [15:43:55]: ------------------- [15:43:55]: — Step: slack — [15:43:55]: ------------------- [15:43:55]: Successfully sent Slack notification [15:43:55]: Cruising back to lane ‘ios build_and_release_ci’ 🚘 ±----------------------------------±-------------------------------------------------------+ | Lane Context | ±----------------------------------±-------------------------------------------------------+ | DEFAULT_PLATFORM | ios | | PLATFORM_NAME | ios | | LANE_NAME | ios build_and_release_ci | | KEYCHAIN_PATH | ~/Library/Keychains/fastlane_tmp_keychain | | ORIGINAL_DEFAULT_KEYCHAIN | “/Users/distiller/Library/Keychains/login.keychain-db” | | GET_INFO_PLIST_VALUE_CUSTOM_VALUE | 1 | ±----------------------------------±-------------------------------------------------------+ [15:43:55]: Could not install WWDR certificate±-----±--------------------------------------------------±------------+ | fastlane summary | ±-----±--------------------------------------------------±------------+ | Step | Action | Time (in s) | ±-----±--------------------------------------------------±------------+ | 1 | Verifying fastlane version | 0 | | 2 | default_platform | 0 | | 3 | setup_circle_ci | 0 | | 4 | get_info_plist_value | 0 | | 5 | get_info_plist_value | 0 | | 6 | Switch to ios post_slack_message lane | 0 | | 7 | slack | 0 | | 8 | Switch to ios test_app_store_connect_api_key lane | 0 | | 9 | app_store_connect_api_key | 0 | | 💥 | match | 1 | | 11 | mv Appfile.tmp Appfile || true | 0 | | 12 | Switch to ios post_slack_error_message lane | 0 | | 13 | slack | 0 | ±-----±--------------------------------------------------±------------+
[15:43:55]: fastlane finished with errors
[!] Could not install WWDR certificate
Exited with code exit status 1
Here is the output when not having the issue
chruby: unknown Ruby: ruby-2.6.8 Your RubyGems version (3.0.3.1) has a bug that prevents `required_ruby_version` from working for Bundler. Any scripts that use `gem install bundler` will break as soon as Bundler drops support for your Ruby version. Please upgrade RubyGems to avoid future breakage and silence this warning by running `gem update --system 3.2.3` [⠋] 🚀 [⠙] 🚀 [⠹] 🚀 [⠸] 🚀 [⠼] 🚀 [⠴] 🚀 [⠦] 🚀 [✔] 🚀 +------------------------------------------+---------+--------------------------+ | Used plugins | +------------------------------------------+---------+--------------------------+ | Plugin | Version | Action | +------------------------------------------+---------+--------------------------+ | fastlane-plugin-diawi | 2.1.0 | diawi | | fastlane-plugin-clean_testflight_testers | 0.3.0 | clean_testflight_testers | +------------------------------------------+---------+--------------------------+[10:04:59]: Sending anonymous analytics information [10:04:59]: Learn more at https://docs.fastlane.tools/#metrics [10:04:59]: No personal or sensitive data is sent. [10:04:59]: You can disable this by adding
opt_out_usageat the top of your Fastfile [10:05:00]: ---------------------------------------- [10:05:00]: — Step: Verifying fastlane version — [10:05:00]: ---------------------------------------- [10:05:00]: Your fastlane version 2.211.0 matches the minimum requirement of 2.114.0 ✅ [10:05:00]: ------------------------------ [10:05:00]: — Step: default_platform — [10:05:00]: ------------------------------ [10:05:00]: Driving the lane ‘ios build_and_release_ci’ 🚀 [10:05:00]: ----------------------------- [10:05:00]: — Step: setup_circle_ci — [10:05:00]: ----------------------------- [10:05:00]: Skipping Log Path setup as FL_OUTPUT_DIR is unset [10:05:00]: Creating temporary keychain: “fastlane_tmp_keychain”. [10:05:00]: $ security list-keychains -d user [10:05:00]: ▸ “/Users/distiller/Library/Keychains/fastlane_tmp_keychain-db” [10:05:00]: Found keychain ‘/Users/distiller/Library/Keychains/fastlane_tmp_keychain-db’ in list-keychains, adding to search list skipped [10:05:00]: Enabling match readonly mode. [10:05:00]: ---------------------------------- [10:05:00]: — Step: get_info_plist_value — [10:05:00]: ---------------------------------- [10:05:00]: ---------------------------------- [10:05:00]: — Step: get_info_plist_value — [10:05:00]: ---------------------------------- [10:05:00]: ⚙️ Start building 6.0.5 Build 2 [10:05:00]: --------------------------------------------------- [10:05:00]: — Step: Switch to ios post_slack_message lane — [10:05:00]: --------------------------------------------------- [10:05:00]: Cruising over to lane ‘ios post_slack_message’ 🚖 [10:05:00]: ------------------- [10:05:00]: — Step: slack — [10:05:00]: ------------------- [10:05:01]: Successfully sent Slack notification [10:05:01]: Cruising back to lane ‘ios build_and_release_ci’ 🚘 [10:05:01]: --------------------------------------------------------------- [10:05:01]: — Step: Switch to ios test_app_store_connect_api_key lane — [10:05:01]: --------------------------------------------------------------- [10:05:01]: Cruising over to lane ‘ios test_app_store_connect_api_key’ 🚖 [10:05:01]: --------------------------------------- [10:05:01]: — Step: app_store_connect_api_key — [10:05:01]: --------------------------------------- [10:05:01]: Cruising back to lane ‘ios build_and_release_ci’ 🚘 [10:05:01]: 🤝 Match for com.toto [10:05:01]: ------------------- [10:05:01]: — Step: match — [10:05:01]: ------------------- [10:05:01]: Successfully loaded ‘/Users/distiller/project/fastlane/Matchfile’ 📄±-------------±-------------------------------------------------+ | Detected Values from ‘./fastlane/Matchfile’ | ±-------------±-------------------------------------------------+ | git_url | git@github.com:MyTeamTeam/FastlaneMatch.git | | storage_mode | git | | type | appstore | ±-------------±-------------------------------------------------+
±---------------------------------------±-------------------------------------------------+ | Summary for match 2.211.0 | ±---------------------------------------±-------------------------------------------------+ | type | appstore | | readonly | true | | app_identifier | [“com.toto”] | | api_key | ******** | | generate_apple_certs | true | | skip_provisioning_profiles | false | | storage_mode | git | | git_url | git@github.com:MyTeam/FastlaneMatch.git | | git_branch | master | | shallow_clone | false | | clone_branch_directly | false | | skip_google_cloud_account_confirmation | false | | keychain_name | fastlane_tmp_keychain | | force | false | | force_for_new_devices | false | | include_mac_in_profiles | false | | include_all_certificates | false | | force_for_new_certificates | false | | skip_confirmation | false | | safe_remove_certs | false | | skip_docs | false | | platform | ios | | derive_catalyst_app_identifier | false | | fail_on_name_taken | false | | skip_certificate_matching | false | | skip_set_partition_list | false | | verbose | false | ±---------------------------------------±-------------------------------------------------+
[10:05:01]: Cloning remote git repo… [10:05:01]: If cloning the repo takes too long, you can use the
clone_branch_directlyoption in match. [10:05:02]: Checking out branch master… [10:05:02]: 🔓 Successfully decrypted certificates repo [10:05:02]: Installing certificate… [10:05:02]: $ security find-certificate -a -c ‘Apple Worldwide Developer Relations’ -p /Users/distiller/Library/Keychains/fastlane_tmp_keychain-db [10:05:03]: There are no local code signing identities found. You can runsecurity find-identity -v -p codesigning fastlane_tmp_keychainto get this output. This Stack Overflow thread has more information: https://stackoverflow.com/q/35390072/774. (Check in Keychain Access for an expired WWDR certificate: https://stackoverflow.com/a/35409835/774 has more info.) [10:05:03]: Setting key partition list… (this can take a minute if there are a lot of keys installed) [10:05:03]: security: SecItemCopyMatching: The specified item could not be found in the keychain. [10:05:03]: Setting key partition list… (this can take a minute if there are a lot of keys installed)±------------------±-------------------------------------+ | Installed Certificate | ±------------------±-------------------------------------+ | User ID | ABCDEFGHI7 | | Common Name | Apple Distribution: TOTO (ABCDEFGHI7) | | Organisation Unit | ABCDEFGHI7 | | Organisation | TOTO | | Country | US | | Start Datetime | 2022-03-02 08:32:09 UTC | | End Datetime | 2023-03-02 08:32:08 UTC | ±------------------±-------------------------------------+
[10:05:03]: Installing provisioning profile…
±--------------------±------------------------------------------------±-----------------------------------------------------------------------------------------------------------------+ | Installed Provisioning Profile | ±--------------------±------------------------------------------------±-----------------------------------------------------------------------------------------------------------------+ | Parameter | Environment Variable | Value | ±--------------------±------------------------------------------------±-----------------------------------------------------------------------------------------------------------------+ | App Identifier | | com.toto | | Type | | appstore | | Platform | | ios | | Profile UUID | sigh_com.toto_appstore | 6ad3dd91-290f-43b5-a06c-8a6e5ba9586f | | Profile Name | sigh_com.toto_appstore_profile-name | match AppStore com.toto | | Profile Path | sigh_com.toto_appstore_profile-path | /Users/distiller/Library/MobileDevice/Provisioning Profiles/6ad3dd91-290f-43b5-a06c-8a6e5ba9586f.mobileprovision | | Development Team ID | sigh_com.toto_appstore_team-id | ABCDEFGHI7 | | Certificate Name | sigh_com.toto_appstore_certificate-name | Apple Distribution: TOTO (ABCDEFGHI7) | ±--------------------±------------------------------------------------±-----------------------------------------------------------------------------------------------------------------+
[10:05:03]: All required keys, certificates and provisioning profiles are installed 🙌 [10:05:03]: Setting Provisioning Profile type to ‘app-store’ [10:05:03]: 🤝 Match for com.toto.Notification [10:05:03]: ------------------- [10:05:03]: — Step: match — [10:05:03]: ------------------- [10:05:03]: Successfully loaded ‘/Users/distiller/project/fastlane/Matchfile’ 📄
±-------------±-------------------------------------------------+ | Detected Values from ‘./fastlane/Matchfile’ | ±-------------±-------------------------------------------------+ | git_url | git@github.com:MyTeam/FastlaneMatch.git | | storage_mode | git | | type | appstore | ±-------------±-------------------------------------------------+
±---------------------------------------±-------------------------------------------------+ | Summary for match 2.211.0 | ±---------------------------------------±-------------------------------------------------+ | type | appstore | | readonly | true | | app_identifier | [“com.toto.notification”] | | api_key | ******** | | generate_apple_certs | true | | skip_provisioning_profiles | false | | storage_mode | git | | git_url | git@github.com:MyTeam/FastlaneMatch.git | | git_branch | master | | shallow_clone | false | | clone_branch_directly | false | | skip_google_cloud_account_confirmation | false | | keychain_name | fastlane_tmp_keychain | | force | false | | force_for_new_devices | false | | include_mac_in_profiles | false | | include_all_certificates | false | | force_for_new_certificates | false | | skip_confirmation | false | | safe_remove_certs | false | | skip_docs | false | | platform | ios | | derive_catalyst_app_identifier | false | | fail_on_name_taken | false | | skip_certificate_matching | false | | skip_set_partition_list | false | | verbose | false | ±---------------------------------------±-------------------------------------------------+
[10:05:03]: Cloning remote git repo… [10:05:03]: If cloning the repo takes too long, you can use the
clone_branch_directlyoption in match. [10:05:04]: Checking out branch master… [10:05:04]: 🔓 Successfully decrypted certificates repo [10:05:04]: Installing certificate… [10:05:04]: $ security find-certificate -a -c ‘Apple Worldwide Developer Relations’ -p /Users/distiller/Library/Keychains/fastlane_tmp_keychain-db [10:05:04]: ▸ -----BEGIN CERTIFICATE----- …
Environment
We are using fastlane 2.211.0
About this issue
- Original URL
- State: closed
- Created a year ago
- Reactions: 31
- Comments: 80 (13 by maintainers)
Commits related to this issue
- ci: Pin Fastlane to 2.210.1 Pin fastlane to 2.210.1 to avoid CI failure with "Could not install WWDR certificate" until https://github.com/fastlane/fastlane/issues/20960 is resolved. — committed to getsentry/sentry-cocoa by philipphofmann a year ago
- ci: Pin Fastlane to 2.210.1 (#2634) Pin fastlane to 2.210.1 to avoid CI failure with "Could not install WWDR certificate" until https://github.com/fastlane/fastlane/issues/20960 is resolved. Co-a... — committed to getsentry/sentry-cocoa by philipphofmann a year ago
- ci: Pin Fastlane to 2.210.1 (#2634) Pin fastlane to 2.210.1 to avoid CI failure with "Could not install WWDR certificate" until https://github.com/fastlane/fastlane/issues/20960 is resolved. Co-a... — committed to getsentry/sentry-cocoa by philipphofmann a year ago
- [Chore] Downgrade fastlane version: https://github.com/fastlane/fastlane/issues/20960 — committed to hoangnguyen92dn/survey-flutter-ic by hoangnguyen92dn a year ago
- [Chore] Downgrade fastlane version: https://github.com/fastlane/fastlane/issues/20960 — committed to hoangnguyen92dn/survey-flutter-ic by hoangnguyen92dn a year ago
- [Chore] Downgrade fastlane version: https://github.com/fastlane/fastlane/issues/20960 — committed to Wadeewee/survey-flutter-ic-pooh by hoangnguyen92dn a year ago
- Update CI image to v1.6.1 Image v1.6.0 contains fastlane 2.111.0, which has a bug with WWDR certificate installation: https://github.com/fastlane/fastlane/issues/20960 New image uses downgraded fast... — committed to AktivCo/rutoken-demoshift-ios by rtAndrey a year ago
Same issue here, running on Github Actions
I had this issue months ago and then had to revert to an older version, was forced to update to 2.212.1 and now have the issue again, please can we have a fix? This has been a issue for months now and its kinda a big one
Hitting this with Fastlane
2.212.1I’m still seeing this as well
Why this is only failing occasionally on CI is way beyond me right now but… I like that there are some things we can add to the
curlcommand--http1.1and/or--retry 3 --retry-all-errorsthat might fix this 🤷♂️ Thank you @chedabob for this! ❤️I’m going to put these behind an environment variable since I’m not able to replicate this issue but it will allow anybody facing this issue to set an environment variable like
FASTLANE_WWDR_USE_HTTP1_AND_RETRIES=trueto see if this does solve it 🤔I’m going to create a PR for this and then get a new release out this weekend. Would appreciate any feedback when released if this works or not… but hopefully it does 🤞
Will try and get a new version of fastlane out with a fix tonight if I can!
Happens to us as well every few builds (CircleCI).
Still occurs with v2.212.1 although the flag
FASTLANE_WWDR_USE_HTTP1_AND_RETRIESis set.Occurs only sporadically and is currently bypassed by retrying pipeline job.
@joshdholtz , @PaulTaykalo in #21442 figured out a real reason and it looks like a bug in security import. Executing
security import AppleWWDRCAG2.cerXXXXXXXXXXX-X-p8asdwill produce an errorsecurity: SecKeychainItemImport: Unknown format in import.The workaround is to preserve .cer file extension.
Like others are saying, still an issue with latest 2.213.0 and Xcode 14.3.1 on GitHub Actions. 😕
Same here. FYI for anybody who’d like to know how, simply edit
Gemfile:same question
@joshdholtz Unfortunately it did not fix the issue. I just got the same error in our 4th CI build after merging the bump to 2.212.0 and setting the env var 😦
I think the root cause of this issue is that fastlane is looking for the certificate in the Login Keychain and the cert is installed in the System Keychain
Failing
security find-certificate -a -c 'Apple Worldwide Developer Relations' -p /Users/vagrant/Library/Keychains/login.keychain-dbWorking
security find-certificate -a -c 'Apple Worldwide Developer Relations'When fastlane fails to find the cert it downloads it from Apple which intermittently fails
I’m struggling to reproduce it on my test repo, but I have seen this occur sporadically on Bitrise.
Some of this is speculation, but from what I can see:
cert_checkerwas looking at the wrong process (this is why it was changed according to the commit https://github.com/fastlane/fastlane/commit/4b3008914ff809850d7b8bf772e1a3363213ed18#diff-605d869e313da5ef9f0c402845a4911eed5f8afc4ef45382210f237fceae498aL169), which then meant all failures incert_checkerwere being ignoredcert_checkerwas failing to install them, other parts of Fastlane kept on going because they didn’t rely upon the missing certsUsing Curl through a shell call feels dirty, but I don’t think replacing it with Faraday (or something else) will necessarily solve this.
Backing out the 2.211.0 change to the success check is papering over another issue, and only works by pure luck.
In the Curl command we could add
--http1.1and/or--retry 3 --retry-all-errorsto try and alleviate it in the short term.Another solution would be to add an option to Match to skip the WWDR cert installation, but I think this will take a lot of unpicking, and possibly just creates further problems in the future when the WWDR cert is renewed again.
Without being able to reproduce it I’m hesistant to just chuck a PR in and have all the Match users alpha-test it.
This happens to us quite often in CI and is really annoying 😞
We also downgraded to
2.210.1and until now this issue did not show up anymore@pchelnikov, we’re currently still facing this issue on
2.212.2.Running on GH actions,
macos-13runner.The same error with 2.212.2 while using GitHub Actions.
The actual workaround would be to download the 6 certs
and install them in
login.keychainref: https://github.com/fastlane/fastlane/blob/4b3008914ff809850d7b8bf772e1a3363213ed18/fastlane_core/spec/cert_checker_spec.rb
Download https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
Then add the following lines to the Fastfile: https://github.com/organicmaps/organicmaps/pull/5157/commits/8028798ceff0d91992b318e400559a37a034af51
Got this today for the first time.
GitHub Actions,macos-13runner, fastlane2.211.0.UPD: I’ve updated fastlane to
2.212.2and it works.Getting this one too on
2.212.0.I was able to work around this intermittent failure by adding a bash step to our pipeline that runs before the fastlane commands:
Swap out
/Users/runner/Library/Keychains/login.keychain-dbwith the path to your pipeline’slogin.keychain-db@fruitcoder Get Apple certificates and install them in Fastfile, for example, like that: https://github.com/organicmaps/organicmaps/blob/master/xcode/fastlane/Fastfile#L13
Nope, still an issue for us (2.213.0), so we use the workaround.
I started having this issue on GitHub Actions. The runner has
fastlane 2.213.0installed. I am using Xcode 14.3.1.The issue goes away once I rerun the workflow.
I’ve gotten this issue today as well, here’s my log:
This is running on CircleCI platform, using macos: xcode: 14.3.0, ruby version 2.7.5
I tried fixing this by creating my own keychain for fastlane to use with the following:
But this also gave me the error:
security: SecItemCopyMatching: The specified item could not be found in the keychain.Also tried downgrading to version
2.210.1, which worked but it would be great if we could solve this without itThis is still happening intermittently for me even on fastlane-2.213.0 version in Bitrise.
2.211.0.2.210.1seems to get rid of the problem.full logs
Same is happening for us.
or with format
I think problem near
need save extension for temfile.
Something like this
We still have this issue.
fastlane 2.213.0installed. We are usingXcode 14.1I hit it as well using Github actions
Comparing
2.210.1and2.211.0shows a likely relevant change^1. Finding^2 the relevant commit, it seems^3 that there had been a bug (from 6 years ago)^4 that would ignore the result of the fetch (viacurl) of the certificates. It seems this bug was possibly/probably benign.@chedabob maybe the installed Curl version is a factor here, or even the way Fastlane was installed (Ruby [Bundler] vs. Brew). If the previous way of checking Curl results was not properly checking them, perhaps/probably Curl was already failing before without noticing. If so, stopping to rely on a system binary which is not under Fastlane’s control (which could also be at different versions for each user) by replacing it with Faraday (or something else) could actually solve it. At least it will provide a homogeneous scenario for everybody. Additionally, removing the dependency on a system package which ―as I said― is not under Fastlane’s control looks like something that should be addressed ASAP.
Either way, right now adding those flags will probably mitigate this issue as a quick workaround. On top it will help to test if the HTTP/2 protocol was the real problem or if it’s somewhere else.
Same for me: random errors when downloading WWDR certs, but I don’t believe it’s an Apple issue. I have another CI server with another version of fastlane and the errors there are way less frequent (or almost nonexistent).
Fortunately I have debug enabled.
The most common error message I get is the following one:
However, sometimes I get the following one: