Unable to bypass codesign prompt on Catalyst

So I was working on a Catalyst app and trying to do automatic submission to AppStore. So far things works well when exporting archive for Direct Distribution. But when it come to exporting for AppStore, the export process hangs.

Investigated for quite a while I noticed it could be because the codesign was prompting for password. I followed different approaches to unlock keychain in prior https://stackoverflow.com/questions/16550594/jenkins-xcode-build-works-codesign-fails/35977622#35977622
or adding setup_circle_ci in before_all, doesn’t seemed to help.

Now I created a temporary keychain called circle and trying to work on it.

I’m using the circleci xcode: "11.2.1", and here’s my configuration

Fastfile

fastlane_version "2.106.0"

default_platform :ios

platform :catalyst do
  lane :setup do
    setup
  end

  desc "Checkout certs to `./certificates-catalyst` and install them, also checkout submodules."
  lane :setup do
    # match and sigh doesn't really work, use custom submodules to store certs and provisioning 
    sh("git submodule update --init ../certificates-catalyst")

    # once we get the certificates, immediately try to setup keychain. fail fast.
    setup
  end

  def setup

    create_keychain(
      name: "circle",
      password: "circle",
      default_keychain: false,
      add_to_search_list: true,
      unlock: true,
      timeout: false
    )

    sh("security list-keychains")
  
    install_cert("Catalyst_Developer_ID_Application.p12", ENV["CATALYST_DIRECT_DISTRIBUTION_CERTIFICATE_PASSWORD"])
    install_cert("Catalyst_AppStore_Distribution_Certificate.p12", ENV["CATALYST_APPSTORE_DISTRIBUTION_CERTIFICATE_PASSWORD"])
    install_cert("Catalyst_Mac_Installer.p12", ENV["CATALYST_MAC_INSTALLER_CERTIFICATE_PASSWORD"])

    sh "cd ../ && make catalyst-install-profile"

    puts("installing provisioning profiles")
    sh "cd ../ && make catalyst-install-profile"

  end

  def install_cert(name, password)
      sh("security list-keychains")
      sh("security set-keychain-settings circle")
      sh("security unlock-keychain -p circle circle")
      sh("security", "import",
      "../certificates-catalyst/" + name,
      "-k", ENV["HOME"] + "/Library/Keychains/circle-db",
      "-P", password,
      "-A"
      )
  end

  lane :export do
    export
  end

  def export
    sh "cd ../ && make catalyst-export-direct-distribution" # outbut to ./build
    sh "cd ../ && make catalyst-export-appstore" # output to ./build-appstore
  end
end

Makefile

	catalyst-export-direct-distribution:
		set -o pipefail && \
			xcodebuild -exportArchive \
			-exportOptionsPlist fastlane/mac/DirectDistributionExportOptions.plist \
			-archivePath build/GoodNotesMac.xcarchive \
			-exportPath build/ \
			| xcpretty

	catalyst-export-appstore:
		set -o pipefail && \
			xcodebuild -exportArchive \
			-exportOptionsPlist fastlane/mac/AppStoreExportOptions.plist \
			-archivePath build/GoodNotesMac.xcarchive \
			-exportPath build-appstore/ \
			| xcpretty

I checked in the .xcarchive so I can export directly. Then I would run things directly on CI like this:

bundle exec fastlane catalyst setup
bundle exec fastlane catalyst export

What happen now is if we’re creating our own keychain like the script did, the process also stucked when exporting direct distribution.

Anyone knows some pointers?

Looks like adding this line after installing cert will works with your own created keychain

security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k circle circle-db
1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.