GitHub Community
Replies: 3 comments 1 reply
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
I'm with the same error: I do appreciate any help. I don't know whatelse to try. jobs:
build-ios:
runs-on: macos-14
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Test P12 integrity
run: |
echo "${{ secrets.APPLE_P12_BASE64 }}" | base64 --decode > integrity.p12
echo "LOCAL SHA:"
shasum integrity.p12
- name: Debug P12
run: |
echo "${{ secrets.APPLE_P12_BASE64 }}" | base64 --decode > test.p12
file test.p12
openssl pkcs12 -in test.p12 -info -nokeys -passin pass:"${{ secrets.APPLE_P12_PASSWORD }}"
- name: Install the Apple certificate and provisioning profile
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_P12_BASE64 }}
P12_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.APPLE_MOBILEPROVISION_BASE64 }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_P12_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate and provisioning profile from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 -D -o $CERTIFICATE_PATH
echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# apply provisioning profile
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles |
Beta Was this translation helpful? Give feedback.
-
|
PBES MAC algorithms was my issue. I did create it again using: openssl pkcs12 -export -inkey cert.key -in dist.pem -out dist-cert-legacy.p12 -legacy -nomaciter -descert -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES |
Beta Was this translation helpful? Give feedback.
-
|
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Why are you starting this discussion?
Question
What GitHub Actions topic or product is this about?
Misc
Discussion Details
On macOS-14 runners, apple-actions/import-codesign-certs@v2 fails to import a .p12 with SecKeychainItemImport: MAC verification failed (wrong password?). The same .p12 + password work locally. The Base64 secret decodes 1:1 on the runner (SHA256 matches), yet both openssl pkcs12 and security import fail there. Looking for insights on runner/macOS quirks, PKCS#12 options, or encoding gotchas.
Beta Was this translation helpful? Give feedback.
All reactions