Build for iOS suddenly prompting for credentials

So, I’d rather not do that.
Is there any way to get back to the expo-provided certs I used last week? Or can I -c and then upload the ones I got from fetch:ios:certsearlier today?

Make sure you have an available slot so that the exp client can then make a new distribution cert and make a provisioning profile based off that cert.

Can you explain that a little more? Does that mean Expo will talk to Apple to add the new cert for the app, and then I can go ahead and use “Application Loader”?

Right now the way that making a provisioning profile works is that it picks the latest distribution cert that you have available on your apple developer account.

I need to change code in order to make a provisioning profile as a function of distribution cert if you profile, that is instead of letting the exp client make it.

I will look at doing this now, seems like a use case that you would want? (I am not sure if it is possible yet in principle)

it picks the latest distribution cert that you have available on your apple developer account

Interesting. I didn’t remember Expo knowing anything about my developer account. :thinking:

I need to change code in order to make a provisioning profile as a function of distribution cert if you profile, that is instead of letting the exp client make it.

Not sure I understand. I meant to ask if I need to use -c and then select I will provide all the credentials and files needed, Expo does no validation, and upload (via Expo command line?) the certs that I got from Expo earlier.

Right, because now all authentication is done locally on your machine. Hence the usage of your apple ID and password.

If you provide all the files, then you need to provide a p12 distribution cert, a p12 push cert, and a provisioning profile.

Ah I see your point about -c. I made a mistake, will change exp now. Letting you upload everything should be fine now in 47.3.1

If you provide all the files, then you need to provide a p12 distribution cert, a p12 push cert, and a provisioning profile.

From fetch:ios:certs, I got dist and push certs, and dist and push passwords. And I found my provisioning profile at Apple, so I guess that’s all I need to -c and re-upload.

:slight_smile: Do want to thank you guys, Expo’s been great for letting me work on my app and ignore most of the tedium of the Apple dev experience.

1 Like

Thank you, released a minor release, 47.3.1, available now.

I’m getting an error on each build now, no details.

If it’s not fixable and I can’t use my certs anymore, will I need to delete my current dist/push certs from Apple? Will that cause problems with existing notification tokens? Will I be effectively starting a new app release process or will I still have my alpha/beta setup, store settings, etc? @edgar

Can you share what the error is?

Things using existing certs will be fine

No details. I check status after starting and the build is in progress. At some point it errors out.

Minor thing that may not be related, the provisioning file I download from Apple has a slightly different extension:

[exp] Please provide the path to your .mobile provisioning profile
? Path to your .mobile provisioning Profile /Users/rob/Downloads/comappstuff_AppStore.mobileprovision
[exp] Starting build process…
[exp] Unable to find an existing exp instance for this directory, starting a new one…

Also, I’m not sure why I see that last message or why it reports “No currently active or previous builds for this project”.

env EXPO_DEBUG=“true” exp build:status
[exp] Making sure project is set up correctly…
[exp] Your project looks good!
[exp] Checking if current build exists…
[exp] ============
[exp] Build Status
[exp] ============
[exp] iOS: There was an error with this build.

ah, well you can check your build dashboard now and see the issue

Here’s everything after key imports, so I think I cleaned out passwords.

No details as far as I can tell. This time I regenerated the provisioning file on Apple and used that with the keys and passwords I’d gotten from Expo previously. The application-identifier key in both includes the team prefix. That appears to be normal, but it’s not a strict match with bundleIdentifier in app.json.

Imported certificate into keychain
done getting credentials
running shell app builder
extracting build configuration from app.json
/usr/local/turtle-agent /usr/local/turtle-agent/tmp
Getting Redis connection…
Got Redis connection…
Waiting to receive message…
/usr/local/turtle-agent/tmp
/usr/local/turtle-agent/tools-public /usr/local/turtle-agent/tmp
[17:23:17] Using gulpfile /usr/local/turtle-agent/tools-public/gulpfile.js
[17:23:17] Starting ‘ios-shell-app’…
IosIcons: setting image functions to alternative sharp implementations
Using manifest: {“android”:{“package”:“com.heelapp.heel”,“permissions”:[“ACCESS_FINE_LOCATION”],“splash”:{“backgroundColor”:"#BDE3D7",“hdpi”:"./app/images/logoWithText.png",“hdpiUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/4167ca518b892c1b3345986ffb14c152",“ldpi”:"./app/images/logoWithText.png",“ldpiUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/4167ca518b892c1b3345986ffb14c152”,“mdpi”:"./app/images/logoWithText.png",“mdpiUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/4167ca518b892c1b3345986ffb14c152”,“xhdpi”:"./app/images/logoWithText@2x.png",“xhdpiUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/f098ed36b20018c5f9266d02a5de9939”,“xxhdpi”:"./app/images/logoWithText@2x.png",“xxhdpiUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/f098ed36b20018c5f9266d02a5de9939”,“xxxhdpi”:"./app/images/logoWithText@2x.png",“xxxhdpiUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/f098ed36b20018c5f9266d02a5de9939”},“versionCode”:14},“androidStatusBar”:{“backgroundColor”:"#BDE3D7"},“facebookScheme”:“fb1460353070674683”,“icon”:"./app/images/appIcon.png",“iconUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/29f494af94e9285d86eea03fd46a642d”,“ios”:{“bundleIdentifier”:“com.heelapp.heel”,“icon”:"./app/images/appIcon-ios.png",“iconUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/67d67287eb29e9ace19d5242ab384cef”,“splash”:{“backgroundColor”:"#BDE3D7",“image”:"./app/images/logoWithText.png",“imageUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/4167ca518b892c1b3345986ffb14c152”}},“loading”:{“backgroundColor”:"#BDE3D7",“icon”:"./app/images/appIcon.png",“iconUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/29f494af94e9285d86eea03fd46a642d”},“name”:“Heel”,“notification”:{“icon”:"./app/images/notificationIcon.png",“iconUrl”:“https://d1wp6m56sqw74a.cloudfront.net/~assets/8e14e98683d7ee9f8f7e62a07847c811”},“orientation”:“portrait”,“packagerOpts”:{“assetExts”:[“ttf”,“otf”]},“privacy”:“unlisted”,“sdkVersion”:“21.0.0”,“slug”:“heel”,“version”:“1.1.14”,“id”:"@roblingle/heel",“revisionId”:“1.1.14-r.6Nj55JQ57J”,“publishedTime”:“2017-12-30T01:24:13.288Z”,“bundleUrl”:“https://d1wp6m56sqw74a.cloudfront.net/%40roblingle%2Fheel%2F1.1.14%2Fa90634d083ae2364e0404c20fd1c8fcc-21.0.0-ios.js”,“releaseChannel”:"default”}
Modifying NSBundle configuration at /tmp/turtle/f6359b58-937d-4c79-b44a-5dab6447d3aa/archive/Release/Exponent.xcarchive/Products/Applications/Exponent.app…
Using shell config: { isShell: true,
manifestUrl: ‘https://exp.host:443/@roblingle/heel’,
releaseChannel: ‘default’ }
Configuring iOS Launch Screen…
Getting Redis connection…
Got Redis connection…
Waiting to receive message…
2017-12-29 17:23:22.432 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.454 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.598 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.599 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.599 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.600 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.600 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.601 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.605 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.606 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.606 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.607 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.607 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
2017-12-29 17:23:22.608 ibtoold[75518:4975021] WARNING: Unhandled destination metrics: (null)
Compiling resources…
Cleaning up iOS…
[17:23:28] Finished ‘ios-shell-app’ after 11 s
done running shell app builder
Assuming that client will run creating app on dev center ruby code
done creating app on dev center
building and signing IPA
Executing command: security cms -D -i /tmp/turtle/f6359b58-937d-4c79-b44a-5dab6447d3aa/provisioning-f6359b58-937d-4c79-b44a-5dab6447d3aa/f6359b58-937d-4c79-b44a-5dab6447d3aa.mobileprovision
done retrieving provisioning profile
Checking if teamID is present in keychain and that certificate is valid…
decoding p12 certificate
verifying certificate is installed
Executing command: security find-identity -v -s ()
confirmed team ID is present in keychain
Chose export method: app-store
writing export-options.plist file…
building IPA
Getting Redis connection…
Got Redis connection…
Waiting to receive message…
Getting Redis connection…
Got Redis connection…
Waiting to receive message…
Executing command: fastlane gym -n f6359b58-937d-4c79-b44a-5dab6447d3aa-unsigned.ipa --workspace /usr/local/turtle-agent/ios/Exponent.xcworkspace --scheme Exponent --archive_path /tmp/turtle/f6359b58-937d-4c79-b44a-5dab6447d3aa/f6359b58-937d-4c79-b44a-5dab6447d3aa.xcarchive --skip_build_archive true -i 81CD1743FA428E22EFF5D361D20D8D8319D62999 --export_options /tmp/turtle/f6359b58-937d-4c79-b44a-5dab6447d3aa/provisioning-f6359b58-937d-4c79-b44a-5dab6447d3aa/export-options.plist --export_method app-store --export_xcargs OTHER_CODE_SIGN_FLAGS="–keychain /tmp/turtle-agent/fa8c4fdd-ecff-11e7-a706-0050568e6f20.keychain" -o /tmp/turtle/f6359b58-937d-4c79-b44a-5dab6447d3aa/f6359b58-937d-4c79-b44a-5dab6447d3aa-build --verbose
Unable to generate IPA.
unable to build and sign IPA
Executing command: security delete-keychain /tmp/turtle-agent/fa8c4fdd-ecff-11e7-a706-0050568e6f20.keychain
Restoring keychain list…
Executing command: security list-keychains -s /private/tmp/turtle-agent/306cff96-eb0b-11e7-a706-0050568e6f20.keychain
Restored keychain list.

Unless you see something there… If I delete my provisioning file and revoke distribution/push certs so that Expo can generate them, will that affect my notificationTokens?

I don’t think it should, @ben will probably know more definitively.

Hi @roblingle - During the time your push certificates are revoked and until Expo has the new ones, you won’t be able to send push notifications but this won’t affect the Expo push tokens. Once you’ve let Expo provision new push certificates (or have uploaded new push certificates to Expo with exp), your existing Expo push tokens will start working again.

3 Likes

Thanks, guys. Any ideas why the build failed? The imported certificates seemed to be fine.

I’m about to move the project to a new account, and I’m planning to clear and regenerate certs/profile there.

I plan to import my Android certs into that account, and hoping that goes well. Fortunately (I think), I’m using their new app signing process so I can revoke and add a new cert there if I have to.

I assume that this move will break notificationTokens, being a different Expo “experience”.

Sound reasonable?

There are some transient keychain failures for just the iOS builds that can happen when you’re not using the --local-auth flag with exp (we’re looking to make this flag the default in the near future and eventually the only option).


Changing the Expo account will change the experience ID from @oldaccount/project to @newaccount/project. However (this is an implementation detail in January 2018 and may change whenever) if you keep your Android app ID the same (on the Google side, nothing to do with Expo) and similar for iOS/Apple, the old Expo push tokens will continue to work.

This said, Expo servers will reject requests to send notifications to more than one app so you need to keep the old and new Expo push tokens separate and send messages to them in separate requests.

@roblingle sorry about any confusion, we actually run local auth by default now. What’s your build ID and i’ll look at the system logs for the codesigning error?

@dikaiosune I’m good to go now. I moved the project to a new account, re-provisioned iOS certs and imported Android certs. Went smoothly.

Do we know what can cause the system to lose iOS certificates?

After I re-imported my older iOS certs, my iOS build failed. There were no details in the build log and I don’t have the build ID unless it’s in the logs I pasted above.

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.