[match][sigh][cert] Added checking hash of installed wwdr certificates #20507
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
bundle exec rspec
from the root directory to see all new and existing tests passbundle exec rubocop -a
to ensure the code style is validMotivation and Context
On different machines can be installed different wwdr certificates, but that certificates have same name "Apple Worldwide Developer Relations Certification Authority"
And It can be a problem in case:
On "new machine" fastlane will install the latest wwdr certificate https://www.apple.com/certificateauthority/AppleWWDRCAG6.cer
On "old machine" fastlane wouldn't install the latest wwdr certificate if other wwdr certificate exists
If provision profiles was created "old machine" than code sign on "old machine" will be successful, but on "new machine" code sign will be failed
Description
man security> find-certificate -a -c MyName -Z login.keychain | grep ^SHA-256
SHA-256 hash: BDD4ED6E74691F0C2BFD01BE0296197AF1379E0418E2D300EFA9C3BEF642CA30
of certificate https://www.apple.com/certificateauthority/AppleWWDRCAG6.cerTesting Steps
--verbose
lane wherematch
install provision profiles and certificatesfastlane
install the latest wwdr certificate https://www.apple.com/certificateauthority/AppleWWDRCAG6.cer