Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[core] Remove obsolete and expired WWDR G1 certificate #21271

Merged
merged 1 commit into from May 17, 2023
Merged

[core] Remove obsolete and expired WWDR G1 certificate #21271

merged 1 commit into from May 17, 2023

Conversation

triplef
Copy link
Contributor

@triplef triplef commented May 12, 2023
edited

Checklist

  • I've run bundle exec rspec from the root directory to see all new and existing tests pass
  • I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
  • I see several green ci/circleci builds in the "All checks have passed" section of my PR (connect CircleCI to GitHub if not)
  • I've read the Contribution Guidelines
  • I've updated the documentation if necessary.

Motivation and Context

Resolves #21269.

Description

The WWDR G1 CA expired on Feb 7, 2023 and is no longer listed on the Apple PKI website.

Testing Steps

  1. Remove WWDR certificates from keychain.
  2. Run bundle exec fastlane match.
  3. Confirm the expired G1 certificate is not added, but other WWDR certificates are.

@triplef
Copy link
Contributor Author

triplef commented May 12, 2023

FYI these two tests failed for me locally (both with expected: 0 got: 1), but I think this is unrelated to my changes?

rspec ./spaceship/spec/spaceauth_spec.rb:49 # Spaceship::SpaceauthRunner check_session option when using the default user, it should return a message saying the session is logged in with an exit code of 0
rspec ./spaceship/spec/spaceauth_spec.rb:59 # Spaceship::SpaceauthRunner check_session option when passed a known user, it should return a message saying the session is logged in with an exit code of 0

@triplef triplef mentioned this pull request May 12, 2023
Closed
4 tasks
thehale
thehale reviewed May 12, 2023
View reviewed changes
fastlane_core/spec/cert_checker_spec.rb
@@ -55,7 +55,6 @@ class ProcessStatusMock
describe '#install_missing_wwdr_certificates' do
it 'should install all official WWDR certificates' do
allow(FastlaneCore::CertChecker).to receive(:installed_wwdr_certificates).and_return([])
expect(FastlaneCore::CertChecker).to receive(:install_wwdr_certificate).with('G1')
Copy link

@thehale thehale May 12, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this deletion (and the others like it later in the PR) assert that the G1 is absent from the set of installed certs? OR does it merely stop caring about the G1?

I'd imagine we want the first.

NOTE: I have little experience with Ruby development, so my concern here may be unfounded.

rogerluan
rogerluan approved these changes May 16, 2023
View reviewed changes
Copy link
Member

@rogerluan rogerluan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this PR @triplef ! 🙌
I'll try to get +1 person to review this PR before merging it in 🙏 someone that may understand more about these certs

joshdholtz
joshdholtz approved these changes May 17, 2023
View reviewed changes
Copy link
Member

@joshdholtz joshdholtz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me! Let's give this a go 😊 Thanks for making this!

@joshdholtz joshdholtz merged commit 8aed4cc into fastlane:master May 17, 2023
8 checks passed
@joshdholtz joshdholtz mentioned this pull request May 17, 2023
Merged
philipphofmann added a commit to getsentry/sentry-cocoa that referenced this pull request May 25, 2023
@philipphofmann
build: Update Fastlane to 2.213.0
88703aa 
Remove pinned Fastlane version as 2.213.0 contains a possible fix for WWDC
certificate error, see fastlane/fastlane#21271.
@philipphofmann philipphofmann mentioned this pull request May 25, 2023
Merged
philipphofmann added a commit to getsentry/sentry-cocoa that referenced this pull request May 26, 2023
@philipphofmann
build: Update Fastlane to 2.213.0 (#3065)
cfb3100 
Remove pinned Fastlane version as 2.213.0 contains a possible fix for WWDC
certificate error, see fastlane/fastlane#21271.
markhomoki added a commit to markhomoki/fastlane that referenced this pull request Jul 5, 2023
@markhomoki
Merge tag 'fastlane/2.213.0' into fix/prevent-dir-download-from-s3
1ba7bb4 
Improvements

* [core][match] remove obsolete and expired WWDR G1 certificate (fastlane#21271) via Frederik Seiffert (@triplef)
* [action][ensure_git_status_clean] new ignore_files option for explicitly ignoring files (fastlane#21283) via Josh Holtz (@joshdholtz)
* [scan] run simulator destination with arch=x86_64 for Xcode 14.3 and up if on Intel (fastlane#21284) via Josh Holtz (@joshdholtz)
* [match] adding support for self-managed GitLab instances (fastlane#21274) via Darby Frey (@darbyfrey)
* [pilot] fix increase limit for build query (fastlane#21212) via Eric Lindvall (@eric)
* [dependency] relax `multipart_post` dependency version requirement (fastlane#20870) via Edouard Brière (@edouard)

https://github.com/fastlane/fastlane/releases/tag/2.213.0
smalbs added a commit to potatotrain/fastlane that referenced this pull request Nov 16, 2023
@smalbs
Merge commit '0ede7e768d97d7e22e576d72ab8de96272c479a5'
506a3b2 
* commit '0ede7e768d97d7e22e576d72ab8de96272c479a5':
  Version bump to 2.213.0 (fastlane#21286)
  [core] Remove obsolete and expired WWDR G1 certificate (fastlane#21271)
  [action][ensure_git_status_clean] new ignore_files option for explicitly ignoring files (fastlane#21283)
  [scan] run simulator destination with arch=x86_64 for Xcode 14.3 and up if on Intel (fastlane#21284)
  [match] Adding support for self-managed GitLab instances (fastlane#21274)
  [pilot] Fix increase limit for build query (fastlane#21212)
  [dependency] relax `multipart_post` dependency version requirement (fastlane#20870)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thehale thehale thehale left review comments

@joshdholtz joshdholtz joshdholtz approved these changes

@rogerluan rogerluan rogerluan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fastlane match installs an expired WWDRC certificate
4 participants
@triplef @joshdholtz @rogerluan @thehale