Description
New issue checklist
- I searched for existing GitHub issues
- I read pipeline troubleshooting guide
- I checked how to collect logs
Task name
InstallAppleCertificate@2
Task version
2
Issue Description
- task: InstallAppleCertificate@2
displayName: 'Install Apple Certificate'
inputs:
certSecureFile: $(certSigningAppleCertName)
certPwd: '$(certSigningAppleCertPassword)'
keychain: 'temp'
When the Microsoft Hosted Agent is running with Image MacOS-latest (or macOs-14), one of the following images are used:
- Image: macos-14, Version: 20241106.300 (NOT WORKING)
- Image: macos-14, Version: 20241022.254 (LAST WORKING VERSION)
If the newest version: 20241106.300 is used, it is no longer possible to install an Apple Certificate in temp keychain.
Exporting a new p12 certificate file in MacOS and adding to DevOps Library did not help => seems to be an issue in the task for the new image version (and not with an old encryption of the certificate).
Error Message:
"Error outputting keys and certificates
804FD158F87F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()"
Environment type (Please select at least one enviroment where you face this issue)
- Self-Hosted
- Microsoft Hosted
- VMSS Pool
- Container
Azure DevOps Server type
dev.azure.com (formerly visualstudio.com)
Azure DevOps Server Version (if applicable)
No response
Operation system
MacOS
Relevant log output
************* DIFFERENCE ***************
Version: 20241106.300 (NOT WORKING)
2024-11-07T17:33:20.5104470Z [command]/usr/local/bin/openssl pkcs12 -in /Users/runner/work/_temp/MyCertificate.p12 -nokeys -passin pass:*** | /usr/local/bin/openssl x509 -sha1 -noout -fingerprint -subject -dates -nameopt utf8,sep_semi_plus_space
2024-11-07T17:33:20.5305620Z Error outputting keys and certificates
2024-11-07T17:33:20.5321410Z 804FD158F87F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
20241022.254 (LAST WORKING VERSION - sample of other build)
2024-11-07T17:32:01.0213600Z [command]/usr/local/bin/openssl pkcs12 -in /Users/runner/work/_temp/MyCertificate.p12 -nokeys -passin pass:*** | /usr/local/bin/openssl x509 -sha1 -noout -fingerprint -subject -dates -nameopt utf8,sep_semi_plus_space
2024-11-07T17:32:01.0961830Z ##[debug]success of first tool:true
************** LOG Initialize job **************
2024-11-07T17:33:16.0718640Z ##[section]Starting: Initialize job
2024-11-07T17:33:16.0720850Z Agent name: 'Hosted Agent'
2024-11-07T17:33:16.0721290Z Agent machine name: 'Mac-1730999632554'
2024-11-07T17:33:16.0721520Z Current agent version: '3.246.0'
2024-11-07T17:33:16.0753870Z ##[group]Operating System
2024-11-07T17:33:16.0754110Z macOS
2024-11-07T17:33:16.0754240Z 14.7.1
2024-11-07T17:33:16.0754360Z 23H222
2024-11-07T17:33:16.0754490Z ##[endgroup]
2024-11-07T17:33:16.0754660Z ##[group]Runner Image
2024-11-07T17:33:16.0754820Z Image: macos-14
2024-11-07T17:33:16.0754980Z Version: 20241106.300
2024-11-07T17:33:16.0755280Z Included Software: https://github.com/actions/runner-images/blob/macos-14/20241106.300/images/macos/macos-14-Readme.md
2024-11-07T17:33:16.0755660Z Image Release: https://github.com/actions/runner-images/releases/tag/macos-14%2F20241106.300
2024-11-07T17:33:16.0756010Z ##[endgroup]
2024-11-07T17:33:16.0756190Z ##[group]Runner Image Provisioner
2024-11-07T17:33:16.0756420Z 2.0.384.1+6d6c56aa16f1b9c7dd7935df5d63980397e44def
2024-11-07T17:33:16.0756620Z ##[endgroup]
2024-11-07T17:33:16.0760300Z Current image version: '20241106.300'
2024-11-07T17:33:16.1639110Z Agent running as: 'runner'
2024-11-07T17:33:16.1674010Z ##[debug]Triggering repository: TestMobile. repository type: Git
2024-11-07T17:33:16.1678150Z Prepare build directory.
2024-11-07T17:33:16.1870160Z ##[debug]Creating build directory: '/Users/runner/work/1'
2024-11-07T17:33:16.1875480Z ##[debug]Delete existing artifacts directory: '/Users/runner/work/1/a'
2024-11-07T17:33:16.1877910Z ##[debug]Creating artifacts directory: '/Users/runner/work/1/a'
2024-11-07T17:33:16.1880040Z ##[debug]Delete existing test results directory: '/Users/runner/work/1/TestResults'
2024-11-07T17:33:16.1880730Z ##[debug]Creating test results directory: '/Users/runner/work/1/TestResults'
2024-11-07T17:33:16.1882600Z ##[debug]Creating binaries directory: '/Users/runner/work/1/b'
2024-11-07T17:33:16.1884410Z ##[debug]Creating source directory: '/Users/runner/work/1/s'
2024-11-07T17:33:16.1946320Z Set build variables.
2024-11-07T17:33:16.1977480Z Download all required tasks.
2024-11-07T17:33:16.2124170Z Downloading task: InstallAppleCertificate (2.246.5)
2024-11-07T17:33:18.0108820Z ##[debug]Task 'InstallAppleCertificate' has been downloaded into '/Users/runner/work/_tasks/InstallAppleCertificate_d2eff759-736d-4b7b-8554-7ba0960d49d6/2.246.5'.
2024-11-07T17:33:18.0766820Z Checking job knob settings.
2024-11-07T17:33:18.0769710Z Knob: DockerActionRetries = true Source: $(VSTSAGENT_DOCKER_ACTION_RETRIES)
2024-11-07T17:33:18.0770170Z Knob: AgentToolsDirectory = /Users/runner/hostedtoolcache Source: ${AGENT_TOOLSDIRECTORY}
2024-11-07T17:33:18.0771580Z Knob: UseGitLongPaths = true Source: $(USE_GIT_LONG_PATHS)
2024-11-07T17:33:18.0773530Z Knob: EnableIssueSourceValidation = true Source: $(ENABLE_ISSUE_SOURCE_VALIDATION)
2024-11-07T17:33:18.0774360Z Knob: AgentEnablePipelineArtifactLargeChunkSize = true Source: $(AGENT_ENABLE_PIPELINEARTIFACT_LARGE_CHUNK_SIZE)
2024-11-07T17:33:18.0776710Z Knob: ContinueAfterCancelProcessTreeKillAttempt = true Source: $(VSTSAGENT_CONTINUE_AFTER_CANCEL_PROCESSTREEKILL_ATTEMPT)
2024-11-07T17:33:18.0777500Z Knob: ProcessHandlerSecureArguments = false Source: $(AZP_75787_ENABLE_NEW_LOGIC)
2024-11-07T17:33:18.0778040Z Knob: ProcessHandlerSecureArguments = false Source: $(AZP_75787_ENABLE_NEW_LOGIC_LOG)
2024-11-07T17:33:18.0778560Z Knob: ProcessHandlerTelemetry = true Source: $(AZP_75787_ENABLE_COLLECT)
2024-11-07T17:33:18.0779140Z Knob: UseNewNodeHandlerTelemetry = True Source: $(DistributedTask.Agent.USENEWNODEHANDLERTELEMETRY)
2024-11-07T17:33:18.0780630Z Knob: ProcessHandlerEnableNewLogic = true Source: $(AZP_75787_ENABLE_NEW_PH_LOGIC)
2024-11-07T17:33:18.0781460Z Knob: EnableResourceMonitorDebugOutput = true Source: $(AZP_ENABLE_RESOURCE_MONITOR_DEBUG_OUTPUT)
2024-11-07T17:33:18.0782060Z Knob: EnableResourceUtilizationWarnings = true Source: $(AZP_ENABLE_RESOURCE_UTILIZATION_WARNINGS)
2024-11-07T17:33:18.0782850Z Knob: IgnoreVSTSTaskLib = true Source: $(AZP_AGENT_IGNORE_VSTSTASKLIB)
2024-11-07T17:33:18.0783700Z Knob: FailJobWhenAgentDies = true Source: $(FAIL_JOB_WHEN_AGENT_DIES)
2024-11-07T17:33:18.0784370Z Knob: CheckForTaskDeprecation = true Source: $(AZP_AGENT_CHECK_FOR_TASK_DEPRECATION)
2024-11-07T17:33:18.0785140Z Knob: CheckIfTaskNodeRunnerIsDeprecated246 = True Source: $(DistributedTask.Agent.CheckIfTaskNodeRunnerIsDeprecated246)
2024-11-07T17:33:18.0785900Z Knob: UseNode20ToStartContainer = True Source: $(DistributedTask.Agent.UseNode20ToStartContainer)
2024-11-07T17:33:18.0786580Z Knob: LogTaskNameInUserAgent = true Source: $(AZP_AGENT_LOG_TASKNAME_IN_USERAGENT)
2024-11-07T17:33:18.0787140Z Knob: UseFetchFilterInCheckoutTask = true Source: $(AGENT_USE_FETCH_FILTER_IN_CHECKOUT_TASK)
2024-11-07T17:33:18.0787780Z Knob: Rosetta2Warning = true Source: $(ROSETTA2_WARNING)
2024-11-07T17:33:18.0788970Z Knob: AddForceCredentialsToGitCheckout = True Source: $(DistributedTask.Agent.AddForceCredentialsToGitCheckout)
2024-11-07T17:33:18.0789510Z Finished checking job knob settings.
2024-11-07T17:33:18.1313630Z ##[debug]Log plugin 'TestResultLogPlugin' is disabled.
2024-11-07T17:33:18.1314270Z ##[debug]Log plugin 'TestFilePublisherPlugin' is disabled.
2024-11-07T17:33:18.1315000Z Start tracking orphan processes.
2024-11-07T17:33:18.1422890Z ##[section]Finishing: Initialize job
Full task logs with system.debug enabled
2024-11-07T17:33:18.2055190Z ##[debug]Evaluating condition for step: 'Install Apple Certificate'
2024-11-07T17:33:18.2102670Z ##[debug]Evaluating: SucceededNode()
2024-11-07T17:33:18.2109050Z ##[debug]Evaluating SucceededNode:
2024-11-07T17:33:18.2147150Z ##[debug]=> True
2024-11-07T17:33:18.2156520Z ##[debug]Result: True
2024-11-07T17:33:18.2224630Z ##[section]Starting: Install Apple Certificate
2024-11-07T17:33:18.2410730Z ==============================================================================
2024-11-07T17:33:18.2411350Z Task : Install Apple certificate
2024-11-07T17:33:18.2411750Z Description : Install an Apple certificate required to build on a macOS agent machine
2024-11-07T17:33:18.2411990Z Version : 2.246.5
2024-11-07T17:33:18.2412340Z Author : Microsoft Corporation
2024-11-07T17:33:18.2412730Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/install-apple-certificate
2024-11-07T17:33:18.2412980Z ==============================================================================
2024-11-07T17:33:18.3539480Z ##[debug]Using node path: /Users/runner/runners/3.246.0/externals/node20_1/bin/node
2024-11-07T17:33:18.7952440Z ##[debug]system.debug=True
2024-11-07T17:33:18.8447410Z ##[debug]DistributedTask.Tasks.Node.SkipDebugLogsWhenDebugModeOff=True
2024-11-07T17:33:18.8516860Z ##[debug]agent.TempDirectory=/Users/runner/work/_temp
2024-11-07T17:33:18.8552470Z ##[debug]loading inputs and endpoints
2024-11-07T17:33:18.8610280Z ##[debug]loading INPUT_CERTSECUREFILE
2024-11-07T17:33:18.8646350Z ##[debug]loading INPUT_CERTPWD
2024-11-07T17:33:18.8755520Z ##[debug]loading INPUT_KEYCHAIN
2024-11-07T17:33:18.8769100Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
2024-11-07T17:33:18.8782000Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
2024-11-07T17:33:18.8795860Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
2024-11-07T17:33:18.8821210Z ##[debug]loading SECUREFILE_TICKET_70c6b661-280a-461e-acb7-70bfb66d643e
2024-11-07T17:33:18.8838090Z ##[debug]loading SECRET_CERTSIGNINGANDROIDPASSWORD
2024-11-07T17:33:18.8851190Z ##[debug]loading SECRET_PUBLISHFTPPASSWORD
2024-11-07T17:33:18.8884300Z ##[debug]loading SECRET_CERTSIGNINGUWPPASSWORD
2024-11-07T17:33:18.8901470Z ##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
2024-11-07T17:33:18.8910100Z ##[debug]loading SECRET_STOREAPPLEAPIKEYID
2024-11-07T17:33:18.8930160Z ##[debug]loading SECRET_STOREAPPLEAPIISSUERID
2024-11-07T17:33:18.8933480Z ##[debug]loading SECRET_PUBLISHPRIVATEFTPPASSWORD
2024-11-07T17:33:18.8949820Z ##[debug]loading SECRET_ADMINSQLCONNECTIONSTRING
2024-11-07T17:33:18.8959200Z ##[debug]loading SECRET_DEVWEBSERVERPASSWORD
2024-11-07T17:33:18.8986500Z ##[debug]loading SECRET_CERTSIGNINGAPPLECERTPASSWORD
2024-11-07T17:33:18.9035610Z ##[debug]loading SECRET_STOREAPPLEAPIKEYCONTENTBASE64
2024-11-07T17:33:18.9065160Z ##[debug]loaded 18
2024-11-07T17:33:18.9084410Z ##[debug]Agent.ProxyUrl=undefined
2024-11-07T17:33:18.9089290Z ##[debug]Agent.CAInfo=undefined
2024-11-07T17:33:18.9098520Z ##[debug]Agent.ClientCert=undefined
2024-11-07T17:33:18.9111890Z ##[debug]Agent.SkipCertValidation=undefined
2024-11-07T17:33:18.9137250Z ##[debug]check path : /Users/runner/work/_tasks/InstallAppleCertificate_d2eff759-736d-4b7b-8554-7ba0960d49d6/2.246.5/node_modules/azure-pipelines-tasks-ios-signing-common/module.json
2024-11-07T17:33:18.9159330Z ##[debug]adding resource file: /Users/runner/work/_tasks/InstallAppleCertificate_d2eff759-736d-4b7b-8554-7ba0960d49d6/2.246.5/node_modules/azure-pipelines-tasks-ios-signing-common/module.json
2024-11-07T17:33:18.9217320Z ##[debug]system.culture=en-US
2024-11-07T17:33:18.9229160Z ##[debug]check path : /Users/runner/work/_tasks/InstallAppleCertificate_d2eff759-736d-4b7b-8554-7ba0960d49d6/2.246.5/task.json
2024-11-07T17:33:18.9261850Z ##[debug]adding resource file: /Users/runner/work/_tasks/InstallAppleCertificate_d2eff759-736d-4b7b-8554-7ba0960d49d6/2.246.5/task.json
2024-11-07T17:33:18.9296140Z ##[debug]system.culture=en-US
2024-11-07T17:33:18.9315090Z ##[debug]certSecureFile=70c6b661-280a-461e-acb7-70bfb66d643e
2024-11-07T17:33:18.9325170Z ##[debug]opensslPkcsArgs=undefined
2024-11-07T17:33:18.9344510Z ##[debug]System.TeamFoundationCollectionUri=https://xxxxxxxx.visualstudio.com/
2024-11-07T17:33:18.9366540Z ##[debug]SYSTEMVSSCONNECTION auth param ACCESSTOKEN = ***
2024-11-07T17:33:18.9385940Z ##[debug]Secure file retry count set to: 8
2024-11-07T17:33:18.9393450Z ##[debug]Agent.ProxyUrl=undefined
2024-11-07T17:33:18.9397800Z ##[debug]secure file name for id 70c6b661-280a-461e-acb7-70bfb66d643e = MyCertificate.p12
2024-11-07T17:33:18.9617180Z ##[debug]Agent.TempDirectory=/Users/runner/work/_temp
2024-11-07T17:33:18.9629720Z ##[debug]Absolute path for pathSegments: /Users/runner/work/_temp,MyCertificate.p12 = /Users/runner/work/_temp/MyCertificate.p12
2024-11-07T17:33:18.9637050Z ##[debug]Downloading secure file contents to: /Users/runner/work/_temp/MyCertificate.p12
2024-11-07T17:33:20.2117510Z ##[debug]secure file ticket for id 70c6b661-280a-461e-acb7-70bfb66d643e = ***
2024-11-07T17:33:20.2120430Z ##[debug]SYSTEM.TEAMPROJECT=MobileApp
2024-11-07T17:33:20.4963640Z ##[debug]Downloaded secure file contents to: /Users/runner/work/_temp/MyCertificate.p12
2024-11-07T17:33:20.4964930Z ##[debug]certPwd=***
2024-11-07T17:33:20.4966090Z ##[debug]which 'openssl'
2024-11-07T17:33:20.4989780Z ##[debug]found: '/usr/local/bin/openssl'
2024-11-07T17:33:20.4990590Z ##[debug]which '/usr/local/bin/openssl'
2024-11-07T17:33:20.4991270Z ##[debug]found: '/usr/local/bin/openssl'
2024-11-07T17:33:20.4992740Z ##[debug]/usr/local/bin/openssl arg: ["pkcs12","-in","/Users/runner/work/_temp/MyCertificate.p12","-nokeys","-passin","pass:"]
2024-11-07T17:33:20.4993560Z ##[debug]which '/usr/local/bin/openssl'
2024-11-07T17:33:20.4994150Z ##[debug]found: '/usr/local/bin/openssl'
2024-11-07T17:33:20.4995280Z ##[debug]/usr/local/bin/openssl arg: ["x509","-sha1","-noout","-fingerprint","-subject","-dates","-nameopt","utf8,sep_semi_plus_space"]
2024-11-07T17:33:20.4996030Z ##[debug]exec tool: /usr/local/bin/openssl
2024-11-07T17:33:20.4997000Z ##[debug]arguments:
2024-11-07T17:33:20.4998360Z ##[debug] pkcs12
2024-11-07T17:33:20.4999030Z ##[debug] -in
2024-11-07T17:33:20.5000020Z ##[debug] /Users/runner/work/_temp/MyCertificate.p12
2024-11-07T17:33:20.5000650Z ##[debug] -nokeys
2024-11-07T17:33:20.5001180Z ##[debug] -passin
2024-11-07T17:33:20.5001850Z ##[debug] pass:
2024-11-07T17:33:20.5104470Z [command]/usr/local/bin/openssl pkcs12 -in /Users/runner/work/_temp/MyCertificate.p12 -nokeys -passin pass:*** | /usr/local/bin/openssl x509 -sha1 -noout -fingerprint -subject -dates -nameopt utf8,sep_semi_plus_space
2024-11-07T17:33:20.5305620Z Error outputting keys and certificates
2024-11-07T17:33:20.5321410Z 804FD158F87F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
2024-11-07T17:33:20.5323650Z ##[debug]success of first tool:false
2024-11-07T17:33:20.5401400Z Could not find certificate from
2024-11-07T17:33:20.5417530Z ##[debug]rc:1
2024-11-07T17:33:20.5419400Z ##[debug]success:false
2024-11-07T17:33:20.5460520Z ##[warning]Error parsing certificate. This might be caused by an unsupported algorithm. If you're using old certificate with a new OpenSSL version try to set -legacy flag in opensslPkcsArgs input.
2024-11-07T17:33:20.5466550Z ##[debug]Processed: ##vso[task.issue type=warning;source=TaskInternal;correlationId=337d276c-a97a-44e8-8a24-d98fc8128eef;]Error parsing certificate. This might be caused by an unsupported algorithm. If you're using old certificate with a new OpenSSL version try to set -legacy flag in opensslPkcsArgs input.
2024-11-07T17:33:20.5467970Z ##[debug]task result: Failed
2024-11-07T17:33:20.5469090Z ##[error]Error: /usr/local/bin/openssl failed with return code: 1
2024-11-07T17:33:20.5469780Z ##[debug]Processed: ##vso[task.issue type=error;source=TaskInternal;correlationId=337d276c-a97a-44e8-8a24-d98fc8128eef;]Error: /usr/local/bin/openssl failed with return code: 1
2024-11-07T17:33:20.5477640Z ##[debug]Processed: ##vso[task.complete result=Failed;]Error: /usr/local/bin/openssl failed with return code: 1
2024-11-07T17:33:20.5478570Z ##[debug]secure file name for id 70c6b661-280a-461e-acb7-70bfb66d643e = MyCertificate.p12
2024-11-07T17:33:20.5503890Z ##[debug]Agent.TempDirectory=/Users/runner/work/_temp
2024-11-07T17:33:20.5505010Z ##[debug]Absolute path for pathSegments: /Users/runner/work/_temp,MyCertificate.p12 = /Users/runner/work/_temp/MyCertificate.p12
2024-11-07T17:33:20.5507830Z ##[debug]Deleting secure file at: /Users/runner/work/_temp/MyCertificate.p12
2024-11-07T17:33:20.5508600Z ##[debug]rm -rf /Users/runner/work/_temp/MyCertificate.p12
2024-11-07T17:33:20.5509240Z ##[debug]removing file
2024-11-07T17:33:20.5555280Z ##[section]Finishing: Install Apple Certificate
Repro steps
-
job: iOS
pool:
vmImage: 'macos-14'steps:
- task: InstallAppleCertificate@2
displayName: 'Install Apple Certificate'
inputs:
certSecureFile: 'MyCertificate.p12'
certPwd: '$(certSigningAppleCertPassword)'
keychain: 'temp'
- task: InstallAppleCertificate@2