iOS Build Environment Help Center
Windows version: 10
Builder version: 3.55.1
iOS SDK version: 15.5
Build log: https://pastebin.com/FUwhxMqv
Hey Pierre,
I just purchased the CocoaPods daemon extension 2 hours ago and I cannot pass the validation stage on the first run. Do I need to wait until the key is registered with your server or is it an entirely different issue actually related to SSL and your Server?
Best regards,
Stefan
Hello Stefan
Totally my fault. I haven't updated the root certificates that I bundled with the CocoaPods VM since 2018 and I'm quite sure this error tells me I should have done it. I take note to do so in the next release. Meanwhile here's how you can hotpatch your copy to address the issue.
1. Go to https://curl.se/docs/caextract.html and download the latest file
2. Rename it to "curl-ca-bundle.crt"
3. Put it in C:\Users\YourName\iOS Project Builder for Unity\Toolchain\cocoapods, overwriting the previous one
Then try again, and let me know if it solves the problem. Most likely it will.
Hello,
Thanks for the quick response! I’ve tried your suggested solution but result is the same. I am still double-checking if it is a problem on my end but in the meantime - do you have other recommendations?
Hmm... I did a dry run on my machine and I could register a key and download the VM disk file. So it means something must be problematic on your side indeed.
How's your Internet link ? Are you on an Intranet, using a proxy, a company router ?
Additional question, are you able to access the following URL with your browser: https://www.pmbaty.com/iosbuildenv/cocoapods/keys/[ACTIVATION_EMAIL]-[ACTIVATION_CODE] if you replace the two fields between brackets with your own info ?
Yes, I was able to download the private key from this URL but I was still unable to run the CocoaPods daemon :(
So I just opened your "cocoapods.cmd" and reverse-engineered what was needed.
What I did was manually name the downloaded key "cocoapods.key" and pasted it in the same directory that "cocoapods.cmd" exists. Then I reran the builder and encountered another curl error while trying to download the "cocoapods-11.3p1.img". I deducted the URL needed and again manually downloaded the image file and pasted saved it in the same directory as "cocoapods.cmd". Happily, these 2 were the only places in the script where curl is invoked :)
Then the daemon worked like a charm - downloaded the dependency stated in the Podfile:
pod 'OneSignalXCFramework', '3.12.3'
Still wondering why curl is failing and if it is a problem with my machine/installation. Keep in mind I have Linux tools installed for Windows as well as git bash and command line tools and whatnot.
Btw, very unrelated, but do you know if I can tell Unity to not include an App Extension when building the XCode project? I've updated my OneSignal plugin and now it adds their OneSignalNotificationServiceExtension that I don't need which requires signing and is just an overhead for me. I was fine without it till now and I would just like to not build anything related to it (thus not have it as a Tab in the project builder)
Ignore the last question - I was able to find out that the OneSignal plugin has a BuildPostProcessor.cs where they extend from "IPostprocessBuildWithReport" and they inject this AppExtension called "OneSignalNotificationServiceExtension". I think it should be an option in their plugin to opt out of this Extension but that is a topic for another day.
I was able to fight with this script (as it is Read-Only and gets reverted by Unity whenever it is edited) and disable the logic that injects the Extension. Now everything is working as expected! Thank you very much for the help! :)))
I will be glad if you want me to send additional info about the curl failing so we can debug it :)
“So I just opened your "cocoapods.cmd" and reverse-engineered what was needed.”
And you did the right thing :-)
“Keep in mind I have Linux tools installed for Windows as well as git bash and command line tools and whatnot.”
That is certainly the root cause ! The curl version that I have come from curl.se and they probably look for the presence of things in the search path ($PATH, %PATH%) to guess on which ecosystem they're running, in your case it must be mistakenly assuming it's on a POSIX system and therefore is looking for its root certificates in a cacert.pem file (either in /etc/ssl or ~/ssl, whichever place doesn't exist or doesn't contain that file) instead of the curl-ca-bundle.crt file. Quoting curl.se :
“Some programs will expect this file to be named ca-bundle.crt (in the correct path). curl on windows has a system to find it if named curl-ca-bundle.crt.”
I'd be interested in knowing what's needed on your system to make curl behave the correct way.
*edit* Well, the answer to my own question just struck me after I hit the send button. What about adding "--cacert .\curl-ca-bundle.crt" in the curl.exe invokation flags ? Let me know.
I tried running:
.\curl.exe -# -f -o cocoapods.tmp.key --cacert .\curl-ca-bundle.crt https://www.pmbaty.com/iosbuildenv/cocoapods/keys/sopata63@gmail.com-8598****
But got the same error:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I tried using git bash and unix's curl as well as running the curl.exe from PowerShell but the error remains the same
It would be interesting to find out if the error is caused by the network connectivity or by your OS ecosystem. Let’s rule out the ecosystem : create a new Windows user account, copy the Toolchain\cocoapods directory there, log in, start cmd.exe and run this curl.exe with my aforementioned parameters. What does it say ?
Sorry for taking long to reply. I did all the steps and the error is the same :(
Then you have an oddity in your network connectivity. Everything happens as if *something* was interfacing the TLS link between curl.exe and pmbaty.com. A security software maybe ?
Moderators: Pierre-Marie Baty