Programmatically install trust certificates on simulators for iOS 10.3+

Feature Requests Steps
, ,
1

Description of the feature request

Right now on iOS 10.3 and above, external certificates are not trusted by default, and can only be toggled manually. We would like a script to programmatically install our own self-signed trust certificate to Bitrise’s iOS simulators.

certificate trust settings
We want to programmatically toggle that switch to enable trust on our certificate.

Use case / for what or how I would use it

We need this certificate to access our VPN.
Through this access, we can run UI tests without having to create UI simulations.

2

Thanks for the #feature-request @jchoi, I added this to our internal tracker too, to bump its priority :slight_smile:

3

Hey @jchoi !

Could you please confirm that using the script below does the job that you need? Just put this script in a Script step, and don’t forget to edit the path to the certificate file. Also the script will work only if you run it before the simulator is actually started. So please make sure that the simulator is not running at the time when you run the script! :slight_smile:

#!/bin/bash
set -ex

curl --remote-name https://raw.githubusercontent.com/ADVTOOLS/ADVTrustStore/master/iosCertTrustManager.py
chmod +x iosCertTrustManager.py
yes | ./iosCertTrustManager.py -a /path/to/the/certificate.pem

Please let us know if it is the one you need. :rocket:

1 Like
4

Hi @tamaspapik

Thanks for this script!

I do have some implementation issues when using it with bitrise though that I hope you could help with.

  1. The script requires that both that the simulator has previously been booted, and that the simulator is currently not running. It’s possible to achieve this state with xcrun simctl but it’s hacky and slow.
    xcrun simctl boot $DEVICE_ID 
    && xcrun simctl addmedia $DEVICE_ID /path/to/some/image.png 
    && xcrun simctl shutdown $DEVICE_ID
    && ~/scripts/installIosCert

Since Bitrise runs each job in a new env, the simulators have never been started before. If the addmedia line is removed the simulator will shut down before it’s finished booting and the script will fail.
Is it possible to modify the script to make this better?

  1. The above requires specifying a specific DEVICE_ID, you can find all the ids by xcrun simctl list but the Bitrise Xcode Test for iOS step uses three strings, Device, OS Version, and Platform to specify which simulator is used to run the tests on.
    What’s a good way to ensure the test step is using the same simulator as the certificate installation step?
1 Like
5

Any updates on this?

6

Hi @gbrown, sorry for the late response.

I prepared a script for you, to start the simulator, wait for the boot and export the started simulator’s udid.

The script is written in go, since it is a little bit difficult to solve the whole. The script is part of our xcode-test.

To use the go script you need to switch your work dir to a go path, use a change work dir step to solve this, for example:

    - change-workdir:
        inputs:
        - path: "$GOPATH/src/github.com/bitrise/sim"

then you need to install the script dependencies, using a script step:

    - script:
        inputs:
        - content: |-
            #!/usr/bin/env bash
            # fail if any commands fails
            set -ex

            go get -u github.com/bitrise-io/go-utils/command
            go get -u github.com/hashicorp/go-version

finally you need a script step, which step’s runner is: go run, the script’s filename: main.go and the content can be found here: https://gist.github.com/godrei/16ce30f2a42d6544e49f56cadff9ff7b

    - script:
        inputs:
        - runner_bin: go run
        - script_file_path: main.go

All together:

  sim:
    steps:
    - change-workdir:
        inputs:
        - path: "$GOPATH/src/github.com/bitrise/sim"
    - script:
        inputs:
        - content: |-
            #!/usr/bin/env bash
            # fail if any commands fails
            set -ex

            go get -u github.com/bitrise-io/go-utils/command
            go get -u github.com/hashicorp/go-version
    - script:
        inputs:
        - runner_bin: go run
        - script_file_path: main.go
        - content: <in the gist file>
1 Like