OS X Server持续集成ipa分发
我们有一个配置了SSL证书并启用了Xcode的osx服务器。
在将OSX Server更新到3.2.1和Xcode 6.0.1之前一切正常。
We have a osx server configured with SSL cert and enabled Xcode. Everything worked fine before updating OSX Server to 3.2.1 and Xcode 6.0.1.
我们遇到的问题是当集成完成时,我们单击设备上的安装按钮,它会尝试下载但无提示失败。设备日志打印:
The problem we have is that when the integration is finished, and we click on the install button on the device, it tries to download but fails silently. The device logs prints:
9月22日13:32:29 somePhone itunesstored [84]:无法加载
下载清单基础错误:错误域= NSURLErrorDomain
代码= -1001无法连接到buildserver.comUserInfo = 0x14f74dfe0
{NSUnderlyingError = 0x14f6e8330请求超时。,
NSErrorFailingURLStringKey = https://buildserver.com:20343/api/integrations/fc9e3c6ed7d80506e9e8e37b0d06a905/ 87785234-f589-4230-9c0c-055f656b28a6 / install_manifest.plist ,
NSErrorFailingURLKey = https://buildserver.com:20343/api/integrations/fc9e3c6ed7d80506e9e8e37b0d06a905/87785234-f589-4230-9c0c-055f656b28a6/install_manifest.plist ,
_k CFStreamErrorDomainKey = 1,_kCFStreamErrorCodeKey = 60,NSLocalizedDescription =无法连接到buildserver.com}
Sep 22 13:32:29 somePhone itunesstored[84] : Could not load download manifest with underlying error: Error Domain=NSURLErrorDomain Code=-1001 "Cannot connect to buildserver.com" UserInfo=0x14f74dfe0 {NSUnderlyingError=0x14f6e8330 "The request timed out.", NSErrorFailingURLStringKey=https://buildserver.com:20343/api/integrations/fc9e3c6ed7d80506e9e8e37b0d06a905/87785234-f589-4230-9c0c-055f656b28a6/install_manifest.plist, NSErrorFailingURLKey=https://buildserver.com:20343/api/integrations/fc9e3c6ed7d80506e9e8e37b0d06a905/87785234-f589-4230-9c0c-055f656b28a6/install_manifest.plist, _kCFStreamErrorDomainKey=1, _kCFStreamErrorCodeKey=60, NSLocalizedDescription=Cannot connect to buildserver.com}
当我检查端口20343时,有效的ssl证书从OSX Server切换出来的证书由:Xcode Server Root Certificate Authority签署,它似乎是自签名的。
When I check the port 20343 the valid ssl cert from OSX Server is switched out with a cert signed by: Xcode Server Root Certificate Authority, it seem to be selfsigned.
在旧版本的osx服务器中,端口20343不存在,因为plist文件在与站点其余部分相同的端口下提供。服务器上侦听端口20343的信息。
In older versions of osx server the port 20343 did not exists, since the plist file was served under the same port as the rest of the site. Information on the server listening on port 20343.
sudo lsof -i | grep "20343"
Password:
node 65 _xcsd 15u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 29118 _xcsd 16u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 29120 _xcsd 16u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 29121 _xcsd 16u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 29122 _xcsd 16u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 29123 _xcsd 16u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 29124 _xcsd 16u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 29125 _xcsd 16u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
node 32397 _xcsd 17u IPv4 0x73c2c4b0fa77e271 0t0 TCP *:20343 (LISTEN)
这似乎是osx服务上的一个错误r和xcode机器人。有没有人有我们如何在我们的设备上下载ipa文件的解决方案?
This seem to be a bug on the osx server and xcode bots. Do anyone have a solution for how we can download the ipa files on our devices?
这里的问题相同。
最初开箱即用的Xcode Server解决方案有效,任何设备都可以安装Xcode bot生成的.ipa。一两天后它突然断了,没有任何设备可以下载了,只显示:
Initially the out-of-the-box Xcode Server solution worked and any device could install .ipa generated by the Xcode bot. After one or two days it suddenly got broken and none of the devices could download anymore, just displaying:
无法连接到 www .example.com
跟踪我的iPhone上的日志我还可以看到设备尝试连接到 https://www.example.com:20343/api/integrations 。此Xcode Web服务显然使用自签名的 Xcode Server Root Authority 证书(而不是OS X Server管理应用程序中选择的证书),因为任何客户端需要访问此Web服务请求的签名都不正确。
Tracing log on my iPhone I could also see the device trying to connect to https://www.example.com:20343/api/integrations. This Xcode webservice is apparently using a self-signed Xcode Server Root Authority certificate (instead of the certificate selected in the OS X Server management application) and since any client need to access this webservice requests are incorrectly signed.
在Apple Developer上发帖论坛引导我到这里的Xcode Server Apache配置(谢谢 Paul Verity ):
A post on the Apple Developer Forums guided me to the Xcode Server Apache configuration located here (thank you Paul Verity):
/Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/httpd_xcs.conf
/Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/httpd_xcs.conf
或在OS X Server 4.1中.5:
or in OS X Server 4.1.5:
/Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/xcs/httpd_xcs.conf
/Library/Developer/XcodeServer/CurrentXcodeSymlink/Contents/Developer/usr/share/xcs/httpd_xcs.conf
包含通过常规Xcode Server网站公开Web服务的部分:
Containing a section that exposes the webservice through the regular Xcode Server website:
<IfModule mod_proxy.c>
ProxyPass /xcode/api https://127.0.0.1:20343/api retry=0 timeout=30
ProxyPassReverse /xcode/api https://127.0.0.1:20343/api
ProxyPass /xcode/socketio http://127.0.0.1:20300 retry=0 timeout=30
ProxyPassReverse /xcode/socketio http://127.0.0.1:20300
</IfModule>
有趣的是/ xcode / api / requests使用正确的证书进行签名,因此被任何客户接受。 (您可以通过在服务器的URL之后添加/ xcode / api / integration来访问您的Xcode服务器来测试它。这只是一个JSON Web服务。如果您的服务器的证书由有效的权限签名,它将被接受而没有任何问题。)
Interestingly /xcode/api/ requests are signed using the correct certificate and thus are accepted by any client. (You can test it by accessing your Xcode server by adding /xcode/api/integrations after your server's URL. This is just a JSON webservice. If your server's certificate is signed by a valid authority it will be accepted without any problems.)
这导致我的两步解决方案(假设您的服务器位于路由器/防火墙后面):
This leads to my two step solution (Assuming your server is behind a router/firewall):
1。将公共TCP端口20300,20343重定向到防火墙/路由器中的专用TCP端口443
这样,Web服务请求将转发到使用设备自动接受的正确证书的Xcode服务器。 Xcode还使用端口20344& 20345,但保留其他连接。注意:如果您有OS X服务器管理Apple路由器并在公共服务下重新切换XCode,则可以覆盖这些更改。
1. Redirect Public TCP ports 20300, 20343 to private TCP port 443 in your firewall/router This way, the webservice requests are forwarded to the Xcode Server that is using the correct certificate that is automatically accepted by the device. Xcode also uses ports 20344 & 20345, but leave those for other connections. Note: these changes can be overwritten if you have OS X server managing an Apple Router and re-toggle XCode under "Public Services".
2。对本地webservice的代理/ api和/ socketio请求
服务器不知道/ api所以将以下行添加到httpd_xcs.conf中的mod_proxy.c部分:
2. Proxy /api and /socketio request to the local webservice The server does not known /api so add the following lines to the mod_proxy.c section in your httpd_xcs.conf:
ProxyPass /api https://127.0.0.1:20343/api retry=0 timeout=30
ProxyPassReverse /api https://127.0.0.1:20343/api
ProxyPass /socketio http://127.0.0.1:20300 retry=0 timeout=30
ProxyPassReverse /socketio http://127.0.0.1:20300
最后的想法/注释:
我不确定是否应该认为webservice使用自签名证书是一个bug。苹果提供错误的配置文件可能也是一个问题。也许在ProxyPass线上剥离/ xcode部分而不是添加它们就足够了。
I'm not sure if we should consider the webservice is using a self-signed certificate a bug. It might as well be an issue that Apple is providing an incorrect configuration file. Maybe stripping off the /xcode part at the ProxyPass lines instead of adding them would be sufficient.