macos-26-arm64@20260402.0322 breaks .p12 certificate import / code signing for iOS builds

[jacekendrick]

Description

The macos-26-arm64/20260402.0322 image (released April 2, 2026) broke iOS code signing for manual signing workflows using fastlane match. The previous image (20260325.0302) works correctly.

Symptoms

• match successfully decrypts and imports the .p12 distribution certificate
• Immediately after, match reports: "There are no local code signing identities found."
• The build subsequently fails with: "No valid code signing certificates were found"
• flutter build ipa (invoked via Shorebird) exits with code 1

Evidence

Two runs on April 2, 2026 with identical code, same commit, same Fastfile:

Time	Image	iOS Result
17:06 UTC	macos-26-arm64/20260402.0322	❌ Failure — no code signing identities
18:03 UTC	macos-26-arm64/20260325.0302	✅ Success

The 18:03 run succeeded because it hit a runner with the older cached image. Every run since that picked up 20260402.0322 has failed.

Relevant log output (failing run)

INFO: Installing certificate...
[installs WWDR certs successfully]
ERROR: There are no local code signing identities found.
You can run `security find-identity -v -p codesigning /Users/runner/Library/Keychains/<keychain>-db` to get this output.

INFO: $ security import .../36NDTC45K8.p12 -k '/Users/runner/Library/Keychains/<keychain>-db' -P *** -T /usr/bin/codesign ...
INFO: ▸ 1 key imported.
[build later fails with "No valid code signing certificates were found"]

Setup

• Workflow: runs-on: macos-26
• Fastlane match with type: appstore, readonly: true in CI
• Manual code signing (CODE_SIGN_STYLE = Manual)
• Flutter app built via Shorebird (shorebird release ios)
• Certificate: Apple Distribution (valid until 2026-09-02)

[jacekendrick]

In the meantime, reverting to macos-15 resolved the issue. I had been on macos-26 for months, so it's just the most recent image that broke it.