发表新帖
发表新帖

How do I add authorizations to code sign an app from new keychain without any human interaction

前端 未结
关注
6 1920
甜味超标
甜味超标 2021-02-01 08:09

I\'m trying to automate the process of building iphone apps with a particular certificate. So imagine if different users uploaded their cert into the system and it was immediate

相关标签:
6条回答
  • 广开言路
    2021-02-01 08:42

    If you import your certificate into your keychain with a -A it will allow access to all programs trying to request that cert. This isn't very secure but works. You can also use -T to limit it to a particular app. Look up the import param found in man security.

    0 讨论(0)
  • 难免孤独
    2021-02-01 08:49

    On my system, once the keychain is unlocked with

    security unlock-keychain

    I just let xcodebuild to do both the build and the code signing.

    If your keychanins are unlocked, it shouldn't be necessary to use the above call.

    You might also want to check the command execute-with-privileges of security.

    0 讨论(0)
  • 生来不讨喜
    2021-02-01 08:52

    Just to add to all the answers above: even even your key/certificate is not password-protected, you need to pass -P "" (empty password) to security import.

    0 讨论(0)
  • 长发绾君心
    2021-02-01 09:02

    Regarding dialogs that pop up each time you use a private key in your Keychain, this apple script will take care of the similar alert that pops up the very first time you request permission to use a private key. 

    #!/usr/bin/osascript
tell application "System Events"
  tell window 1 of process "SecurityAgent"
    click button "Always Allow" of group 1
  end tell
end tell

    codesign wants to use key

    0 讨论(0)
  • 深忆病人
    2021-02-01 09:03

    I'd like to add to the answer pool here, but also reopen part of the question that I don't think was answered.

    The following command imports an identity (cert + private key) and specifies that it should "always allow" code sign access to it (preventing Keychain Access alert from promoting user for a button click): 

    `security import Targets/CurrentTarget/Certificate.p12 -k #{KEYCHAIN} -P "#{cert_pwd}" -T /usr/bin/codesign`

    This command allows all applications access, rather than just code sign:

    security import Targets/CurrentTarget/Certificate.p12 -k #{KEYCHAIN} -P "#{cert_pwd}" -A

    Either of these commands will take care of the dialogs that pop up each time you use a private key in your Keychain. HOWEVER, they will NOT take care of the similar alert that pops up the very first time you request permission to use a private key. This alert will appear on first use and ask you to choose always allow, deny or allow. Every time after that (if you use the -T or -A options above, assuming the key remains in your keychain) you won't see a dialog.

    My question is: how can you eliminate the alert that appears on first use?

    I've considered using Apple Script to automate tapping the always allow button but because the alert is triggered in the middle of the xcodebuild command I'm not sure this would work. Any help would be much appreciated!

    0 讨论(0)
  • 故里飘歌
    2021-02-01 09:09

    Copying the certificates from the Login keychain to the System keychain works nicely in my case, and as a result you don't need to do any command-line unlocking.

    0 讨论(0)
 看不清?
提交回复
热议问题