After set-key-partition-list codesign still prompts for key access

半腔热情 提交于 2019-12-09 12:58:19

问题


I'm importing a PEM file containing public and private keys for my code signing identity with the following command:

security import "${PEM_FILE}" -k ~/Library/Keychains/login.keychain -T /usr/bin/codesign -T /usr/bin/security

On OS X 10.11 El Capitan I could then codesign without a prompt:

codesign --force --sign "${IDENTITY_HASH}" --timestamp=none `mktemp`

However, as others have mentioned, OS X 10.12 Sierra now requires that you set-key-partition-list after import:

security set-key-partition-list -S apple-tool:,apple: -s -k "${PASSWORD}" ~/Library/Keychains/login.keychain

However, even after set-key-partition-list, I still get a UI dialog asking for permission to access my private key for code signing:

If I click Always Allow, then future codesign calls don't prompt, but I don't ever want that UI dialog to prompt. I want this all to be scriptable.

Why does set-key-partition-list work for other folks, and not for me?


回答1:


In my original import command, I didn't supply a password for my keychain. If I supply a password to the import command, set-key-partition-list prevents the dialog from showing:

security import "${PEM_FILE}" -k ~/Library/Keychains/login.keychain -P "${PASSWORD}" -T /usr/bin/codesign -T /usr/bin/security
security set-key-partition-list -S apple-tool:,apple: -s -k "${PASSWORD}" ~/Library/Keychains/login.keychain

Then codesign doesn't show a dialog. It just works!

codesign --force --sign "${IDENTITY_HASH}" --timestamp=none `mktemp`


来源:https://stackoverflow.com/questions/43002579/after-set-key-partition-list-codesign-still-prompts-for-key-access

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!