stackoom
  简体   繁体   中英

Manage keychain to codesign macOS / iOS app with xcodebuild unattended

 原文  2019-09-08 03:01:59       ios/ macos/ code-signing/ xcodebuild

Question

I need to create a build of my macOS app every day at midnight. I would like it to be code signed so people can use it without jumping through hoops. I am asleep at midnight, and I'm too busy to do this manually. I would like to run xcodebuild via launch agent and get a signed application while away from the keyboard. But code signing always fails.

It fails with errors like: 

No signing certificate "Mac Development" found:  No "Mac Development" signing certificate matching team ID "H7V7XYVQ7D" with a private key was found.

It doesn't fail when I'm watching, which means it must have something to do with the keychain locking itself. I flailed around trying to fix this a while ago with no luck:

But nothing works. Is this even possible?

1 answers

solution1
 2 ACCPTED  2019-09-12 18:43:22

export tempKeychain=tempKeychain
export identity="iPhone Whatever: Bob Developer(132455334)"

# create new empty keychain
security create-keychain -p "${ADMIN_PASSWORD}" "${tempKeychain}"

# add keychain to user's keychain search list so they can access it
security list-keychains -d user -s "${tempKeychain}" $(security list-keychains -d user | tr -d '"')

# removing relock timeout on keychain
security set-keychain-settings "${tempKeychain}"

# import the certs
security import foo.p12 -k "${tempKeychain}" -P "${CERT_PASSWORD}" -T "/usr/bin/codesign"

# tell os it's ok to access this identity from command line with tools shipped by apple (suppress codesign modal UI)            
security set-key-partition-list -S apple-tool:,apple: -s -k "$ADMIN_PASSWORD" -D "${identity}" -t private ${tempKeychain}

# set default keychain to temp keychain
security default-keychain -d user -s ${tempKeychain}

# unlock keychain
security unlock-keychain -p ${ADMIN_PASSWORD} ${tempKeychain}

# prove we added the code signing identity to the temp keychain
security find-identity -v -p codesigning

# do some codesign stuff

# clean up temp keychain we created
security delete-keychain ${tempKeychain}

have you considered having the launchd script use ssh -o to localhost to run the commands like a CI server (eg Jenkins) would?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Building iOS applications using xcodebuild without codesign codesign --keychain gets ignored Increase iOS App Security With Keychain Codesign error while archiving IOS app CodeSign with non-login keychain Unable to build ios app for simulator using xcodebuild Differing keychain behavior on iOS and MacOS when storing an NSData object in kSecAttrAcct xcodebuild will codesign with Xcode 6 and alternate bundle ID but not with Xcode 7 xcodebuild stuck on codesign? how to disable prompt? Deleting Keychain when uninstalling iOS app
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM