管理钥匙串以在无人值守的情况下使用 xcodebuild 对 macOS / iOS 应用程序进行协同设计
Manage keychain to codesign macOS / iOS app with xcodebuild unattended
我需要每天午夜创建一个 macOS 应用程序构建。我希望它是代码签名的,这样人们就可以使用它而不会跳过箍。我半夜睡着了,而且我太忙了,无法手动执行此操作。我想通过启动代理 运行 xcodebuild 并在远离键盘时获得签名的应用程序。但是代码签名总是失败。
失败并出现如下错误:
No signing certificate "Mac Development" found: No "Mac Development" signing certificate matching team ID "H7V7XYVQ7D" with a private key was found.
我看的时候并没有失败,这意味着它一定与钥匙串锁定本身有关。前一段时间我一直在尝试解决这个问题,但没有成功:
- https://github.com/gnachman/iTerm2/commit/f4082825f3dfa52db08d660ec4821ab6c5bca3f * c
- https://github.com/gnachman/iTerm2/commit/4cc902449549995d90da1856068e0f56640d55d1
- https://github.com/gnachman/iTerm2/commit/b84b5739fb2e0d3f89bade68467831891d31f79f
- https://github.com/gnachman/iTerm2/commit/29817cbb00d755c247c7071cfac7a6580f7b13b1
- https://github.com/gnachman/iTerm2/commit/3f33828b5740a764740c98801ff2d12b21d72e7b
- https://github.com/gnachman/iTerm2/commit/f4082825f3dfa52db08d660ec4821ab6c5bca3fc
但没有任何效果。这可能吗?
export tempKeychain=tempKeychain
export identity="iPhone Whatever: Bob Developer(132455334)"
# create new empty keychain
security create-keychain -p "${ADMIN_PASSWORD}" "${tempKeychain}"
# add keychain to user's keychain search list so they can access it
security list-keychains -d user -s "${tempKeychain}" $(security list-keychains -d user | tr -d '"')
# removing relock timeout on keychain
security set-keychain-settings "${tempKeychain}"
# import the certs
security import foo.p12 -k "${tempKeychain}" -P "${CERT_PASSWORD}" -T "/usr/bin/codesign"
# tell os it's ok to access this identity from command line with tools shipped by apple (suppress codesign modal UI)
security set-key-partition-list -S apple-tool:,apple: -s -k "$ADMIN_PASSWORD" -D "${identity}" -t private ${tempKeychain}
# set default keychain to temp keychain
security default-keychain -d user -s ${tempKeychain}
# unlock keychain
security unlock-keychain -p ${ADMIN_PASSWORD} ${tempKeychain}
# prove we added the code signing identity to the temp keychain
security find-identity -v -p codesigning
# do some codesign stuff
# clean up temp keychain we created
security delete-keychain ${tempKeychain}
您是否考虑过让 launchd 脚本使用 ssh -o 到 localhost 以 运行 像 CI 服务器(例如 Jenkins)那样的命令?
我需要每天午夜创建一个 macOS 应用程序构建。我希望它是代码签名的,这样人们就可以使用它而不会跳过箍。我半夜睡着了,而且我太忙了,无法手动执行此操作。我想通过启动代理 运行 xcodebuild 并在远离键盘时获得签名的应用程序。但是代码签名总是失败。
失败并出现如下错误:
No signing certificate "Mac Development" found: No "Mac Development" signing certificate matching team ID "H7V7XYVQ7D" with a private key was found.
我看的时候并没有失败,这意味着它一定与钥匙串锁定本身有关。前一段时间我一直在尝试解决这个问题,但没有成功:
- https://github.com/gnachman/iTerm2/commit/f4082825f3dfa52db08d660ec4821ab6c5bca3f * c
- https://github.com/gnachman/iTerm2/commit/4cc902449549995d90da1856068e0f56640d55d1
- https://github.com/gnachman/iTerm2/commit/b84b5739fb2e0d3f89bade68467831891d31f79f
- https://github.com/gnachman/iTerm2/commit/29817cbb00d755c247c7071cfac7a6580f7b13b1
- https://github.com/gnachman/iTerm2/commit/3f33828b5740a764740c98801ff2d12b21d72e7b
- https://github.com/gnachman/iTerm2/commit/f4082825f3dfa52db08d660ec4821ab6c5bca3fc
但没有任何效果。这可能吗?
export tempKeychain=tempKeychain
export identity="iPhone Whatever: Bob Developer(132455334)"
# create new empty keychain
security create-keychain -p "${ADMIN_PASSWORD}" "${tempKeychain}"
# add keychain to user's keychain search list so they can access it
security list-keychains -d user -s "${tempKeychain}" $(security list-keychains -d user | tr -d '"')
# removing relock timeout on keychain
security set-keychain-settings "${tempKeychain}"
# import the certs
security import foo.p12 -k "${tempKeychain}" -P "${CERT_PASSWORD}" -T "/usr/bin/codesign"
# tell os it's ok to access this identity from command line with tools shipped by apple (suppress codesign modal UI)
security set-key-partition-list -S apple-tool:,apple: -s -k "$ADMIN_PASSWORD" -D "${identity}" -t private ${tempKeychain}
# set default keychain to temp keychain
security default-keychain -d user -s ${tempKeychain}
# unlock keychain
security unlock-keychain -p ${ADMIN_PASSWORD} ${tempKeychain}
# prove we added the code signing identity to the temp keychain
security find-identity -v -p codesigning
# do some codesign stuff
# clean up temp keychain we created
security delete-keychain ${tempKeychain}
您是否考虑过让 launchd 脚本使用 ssh -o 到 localhost 以 运行 像 CI 服务器(例如 Jenkins)那样的命令?