您好,我正在尝试为我们的产品创建一个标准构建项目,这样我就可以仅使用一个脚本在任何 Mac 上运行它。 所以我已将所有分发证书导出到 p12 文件中,并将其存储在存储库中。在构建过程中,我使用这些命令导入它
echo "Attaching External Keychain"
/usr/bin/openssl pkcs12 -in Distribution-Keys.p12 -nokeys -passin pass:<PASSWORD> | /usr/bin/openssl x509 -noout -fingerprint -subject -dates -nameopt utf8,sep_semi_plus_space
echo "Creating external Keychain"
security create-keychain -p <PASSWORD> Distribution-Keys.keychain
echo "Changing access to external Keychain"
security set-keychain-settings -lut 21600 Distribution-Keys.keychain
echo "Unlocking external Keychain"
security unlock-keychain -p <PASSWORD> Distribution-Keys.keychain
echo "Importing external Keychain from p12 file"
security import Distribution-Keys.p12 -P <PASSWORD> -A -t cert -f pkcs12 -k Distribution-Keys.keychain
security list-keychain -d user
echo "Adding new keychain to search path"
security list-keychain -d user -s Distribution-Keys.keychain /Users/support/Library/Keychains/login.keychain-db
security list-keychain -d user
当我从 ssh 运行构建脚本时,我得到一个“codesign”,代码为 3
当我在 Mac 终端中运行时,它会弹出一个窗口,显示“codesign 希望访问钥匙串中的密钥“Distribution-Keys” 并要求输入密码。
我如何允许信任作为脚本(命令行)的一部分?
问候克里斯蒂安·阿里尔德·斯托尔·安徒生
块引用
以下命令绕过协同设计模式钥匙串密码对话框:
security set-key-partition-list \
-S apple-tool:,apple: \
-k "$MAC_KEYCHAIN_PASSWORD" \
"$MAC_KEYCHAIN_PATH"
以下行粘贴自 macOS 14.0 上运行的
man security
:
set-key-partition-list [-S <partition list (comma separated)>] [-k <keychain password>] [options...] [keychain] Sets the "partition list" for a key. The "partition list"
is an extra parameter in the ACL which limits access to the key based on an application's code signature. You must present the keychain's password to change a partition
list. If you'd like to run /usr/bin/codesign with the key, "apple:" must be an element of the partition list.
-S partition-list
Comma-separated partition list. See output of "security dump-keychain" for examples.
-k password Password for keychain
-a application-label
Match "application label" string
-c creator Match creator (four-character code)
-d Match keys that can decrypt
-D description Match "description" string
-e Match keys that can encrypt
-j comment Match comment string
-l label Match label string
-r Match keys that can derive
-s Match keys that can sign
-t type Type of key to find: one of "symmetric", "public", or "private"
-u Match keys that can unwrap
-v Match keys that can verify
-w Match keys that can wrap
参见: