4

I am trying to create automated build for Xcode. Till now everything is working just fine. For building the project from command line I am using this command

xcodebuild –project {“xcode_project file path”}–target {“target_name”} –sdk iphoneos –
configuration Release clean build CODE_SIGN_IDENTITY={$distribution_signing Identity} 
PROVISIONING_PROFILE={UUID for provisioning profile}

I want to fetch the UUID and CODE_SIGN_IDENTITY dynamically,

for UUID I am doing 

UUID=$(grep "<key>UUID</key>" "$PROVISIONING_PROFILE_PATH" -A 1 --binary-files=text | sed -E -e "/<key>/ d" -e "s/(^.*<string>)//" -e "s/(<.*)//")

Above script code gives me the UUID of any provisioning profile.

I am stuck at getting the CODE_SIGN_IDENTITY dynamically. I know it is of the form like iPhone Distribution: Developer name

How do I extract iPhone Distribution: Developer name from a .p12 file.

Ajeet Pratap Maurya
  • 4,244
  • 3
  • 28
  • 46

3 Answers3

11

You can use the security find-identity command-line utility to list the available codesigning identities on your system:

/usr/bin/security find-identity -v -p codesigning
  1) F188B6FD76D83316FCB2E594940XXXXXXXXXXXXE "Mac App Distribution"
  2) ADDB5E33AC36FEB2CA0F1C3BC71XXXXXXXXXXXXE "iPhone Developer: Stuart M (xxxxx)"
 2 valid identities found

The -v option limits the list to only "valid" identities, and -p codesigning filters it to only codesigning identities, in case you have multiple.

Stuart M
  • 11,458
  • 6
  • 45
  • 59
  • Hi stuart. thanks for the quick reply. This command do listed the identities but it listed all and as I want to get that info from a desired .p12 file how will I achieve that, any script for that? – Ajeet Pratap Maurya Apr 02 '13 at 07:11
  • I don't know of a way to derive the codesigning identites from a `.p12` file. But `security find-identity` does accept an OS X Keychain file as an optional argument, so instead of a `.p12` file you could create a separate Keychain containing just your codesigning private key + cert, and use that. – Stuart M Apr 02 '13 at 07:17
  • so you mean for every new certificate added I have to create a new keychain to store it? – Ajeet Pratap Maurya Apr 02 '13 at 07:18
  • Actually, the easiest way to handle all of this would be to simply install the codesigning certificates onto your automated build machine's systemwide Keychain, instead of using the `.p12` file. Then `security find-identity` would just work, since it would read from the system keychain – Stuart M Apr 02 '13 at 07:20
  • 1
    Yes that will be one solution but once I install the certificates in my keychain and use the `security find-identity` it will give me the list of all the certificate installed. now from them how would I pull the name of the needed certificate and use in my `xcodebuild` command. P.S. there will be plenty of distribution certificate – Ajeet Pratap Maurya Apr 02 '13 at 07:24
  • What will the names of the distribution identities be? Surely there is some way to `grep` for them based on a naming pattern? – Stuart M Apr 02 '13 at 07:37
  • They can be like anything thats why I needed to fetch those from the .p12 file – Ajeet Pratap Maurya Apr 02 '13 at 07:48
  • I'm curious why you can't set the name of the Distribution identity in the Xcode project file itself (for just the Distribution build configuration)? Seems like if you had the name of the profile in the Xcode project file you wouldn't need to parse it out to begin with. – Stuart M Apr 02 '13 at 08:18
  • 1
    ok it is like a two way process, my code generator generates the xcode project. and then I use command line tools to build and deploy the xcode project.As there will be many projects so user can upload there provisioning profile along with their distribution certificate, using those I sign the build and then create a build for either uploading to appstore or for OTA distribution. Now I am stuck at this point. I dont want to hard code the Code sign value. – Ajeet Pratap Maurya Apr 02 '13 at 08:25
  • Then certainly you could create separate Keychain files, each with exactly one Distribution identity, which is about the same amount of work as creating the separate `.p12` files you were planning to create anyway. – Stuart M Apr 02 '13 at 08:26
  • I wont be creating the .p12 file, other user will upload their distribution certificate, so to export their certificate they will create the .p12 file upload it on my server and then i will import then to the keychain to get the certificate with the key. I knw there is a command but i am lost in here.. :( – Ajeet Pratap Maurya Apr 02 '13 at 08:30
  • Hi, I have exactly the same problem: user should provide to my web interface p12 and mobile provisioning profile. Did you manage to solve this issue? – Luca Torella Sep 25 '15 at 10:00
2

This bit of Python works for me. I didn't have to install anything extra to run this on a Mac.

# load everything. Probably not the best idea in production...
from OpenSSL.crypto import *

p12 = load_pkcs12(file("./path/to/your.p12", 'rb').read(), 'YOUR_P12_PASSWORD')
print(p12.get_friendlyname())

Credit to this answer: Python: reading a pkcs12 certificate with pyOpenSSL.crypto

Community
  • 1
  • 1
Sourceterm
  • 21
  • 1
0

For those who don't know how to run security find-identity command as mentioned on @Stuart M answer here is how to do it: -

xcrun security find-identity -v -p codesigning
Mussa Charles
  • 4,014
  • 2
  • 29
  • 24