2

I am trying to automate a cert installation on a bunch of different Mac boxes so that I can build on any of them using Jenkins. I've seen that you can do an import:

sudo security import certName -P password

And you can also allow applications to use the keychain at installation time:

sudo security import certName -P password -T /usr/bin/codesign

But is there a way to modify existing installations from the command line so I don't have to reimport all the certs that I have imported already? Or is it okay to just reimport everything by running the second command on all the boxes, and it will just update the existing cert installation?

Basically, the overall problem I'd like to solve is to prevent the prompts asking for passwords every time I run a build that say "codesign would like to access the keychain", etc. And then I have to enter the password and click "Always Allow" to prevent it again. But every time I update the cert, I have to go through this process again.

Has anyone ever automated this entire process before? Installing the cert and allowing apps to access the keychain without prompting for a password.

I'd also be happy with allowing any applications to access the keychain without a password. I'm not sure if a flag like that even exists, but it would be a big help if this was possible.

user3270760
  • 1,444
  • 5
  • 23
  • 45

1 Answers1

1

It seems that these three lines were what I needed (answer found here: security / codesign in Sierra: Keychain ignores access control settings and UI-prompts for permission):

security unlock-keychain -p password kaychainName.keychain

security set-keychain-settings keychainName.keychain

security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k password keychainName.keychain
user3270760
  • 1,444
  • 5
  • 23
  • 45