在set-key-partition-list codesign之后仍然提示密钥访问 [英] After set-key-partition-list codesign still prompts for key access

查看:1040
本文介绍了在set-key-partition-list codesign之后仍然提示密钥访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用以下命令导入包含公钥和私钥的 PEM 文件:

 安全导入$ {PEM_FILE} -  k~ / Library / Keychains / login.keychain -T / usr / bin / codesign -T / usr / bin / security

On OS X 10.11 El Capitan 我可以 codesign 没有提示:

  codesign --force --sign$ { IDENTITY_HASH} -  timestamp = none`mktemp`

但是,如



如果我点击始终允许,那么将来的代码签名调用不提示,但我不希望UI对话框提示。我希望这一切都是可编写脚本的。



为什么 set-key-partition-list 为其他人工作,而不是为我工作?

解决方案

在我原来的 import 命令中,我没有为我的钥匙串提供密码。如果我提供了 import的密码命令, set-key-partition-list 阻止对话框显示:

 安全导入$ {PEM_FILE} -  k~ / Library / Keychains / login.keychain -P$ {PASSWORD}-T / usr / bin / codesign -T / usr / bin / security 
 security set-key-partition-list -S apple-tool :, apple:-s -k$ {PASSWORD}〜/ Library / Keychains / login.keychain

然后 codesign 没有显示对话框。它只是有效!

  codesign --force --sign $ {IDENTITY_HASH} -  timestamp = none`mktemp`


I'm importing a PEM file containing public and private keys for my code signing identity with the following command:

security import "${PEM_FILE}" -k ~/Library/Keychains/login.keychain -T /usr/bin/codesign -T /usr/bin/security

On OS X 10.11 El Capitan I could then codesign without a prompt:

codesign --force --sign "${IDENTITY_HASH}" --timestamp=none `mktemp`

However, as others have mentioned, OS X 10.12 Sierra now requires that you set-key-partition-list after import:

security set-key-partition-list -S apple-tool:,apple: -s -k "${PASSWORD}" ~/Library/Keychains/login.keychain

However, even after set-key-partition-list, I still get a UI dialog asking for permission to access my private key for code signing:

If I click Always Allow, then future codesign calls don't prompt, but I don't ever want that UI dialog to prompt. I want this all to be scriptable.

Why does set-key-partition-list work for other folks, and not for me?

解决方案

In my original import command, I didn't supply a password for my keychain. If I supply a password to the import command, set-key-partition-list prevents the dialog from showing:

security import "${PEM_FILE}" -k ~/Library/Keychains/login.keychain -P "${PASSWORD}" -T /usr/bin/codesign -T /usr/bin/security
security set-key-partition-list -S apple-tool:,apple: -s -k "${PASSWORD}" ~/Library/Keychains/login.keychain

Then codesign doesn't show a dialog. It just works!

codesign --force --sign "${IDENTITY_HASH}" --timestamp=none `mktemp`

这篇关于在set-key-partition-list codesign之后仍然提示密钥访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
移动开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆