在set-key-partition-list codesign之后仍然提示密钥访问 [英] After set-key-partition-list codesign still prompts for key access
问题描述
我正在使用以下命令导入包含公钥和私钥的 PEM
文件:
安全导入$ {PEM_FILE} - k~ / Library / Keychains / login.keychain -T / usr / bin / codesign -T / usr / bin / security
On OS X 10.11 El Capitan
我可以 codesign
没有提示:
codesign --force --sign$ { IDENTITY_HASH} - timestamp = none`mktemp`
但是,如
如果我点击始终允许
,那么将来的代码签名
调用不提示,但我不希望UI对话框提示。我希望这一切都是可编写脚本的。
为什么 set-key-partition-list
为其他人工作,而不是为我工作?
在我原来的 import
命令中,我没有为我的钥匙串提供密码。如果我提供了 import的密码
命令, set-key-partition-list
阻止对话框显示:
安全导入$ {PEM_FILE} - k~ / Library / Keychains / login.keychain -P$ {PASSWORD}-T / usr / bin / codesign -T / usr / bin / security
security set-key-partition-list -S apple-tool :, apple:-s -k$ {PASSWORD}〜/ Library / Keychains / login.keychain
然后 codesign
没有显示对话框。它只是有效!
codesign --force --sign $ {IDENTITY_HASH} - timestamp = none`mktemp`
I'm importing a PEM
file containing public and private keys for my code signing identity with the following command:
security import "${PEM_FILE}" -k ~/Library/Keychains/login.keychain -T /usr/bin/codesign -T /usr/bin/security
On OS X 10.11 El Capitan
I could then codesign
without a prompt:
codesign --force --sign "${IDENTITY_HASH}" --timestamp=none `mktemp`
However, as others have mentioned, OS X 10.12 Sierra
now requires that you set-key-partition-list
after import
:
security set-key-partition-list -S apple-tool:,apple: -s -k "${PASSWORD}" ~/Library/Keychains/login.keychain
However, even after set-key-partition-list
, I still get a UI dialog asking for permission to access my private key for code signing:
If I click Always Allow
, then future codesign
calls don't prompt, but I don't ever want that UI dialog to prompt. I want this all to be scriptable.
Why does set-key-partition-list
work for other folks, and not for me?
In my original import
command, I didn't supply a password for my keychain. If I supply a password to the import
command, set-key-partition-list
prevents the dialog from showing:
security import "${PEM_FILE}" -k ~/Library/Keychains/login.keychain -P "${PASSWORD}" -T /usr/bin/codesign -T /usr/bin/security
security set-key-partition-list -S apple-tool:,apple: -s -k "${PASSWORD}" ~/Library/Keychains/login.keychain
Then codesign
doesn't show a dialog. It just works!
codesign --force --sign "${IDENTITY_HASH}" --timestamp=none `mktemp`
这篇关于在set-key-partition-list codesign之后仍然提示密钥访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!