I am trying to setup a headless machine (no GUI session whatsoever, only SSH) to CI/CD
My pre-build steps is to setup a keychain, but it looks like unlocking the keychain using just a SSH session is not working on macOS 11.6
ec2-user@ip-172-31-40-2 code % security create-keychain -p Passw0rd dev
ec2-user@ip-172-31-40-2 code % security list-keychain -d user -s dev
ec2-user@ip-172-31-40-2 code % security set-keychain-settings -t 0 dev
security: SecKeychainSetSettings dev: User interaction is not allowed.
ec2-user@ip-172-31-40-2 code % security unlock-keychain -p Passw0rd dev
ec2-user@ip-172-31-40-2 code % security set-keychain-settings -t 0 dev
security: SecKeychainSetSettings dev: User interaction is not allowed.
ec2-user@ip-172-31-40-2 code % security import ~/AppleWWDRCA.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/AppleWWDRCAG3.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/AppleRoot.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/DevAuthCA.cer -t cert -k dev -A
1 certificate imported.
ec2-user@ip-172-31-40-2 code % security import ~/apple_dev_key.p12 -k dev -A # this is my private key + cert
security: SecKeychainItemImport: User interaction is not allowed.
ec2-user@ip-172-31-40-2 code % security unlock-keychain -p Passw0rd dev
ec2-user@ip-172-31-40-2 code % security import ~/apple_dev_key.p12 -k dev -A
security: SecKeychainItemImport: User interaction is not allowed.
When doing the same from agri session, I can see that despite the unlock-keychain
command, a GUI prompt is presented to the user to unlock the keychain.
The error lies in security set-keychain-settings -t 0 dev
I read somewhere (can not find the source) that -t 0
sets the lock timeout to infinite (no timeouts) while the correct way to remove timleouts is to omit the -t
parameter at all.
Correct command is security set-keychain-settings dev