keychain not staying unlocked

Question

Created Aug ’22

Replies 2

Boosts 0

Views 1.1k

Participants 2

We use Jenkins, Ant, and shell scripts to build and sign our Mac application, installer, and dmg. We recently had to get all new Certs due to a corporate ownership change.

Now that I'm (attempting) to use the new certs, there is a problem when the builds run. It's prompting to unlock the keychain in the Mac UI. Since this is an automated process, we can NOT have it prompting to unlock the keychain. (and it didn't do this with the old certs.)

I've tried adding calls to "security unlock-keychain" calls - but that hasn't stopped the prompting.

What do I need to do to prevent the prompts?

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’22

This is something I discuss in depth as part of my Resolving errSecInternalComponent errors during code signing post. The first thing to check is that your dealing with the keychain unlock prompt and not the keychain item ACL prompt. See the Eliminate keychain alerts section of that post for the details.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

JohnLussmyer OP

Aug ’22

The post you referenced helped, though all the dialogs and text were significantly different from what the Mac is showing me.

I ended up using the Keychain app to modify the Access Control of the key associated with each Cert to "Allow all applications to access this item". I would have preferred to specify the list of applications, but the Finder window it brought up doesn't seem to have any way to select the relevant folder/file. Though, I do see that when I go back into Keychain, and look at those keys - the "Allow all ..." is no longer selected, but the shell scripts are NOT popping up the Keychain Unlock Dialog anymore. Which makes me wonder if this is going to stop working after the next reboot or something.

0