Hello there,
I am trying to import my ios distribution certificate and key to a custom keychain so I can codesign my unsigned .app file with the following script:
#!/bin/bash
PASS='12345'
KC="$HOME/Library/Keychains/custom.keychain"
LKC='login.keychain'
CERT_FOLDER="$PWD/certificates"
PROFILE_NAME='MOBPROFILE.mobileprovision'
PROFILE="$CERT_FOLDER/$PROFILE_NAME"
KEY="$CERT_FOLDER/private_key.pem"
CERT="$CERT_FOLDER/ios_distribution.cer"
APP="$PWD/myapp.app"
WWDR="$CERT_FOLDER/AppleWWDRCA.cer"
TMP_FOLDER="$PWD/tmp"
CONFIG='iPhone Distribution: ORG (TEAMID)'
SHARED_PROFILE_FOLDER="$HOME/Library/MobileDevice/Provisioning Profiles"
prepare () {
mkdir -p "$SHARED_PROFILE_FOLDER"
cp $PROFILE "$SHARED_PROFILE_FOLDER"
mkdir -p $TMP_FOLDER
security create-keychain -p $PASS $KC
security list-keychains -d user -s $LKC $KC
security import $WWDR -k $KC -t cert -A -P ''
security import $KEY -k $KC -t priv -A -P ''
security import $CERT -k $KC -t cert -A -P ''
security default-keychain -d user -s $KC
security unlock-keychain -p $PASS $KC
security set-keychain-settings $KC
}
set_embedded_profile () {
rm -rf "$APP/_CodeSignature"
mkdir -p "$APP/_CodeSignature"
rm -f "$APP/embedded.mobileprovision"
cp $PROFILE "$APP/embedded.mobileprovision"
mkdir -p $TMP_FOLDER
}
set_plist_file () {
security cms -k $KC -D -i $PROFILE > "$TMP_FOLDER/build.plist"
/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' "$TMP_FOLDER/build.plist" > "$TMP_FOLDER/ent.plist"
}
sign_frameworks () {
if find "$APP/Frameworks" -mindepth 1 -print -quit | grep -q .; then
/usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC --entitlements "$TMP_FOLDER/ent.plist" "$APP/Frameworks/"
fi
}
sign_app () {
/usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC --entitlements "$TMP_FOLDER/ent.plist" $APP
}
check_codesign () {
/usr/bin/codesign --verify --deep --no-strict --verbose=2 $APP
}
get_identity () {
security find-identity -p codesigning $KC
}
cleanup () {
security delete-keychain $KC
local kc_path="$KC-db"
if [ -f $kc_path ]; then
rm $kc_path
fi
security list-keychains -d user -s $LKC
security default-keychain -d user -s $LKC
rm -rf $TMP_FOLDER
rm "$SHARED_PROFILE_FOLDER/$PROFILE_NAME"
}
prepare
set_embedded_profile
set_plist_file
get_identity
#sign_frameworks
#sign_app
#check_codesign
cleanup
But the "find-identity" command always returns 0 valid identities so codesign can't find any identity item on that keychain (custom.keychain).
Am I missing something? Do I need to import those certificates in other keychains such as login os System?
Thanks in advance.