security set-key-partition-list valid values

Code Signing Certificates, Identifiers & Profiles
pauloDEv OP
Created May ’24
Replies 1
Boosts 1
Views 772
Participants 2

Hi Devs,

i have a question concerning the security set-key-partition-list -S command. I want to use it to enable a code signing certificate being used by codesign and productbuild to sign without sudo or a password prompt. Some sources indicate i need to add codesign: as partition but some don't even mention this. So my question is what partitions are even possible to add? What does partitions in this context mean? How can i find out which i need for productbuild and codesign?

Thanks in advance Paul

Replies  1
Boosts  1
Views  772
Participants  2
DTS Engineer OP
Apple
May ’24

I talk about this in Resolving errSecInternalComponent errors during code signing.

ps Keychain partitions are a bit of a dark art because they were added to the file-based keychain long after it was initially introduced. Thus, they have no APIs and the docs are kinda minimal. Normally I’d recommend that you file bugs about that, but in this case I don’t think that’s worth the effort because Apple long-term path forward is the data protection keychain. See TN3137 On Mac keychain APIs and implementations for more info about this transition.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
security set-key-partition-list valid values
First post date Last post date
 
 
Q