222 Views 2 Replies
      Latest reply: Mar 20, 2017 2:22 AM by lrossetti84 RSS
      lrossetti84 Level 1 Level 1 (0 points)
      lrossetti84 Feb 27, 2017 9:16 AM

        Hello there,

         

        I am trying to import my ios distribution certificate and key to a custom keychain so I can codesign my unsigned .app file with the following script:

         

        #!/bin/bash


PASS='12345'
KC="$HOME/Library/Keychains/custom.keychain"
LKC='login.keychain'
CERT_FOLDER="$PWD/certificates"
PROFILE_NAME='MOBPROFILE.mobileprovision'
PROFILE="$CERT_FOLDER/$PROFILE_NAME"
KEY="$CERT_FOLDER/private_key.pem"
CERT="$CERT_FOLDER/ios_distribution.cer"
APP="$PWD/myapp.app"
WWDR="$CERT_FOLDER/AppleWWDRCA.cer"
TMP_FOLDER="$PWD/tmp"
CONFIG='iPhone Distribution: ORG (TEAMID)'
SHARED_PROFILE_FOLDER="$HOME/Library/MobileDevice/Provisioning Profiles"


prepare () {
  mkdir -p "$SHARED_PROFILE_FOLDER"
  cp $PROFILE "$SHARED_PROFILE_FOLDER"
  mkdir -p $TMP_FOLDER
  security create-keychain -p $PASS $KC
  security list-keychains -d user -s $LKC $KC
  security import $WWDR -k $KC -t cert -A -P ''
  security import $KEY -k $KC -t priv -A -P ''
  security import $CERT -k $KC -t cert -A -P ''
  security default-keychain -d user -s $KC
  security unlock-keychain -p $PASS $KC
  security set-keychain-settings $KC
}


set_embedded_profile () {
  rm -rf "$APP/_CodeSignature"
  mkdir -p "$APP/_CodeSignature"
  rm -f "$APP/embedded.mobileprovision"
  cp $PROFILE "$APP/embedded.mobileprovision"
  mkdir -p $TMP_FOLDER
}


set_plist_file () {
  security cms -k $KC -D -i $PROFILE > "$TMP_FOLDER/build.plist"
  /usr/libexec/PlistBuddy -x -c 'Print :Entitlements' "$TMP_FOLDER/build.plist" > "$TMP_FOLDER/ent.plist"
}


sign_frameworks () {
  if find "$APP/Frameworks" -mindepth 1 -print -quit | grep -q .; then
    /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC --entitlements "$TMP_FOLDER/ent.plist" "$APP/Frameworks/"
  fi
}


sign_app () {
  /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC  --entitlements "$TMP_FOLDER/ent.plist" $APP
}


check_codesign () {
  /usr/bin/codesign  --verify --deep --no-strict --verbose=2 $APP
}


get_identity () {
  security find-identity -p codesigning $KC
}


cleanup () {
  security delete-keychain $KC
  local kc_path="$KC-db"
  if [ -f $kc_path ]; then
    rm $kc_path
  fi
  security list-keychains -d user -s $LKC
  security default-keychain -d user -s $LKC
  rm -rf $TMP_FOLDER
  rm "$SHARED_PROFILE_FOLDER/$PROFILE_NAME"
}


prepare
set_embedded_profile
set_plist_file
get_identity
#sign_frameworks
#sign_app
#check_codesign
cleanup

         

        But the "find-identity" command always returns 0 valid identities so codesign can't find any identity item on that keychain (custom.keychain).

         

        Am I missing something? Do I need to import those certificates in other keychains such as login os System?

         

        Thanks in advance.