Distribution certificate and codesign cli

Hello there,


I am trying to import my ios distribution certificate and key to a custom keychain so I can codesign my unsigned .app file with the following script:


#!/bin/bash


PASS='12345'
KC="$HOME/Library/Keychains/custom.keychain"
LKC='login.keychain'
CERT_FOLDER="$PWD/certificates"
PROFILE_NAME='MOBPROFILE.mobileprovision'
PROFILE="$CERT_FOLDER/$PROFILE_NAME"
KEY="$CERT_FOLDER/private_key.pem"
CERT="$CERT_FOLDER/ios_distribution.cer"
APP="$PWD/myapp.app"
WWDR="$CERT_FOLDER/AppleWWDRCA.cer"
TMP_FOLDER="$PWD/tmp"
CONFIG='iPhone Distribution: ORG (TEAMID)'
SHARED_PROFILE_FOLDER="$HOME/Library/MobileDevice/Provisioning Profiles"


prepare () {
  mkdir -p "$SHARED_PROFILE_FOLDER"
  cp $PROFILE "$SHARED_PROFILE_FOLDER"
  mkdir -p $TMP_FOLDER
  security create-keychain -p $PASS $KC
  security list-keychains -d user -s $LKC $KC
  security import $WWDR -k $KC -t cert -A -P ''
  security import $KEY -k $KC -t priv -A -P ''
  security import $CERT -k $KC -t cert -A -P ''
  security default-keychain -d user -s $KC
  security unlock-keychain -p $PASS $KC
  security set-keychain-settings $KC
}


set_embedded_profile () {
  rm -rf "$APP/_CodeSignature"
  mkdir -p "$APP/_CodeSignature"
  rm -f "$APP/embedded.mobileprovision"
  cp $PROFILE "$APP/embedded.mobileprovision"
  mkdir -p $TMP_FOLDER
}


set_plist_file () {
  security cms -k $KC -D -i $PROFILE > "$TMP_FOLDER/build.plist"
  /usr/libexec/PlistBuddy -x -c 'Print :Entitlements' "$TMP_FOLDER/build.plist" > "$TMP_FOLDER/ent.plist"
}


sign_frameworks () {
  if find "$APP/Frameworks" -mindepth 1 -print -quit | grep -q .; then
    /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC --entitlements "$TMP_FOLDER/ent.plist" "$APP/Frameworks/"
  fi
}


sign_app () {
  /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC  --entitlements "$TMP_FOLDER/ent.plist" $APP
}


check_codesign () {
  /usr/bin/codesign  --verify --deep --no-strict --verbose=2 $APP
}


get_identity () {
  security find-identity -p codesigning $KC
}


cleanup () {
  security delete-keychain $KC
  local kc_path="$KC-db"
  if [ -f $kc_path ]; then
    rm $kc_path
  fi
  security list-keychains -d user -s $LKC
  security default-keychain -d user -s $LKC
  rm -rf $TMP_FOLDER
  rm "$SHARED_PROFILE_FOLDER/$PROFILE_NAME"
}


prepare
set_embedded_profile
set_plist_file
get_identity
#sign_frameworks
#sign_app
#check_codesign
cleanup


But the "find-identity" command always returns 0 valid identities so codesign can't find any identity item on that keychain (custom.keychain).


Am I missing something? Do I need to import those certificates in other keychains such as login os System?


Thanks in advance.

Up vote post of lrossetti84 Down vote post of lrossetti84
2k views
Posted by
lrossetti84
Reply
Add a Comment

Replies

If you launch Keychain Access and select My Certificates on the left (despite the name, this filters for digital identities), does the expecting identity show up in the list?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

It was a silly mistake, I was using the wrong private key, it all worked out once I switched to the correct one.


Thanks!

Posted by
lrossetti84
Up vote reply of lrossetti84 Down vote reply of lrossetti84
Add a Comment