Hello there,
I am trying to import my ios distribution certificate and key to a custom keychain so I can codesign my unsigned .app file with the following script:
#!/bin/bash PASS='12345' KC="$HOME/Library/Keychains/custom.keychain" LKC='login.keychain' CERT_FOLDER="$PWD/certificates" PROFILE_NAME='MOBPROFILE.mobileprovision' PROFILE="$CERT_FOLDER/$PROFILE_NAME" KEY="$CERT_FOLDER/private_key.pem" CERT="$CERT_FOLDER/ios_distribution.cer" APP="$PWD/myapp.app" WWDR="$CERT_FOLDER/AppleWWDRCA.cer" TMP_FOLDER="$PWD/tmp" CONFIG='iPhone Distribution: ORG (TEAMID)' SHARED_PROFILE_FOLDER="$HOME/Library/MobileDevice/Provisioning Profiles" prepare () { mkdir -p "$SHARED_PROFILE_FOLDER" cp $PROFILE "$SHARED_PROFILE_FOLDER" mkdir -p $TMP_FOLDER security create-keychain -p $PASS $KC security list-keychains -d user -s $LKC $KC security import $WWDR -k $KC -t cert -A -P '' security import $KEY -k $KC -t priv -A -P '' security import $CERT -k $KC -t cert -A -P '' security default-keychain -d user -s $KC security unlock-keychain -p $PASS $KC security set-keychain-settings $KC } set_embedded_profile () { rm -rf "$APP/_CodeSignature" mkdir -p "$APP/_CodeSignature" rm -f "$APP/embedded.mobileprovision" cp $PROFILE "$APP/embedded.mobileprovision" mkdir -p $TMP_FOLDER } set_plist_file () { security cms -k $KC -D -i $PROFILE > "$TMP_FOLDER/build.plist" /usr/libexec/PlistBuddy -x -c 'Print :Entitlements' "$TMP_FOLDER/build.plist" > "$TMP_FOLDER/ent.plist" } sign_frameworks () { if find "$APP/Frameworks" -mindepth 1 -print -quit | grep -q .; then /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC --entitlements "$TMP_FOLDER/ent.plist" "$APP/Frameworks/" fi } sign_app () { /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC --entitlements "$TMP_FOLDER/ent.plist" $APP } check_codesign () { /usr/bin/codesign --verify --deep --no-strict --verbose=2 $APP } get_identity () { security find-identity -p codesigning $KC } cleanup () { security delete-keychain $KC local kc_path="$KC-db" if [ -f $kc_path ]; then rm $kc_path fi security list-keychains -d user -s $LKC security default-keychain -d user -s $LKC rm -rf $TMP_FOLDER rm "$SHARED_PROFILE_FOLDER/$PROFILE_NAME" } prepare set_embedded_profile set_plist_file get_identity #sign_frameworks #sign_app #check_codesign cleanup
But the "find-identity" command always returns 0 valid identities so codesign can't find any identity item on that keychain (custom.keychain).
Am I missing something? Do I need to import those certificates in other keychains such as login os System?
Thanks in advance.