2 Replies
      Latest reply: Mar 20, 2017 2:22 AM by lrossetti84 RSS
      lrossetti84 Level 1 Level 1 (0 points)

        Hello there,

         

        I am trying to import my ios distribution certificate and key to a custom keychain so I can codesign my unsigned .app file with the following script:

         

        #!/bin/bash
        
        
        PASS='12345'
        KC="$HOME/Library/Keychains/custom.keychain"
        LKC='login.keychain'
        CERT_FOLDER="$PWD/certificates"
        PROFILE_NAME='MOBPROFILE.mobileprovision'
        PROFILE="$CERT_FOLDER/$PROFILE_NAME"
        KEY="$CERT_FOLDER/private_key.pem"
        CERT="$CERT_FOLDER/ios_distribution.cer"
        APP="$PWD/myapp.app"
        WWDR="$CERT_FOLDER/AppleWWDRCA.cer"
        TMP_FOLDER="$PWD/tmp"
        CONFIG='iPhone Distribution: ORG (TEAMID)'
        SHARED_PROFILE_FOLDER="$HOME/Library/MobileDevice/Provisioning Profiles"
        
        
        prepare () {
          mkdir -p "$SHARED_PROFILE_FOLDER"
          cp $PROFILE "$SHARED_PROFILE_FOLDER"
          mkdir -p $TMP_FOLDER
          security create-keychain -p $PASS $KC
          security list-keychains -d user -s $LKC $KC
          security import $WWDR -k $KC -t cert -A -P ''
          security import $KEY -k $KC -t priv -A -P ''
          security import $CERT -k $KC -t cert -A -P ''
          security default-keychain -d user -s $KC
          security unlock-keychain -p $PASS $KC
          security set-keychain-settings $KC
        }
        
        
        set_embedded_profile () {
          rm -rf "$APP/_CodeSignature"
          mkdir -p "$APP/_CodeSignature"
          rm -f "$APP/embedded.mobileprovision"
          cp $PROFILE "$APP/embedded.mobileprovision"
          mkdir -p $TMP_FOLDER
        }
        
        
        set_plist_file () {
          security cms -k $KC -D -i $PROFILE > "$TMP_FOLDER/build.plist"
          /usr/libexec/PlistBuddy -x -c 'Print :Entitlements' "$TMP_FOLDER/build.plist" > "$TMP_FOLDER/ent.plist"
        }
        
        
        sign_frameworks () {
          if find "$APP/Frameworks" -mindepth 1 -print -quit | grep -q .; then
            /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC --entitlements "$TMP_FOLDER/ent.plist" "$APP/Frameworks/"
          fi
        }
        
        
        sign_app () {
          /usr/bin/codesign -v -f -s "$CONFIG" --keychain $KC  --entitlements "$TMP_FOLDER/ent.plist" $APP
        }
        
        
        check_codesign () {
          /usr/bin/codesign  --verify --deep --no-strict --verbose=2 $APP
        }
        
        
        get_identity () {
          security find-identity -p codesigning $KC
        }
        
        
        cleanup () {
          security delete-keychain $KC
          local kc_path="$KC-db"
          if [ -f $kc_path ]; then
            rm $kc_path
          fi
          security list-keychains -d user -s $LKC
          security default-keychain -d user -s $LKC
          rm -rf $TMP_FOLDER
          rm "$SHARED_PROFILE_FOLDER/$PROFILE_NAME"
        }
        
        
        prepare
        set_embedded_profile
        set_plist_file
        get_identity
        #sign_frameworks
        #sign_app
        #check_codesign
        cleanup
        
        

         

        But the "find-identity" command always returns 0 valid identities so codesign can't find any identity item on that keychain (custom.keychain).

         

        Am I missing something? Do I need to import those certificates in other keychains such as login os System?

         

        Thanks in advance.