errors moving keychain items in git in Catalina

I have a .keychain file stored in a git repo which contains all the signing & push certs for my apps.

Before upgrading my machine to Catalina (10.15.4), in Keychain Access I was able to drag & drop certificates & private keys from my "login" keychain (where they were created/imported by default) into my other keychain.

Starting with Catalina, I get errors when I try to do that. It shows me non-actionable error messages like:

"An error has occured. Unable to add an item to the current keychain."

"UNIX[Operation not permitted]"


If I copy the keychain file out of the git repo, into another directory, then re-add the keychain to Keychain Access, I am able to drag & drop the items into the other keychain.

How do I enable Keychain Access to operate correctly with the keychain file in git like it worked before Catalina? Copying the file around the system is time-consuming and error-prone.

Up vote post of DriveSprat Down vote post of DriveSprat
365 views
Posted by
DriveSprat
Reply
Add a Comment

Replies

If I copy the keychain file out of the git repo, into another directory

How are you hosting your Git repository? I just tried this here in my office and didn’t see the error you’re seeing:

  1. I made a Git repository:

    % cd GitRepo
% git init .
% Initialized empty Git repository in /Users/quinn/GitRepo/.git/

    .

  2. I used Keychain Access to create 

    test.keychain
    in that directory.

  3. I added that to the repository.

    % git add test.keychain 
% git commit -m "***" test.keychain 
[master (root-commit) 046f7dc] ***
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 test.keychain

    .

  4. Back in Keychain Access, I added a certificate to the keychain without getting an error.

  5. I used 

    dump-keychain
    to confirm that it made it: 
    % security dump-keychain | grep -A 12 test.keychain
keychain: "/Users/quinn/GitRepo/test.keychain"
version: 256
class: 0x80001000 
attributes:
    "alis"<blob>="Benjy"
    "cenc"<uint32>=0x00000003 
    "ctyp"<uint32>=0x00000001 
    "hpky"<blob>=0x9AFE2160D114E9BD9BF3A840F9F5E45BFB8296D2  …
    "issu"<blob>=0x301F3110300E06035504030C074D6F757365434131…
    "labl"<blob>="Benjy"
    "skid"<blob>=<NULL>
    "snbr"<blob>=0x03 
    "subj"<blob>=0x301D310E300C06035504030C0542656E6A79310B30…

    .

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment