我需要每天午夜创建一个macOS应用程序构建。我希望它是经过代码签名的,这样人们就可以使用它,而不会遇到麻烦。我在午夜睡着了,很忙,无法手动执行此操作。我想通过启动代理运行xcodebuild并在离开键盘的同时获取签名的应用程序。但是代码签名总是失败。
它失败,并显示以下错误:
No signing certificate "Mac Development" found: No "Mac Development" signing certificate matching team ID "H7V7XYVQ7D" with a private key was found.
在我观看时它不会失败,这意味着它必须与钥匙串锁定本身有关。不久前,我四处寻找解决这个问题的方法:
但是没有任何效果。这有可能吗?
最佳答案
export tempKeychain=tempKeychain
export identity="iPhone Whatever: Bob Developer(132455334)"
# create new empty keychain
security create-keychain -p "${ADMIN_PASSWORD}" "${tempKeychain}"
# add keychain to user's keychain search list so they can access it
security list-keychains -d user -s "${tempKeychain}" $(security list-keychains -d user | tr -d '"')
# removing relock timeout on keychain
security set-keychain-settings "${tempKeychain}"
# import the certs
security import foo.p12 -k "${tempKeychain}" -P "${CERT_PASSWORD}" -T "/usr/bin/codesign"
# tell os it's ok to access this identity from command line with tools shipped by apple (suppress codesign modal UI)
security set-key-partition-list -S apple-tool:,apple: -s -k "$ADMIN_PASSWORD" -D "${identity}" -t private ${tempKeychain}
# set default keychain to temp keychain
security default-keychain -d user -s ${tempKeychain}
# unlock keychain
security unlock-keychain -p ${ADMIN_PASSWORD} ${tempKeychain}
# prove we added the code signing identity to the temp keychain
security find-identity -v -p codesigning
# do some codesign stuff
# clean up temp keychain we created
security delete-keychain ${tempKeychain}
您是否考虑过让启动的脚本使用ssh -o到localhost来运行CI服务器(例如Jenkins)之类的命令?