Created
January 22, 2019 11:00
-
-
Save d-srd/3464140fd64dfb1b2acd37928c1eddb4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env sh | |
if [[ -z "${TEMP_KEYCHAIN_PATH}" ]]; then | |
echo '$TEMP_KEYCHAIN_PATH environment variable not set. Using default keychain path' | |
TEMP_KEYCHAIN_PATH=$HOME/cert-keychain.keychain | |
echo $TEMP_KEYCHAIN_PATH | |
fi | |
echo | |
if [[ -z "${TEMP_KEYCHAIN_PASS}" ]]; then | |
echo '$TEMP_KEYCHAIN_PASS environment variable not set. Using default keychain password' | |
TEMP_KEYCHAIN_PASS='defaultpassworrd' | |
echo $TEMP_KEYCHAIN_PASS | |
fi | |
echo | |
echo "Creating a temporary keychain at $TEMP_KEYCHAIN_PATH" | |
if [ -f $TEMP_KEYCHAIN_PATH ]; then | |
rm $TEMP_KEYCHAIN_PATH | |
security delete-keychain $TEMP_KEYCHAIN_PATH | |
fi | |
security create-keychain -p $TEMP_KEYCHAIN_PASS $TEMP_KEYCHAIN_PATH | |
security unlock-keychain -p $TEMP_KEYCHAIN_PASS $TEMP_KEYCHAIN_PATH | |
# set a long timeout as the app and dependencies might get signed | |
# a lot later than when this script was called | |
security set-keychain-settings -t 3600 -l $TEMP_KEYCHAIN_PATH | |
curl -f -o wwdrca.cer https://developer.apple.com/certificationauthority/AppleWWDRCA.cer | |
security import wwdrca.cer -k $TEMP_KEYCHAIN_PATH | |
security default-keychain -s $TEMP_KEYCHAIN_PATH | |
# this deserves some explanation. | |
# before certificates in a particular keychain can be used, the keychain needs to be added to `security`'s search list. | |
# adding a single keychain at a time is not supported. to add a single keychain, one must first get all | |
# of the current keychains and append the new keychain to that list. | |
# `security list-keychains -s` also expects keychains in a particular format, namely that of `security list-keychains`, | |
# but without the quotation marks. e.g.: | |
# Users/user/keychain.keychain | |
# Library/Keychains/System.keychain | |
# Foo/Bar/Baz.keychain | |
# do notice the newlines and the four spaces before the start of each keychain name. | |
current_keychains=$(security list-keychains) | |
new_keychains=$(printf "\"$TEMP_KEYCHAIN_PATH\"\n $current_keychains") | |
security list-keychains -s $(echo $new_keychains | sed 's/"//g') | |
security unlock-keychain -p $TEMP_KEYCHAIN_PASS $TEMP_KEYCHAIN_PATH |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment