Build a macos keychain from identities stored in a .p12 file
#!/bin/bash | |
# some keychain stuff borrowed from | |
# https://apple.stackexchange.com/questions/287610/keychains-created-by-an-ssh-connection-are-locked-and-can-not-be-used | |
# export identities with | |
# security export -k ${KEYCHAIN_NAME} -t identities -o identities.p12 -P ${P12_PASSWORD} -f pkcs12 | |
YELLOW=`tput setaf 3` | |
RESET=`tput sgr0` | |
KEYCHAIN_DIR=$HOME/Library/Keychains | |
KEYCHAIN_NAME="dev.keychain" | |
keychains=$(security list-keychains -d user) | |
if [[ -z $P12_PASSWORD ]]; then | |
echo "Please enter the ${YELLOW}p12 keyring${RESET} password: " | |
read -s -p "Password: " P12_PASSWORD | |
fi | |
for keychain in $keychains | |
do | |
basename=$(basename "$keychain") | |
if test "${basename#*db}" != "$basename" | |
then | |
keychainName=${basename::${#basename}-4} | |
else | |
keychainName=${basename::${#basename}-1} | |
fi | |
keychainNames+=("$keychainName") | |
done | |
echo "Keychains on this machine: ${keychainNames[@]}"; | |
if [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 1 ]; then | |
echo "Deleting ${KEYCHAIN_NAME}" | |
security delete-keychain ${KEYCHAIN_NAME} | |
fi | |
if [[ -z $KEYCHAIN_PASS ]]; then | |
echo "Please choose a password for your new keychain: " | |
read -s -p "Password: " KEYCHAIN_PASS | |
fi | |
echo "Creating ${KEYCHAIN_NAME}" | |
security create-keychain -p ${KEYCHAIN_PASS} ${KEYCHAIN_NAME} | |
if [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 0 ]; then | |
echo "Adding ${KEYCHAIN_NAME} to search list" | |
security -v list-keychains -s "${keychainNames[@]}" ${KEYCHAIN_NAME} | |
elif [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 1 ]; then | |
echo "Adding ${KEYCHAIN_NAME} to search list" | |
security -v list-keychains -s "${keychainNames[@]}" | |
fi | |
security unlock-keychain -p ${KEYCHAIN_PASS} ${KEYCHAIN_NAME} | |
security set-keychain-settings -l -u -t 10800 ${KEYCHAIN_NAME} | |
security import identities.p12 -k ${KEYCHAIN_NAME} -P ${P12_PASSWORD} -T /usr/bin/codesign | |
security import extra_certs.cer -k ${KEYCHAIN_NAME} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment