Build a macos keychain from identities stored in a .p12 file

create_keychain.sh

#!/bin/bash

# some keychain stuff borrowed from 
# https://apple.stackexchange.com/questions/287610/keychains-created-by-an-ssh-connection-are-locked-and-can-not-be-used

# export identities with 
# security export -k ${KEYCHAIN_NAME} -t identities -o identities.p12 -P ${P12_PASSWORD} -f pkcs12

YELLOW=`tput setaf 3`
RESET=`tput sgr0`

KEYCHAIN_DIR=$HOME/Library/Keychains
KEYCHAIN_NAME="dev.keychain"
keychains=$(security list-keychains -d user)

if [[ -z $P12_PASSWORD ]]; then
  echo "Please enter the ${YELLOW}p12 keyring${RESET} password: "
  read -s -p "Password: " P12_PASSWORD
fi

for keychain in $keychains
do
  basename=$(basename "$keychain")

  if test "${basename#*db}" != "$basename"
  then
    keychainName=${basename::${#basename}-4}
  else
    keychainName=${basename::${#basename}-1}
  fi

  keychainNames+=("$keychainName")
done

echo "Keychains on this machine: ${keychainNames[@]}";

if [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 1 ]; then
  echo "Deleting ${KEYCHAIN_NAME}"
  security delete-keychain ${KEYCHAIN_NAME}
fi

if [[ -z $KEYCHAIN_PASS ]]; then
  echo "Please choose a password for your new keychain: "
  read -s -p "Password: " KEYCHAIN_PASS
fi

echo "Creating ${KEYCHAIN_NAME}"
security create-keychain -p ${KEYCHAIN_PASS} ${KEYCHAIN_NAME}

if [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 0 ]; then
  echo "Adding ${KEYCHAIN_NAME} to search list"
  security -v list-keychains -s "${keychainNames[@]}" ${KEYCHAIN_NAME}

elif [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 1 ]; then
  echo "Adding ${KEYCHAIN_NAME} to search list"
  security -v list-keychains -s "${keychainNames[@]}"

fi

security unlock-keychain -p ${KEYCHAIN_PASS} ${KEYCHAIN_NAME}
security set-keychain-settings -l -u -t 10800 ${KEYCHAIN_NAME}
security import identities.p12 -k ${KEYCHAIN_NAME} -P ${P12_PASSWORD} -T /usr/bin/codesign
security import extra_certs.cer -k ${KEYCHAIN_NAME}