Skip to content

Instantly share code, notes, and snippets.

@foozmeat
Last active June 29, 2017 20:28
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save foozmeat/17cccd01ae980582f30a9e3f5a60435f to your computer and use it in GitHub Desktop.
Build a macos keychain from identities stored in a .p12 file
#!/bin/bash
# some keychain stuff borrowed from
# https://apple.stackexchange.com/questions/287610/keychains-created-by-an-ssh-connection-are-locked-and-can-not-be-used
# export identities with
# security export -k ${KEYCHAIN_NAME} -t identities -o identities.p12 -P ${P12_PASSWORD} -f pkcs12
YELLOW=`tput setaf 3`
RESET=`tput sgr0`
KEYCHAIN_DIR=$HOME/Library/Keychains
KEYCHAIN_NAME="dev.keychain"
keychains=$(security list-keychains -d user)
if [[ -z $P12_PASSWORD ]]; then
echo "Please enter the ${YELLOW}p12 keyring${RESET} password: "
read -s -p "Password: " P12_PASSWORD
fi
for keychain in $keychains
do
basename=$(basename "$keychain")
if test "${basename#*db}" != "$basename"
then
keychainName=${basename::${#basename}-4}
else
keychainName=${basename::${#basename}-1}
fi
keychainNames+=("$keychainName")
done
echo "Keychains on this machine: ${keychainNames[@]}";
if [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 1 ]; then
echo "Deleting ${KEYCHAIN_NAME}"
security delete-keychain ${KEYCHAIN_NAME}
fi
if [[ -z $KEYCHAIN_PASS ]]; then
echo "Please choose a password for your new keychain: "
read -s -p "Password: " KEYCHAIN_PASS
fi
echo "Creating ${KEYCHAIN_NAME}"
security create-keychain -p ${KEYCHAIN_PASS} ${KEYCHAIN_NAME}
if [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 0 ]; then
echo "Adding ${KEYCHAIN_NAME} to search list"
security -v list-keychains -s "${keychainNames[@]}" ${KEYCHAIN_NAME}
elif [ `echo ${keychainNames[@]} | grep -c "${KEYCHAIN_NAME}" ` -eq 1 ]; then
echo "Adding ${KEYCHAIN_NAME} to search list"
security -v list-keychains -s "${keychainNames[@]}"
fi
security unlock-keychain -p ${KEYCHAIN_PASS} ${KEYCHAIN_NAME}
security set-keychain-settings -l -u -t 10800 ${KEYCHAIN_NAME}
security import identities.p12 -k ${KEYCHAIN_NAME} -P ${P12_PASSWORD} -T /usr/bin/codesign
security import extra_certs.cer -k ${KEYCHAIN_NAME}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment