سؤال
I just got my certificate installed on a Mac OS X 10.7 and wrote a script that runs codesign on a number of files after compiling my project. I created a new keychain and disabled the option for locking it after a certain period of time. It looks like the login keychain. But every time my script runs the codesign command the following error occurs: <filename>: User interaction is not allowed. If I start a shell, unlock the keychain with security unlock-keychain <path> and then run the script manually, it works. The question is how to keep the keychain always unlocked so that my automatic build can sign the files?
المحلول
When you use security unlock-keychain -p $PASSWORD $KEYCHAIN the keychain will be unlocked, but, for only 5 minutes, due to an automatic relock. To keep the keychain unlocked permanently you need to use security set-keychain-settings $KEYCHAIN.
For completeness of this answer, I would also recommend that you use security import $CERT -k $KEYCHAIN -P "$CERTPASSWORD" -T /usr/bin/codesign to grant /usr/bin/codesign access to your certificate.
نصائح أخرى
Late reply but as 2022 - Monterey could not get it to run, testing all answers and commands here.
My issue was, the certificates were in the System Toolchain. Looks like in this case there is no way to skip the admin password prompt, even if you lock, unlock, set timeouts ....
Tried moving them from System to login => did not work, there was a private key that did not refresh
Lastly, I used "reset keychain", that deletes everything from local and login keychain. Then I imported the certs again, this time into the login keychain. Restarted the computer and it worked.
A useful command is security find-identity, you can use to display if the moved key to the Login keychain has been detected.
After these steps I can finally sign files without any password prompt.
https://stackoverflow.com/questions/20679481
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian