Login/Register
How to install developer certificate/private key and provisioning profile for iOS development via command line?
Asked Answered
Solved command-lineiossdkkeychain
R

3

46

I'm configuring automated build server for iOS application project. I've done most of it. Now, it's the final round. The security.

Developer certificate/private key and provisioning profile can be easily installed into Keychain with GUI. But I want to do this via command line to automate even the configuring process. Exporting/importing certificates, private keys, provisioning profiles via command line.

Any recommendations will be very appreciated.

Revelatory answered 6/12, 2010 at 17:22 Comment(1)
Did you ever find a way to install a provisioning profile? I've got the certificate bit nailed but the other bit eludes me still...Lignite
R
15

I found hints from: http://lists.apple.com/archives/apple-cdsa/2010/Mar/msg00021.html

The command is security. I'm reading manual page. I'll update this answer later after trial :)

--(edit)--

First, we have to give 'Always Allow' access to the certificates/keys in the Keychain manually once. I don't know how to do this without GUI.

And run the command security unlock-keychain before running build tool for every session. I've used SSH, so I had to execute it once for every login sessions.

Revelatory answered 6/12, 2010 at 17:58 Comment(2)
To give 'Always Allow' access, use the -A switch on security import when adding the certificates and keys.Dosser
The -A option is not recommended as it allows any application to use these certificates. To be more secure use the -T /usr/bin/codesign option described above. This will allow specific applications. See security import --help for other options.Priapic
K
55

The always allow GUI is being triggered because codesign hasn't been given an acl to access your private key. try this:

security unlock-keychain -p <my keychain password>
security import Certificate.p12 -k ~/Library/Keychains/login.keychain -P password -T /usr/bin/codesign

The -T flag tells security to allow codesign to have access to the keys you are importing in Certificate.p12.

Kenny answered 17/3, 2011 at 22:18 Comment(3)
Yup, this is what I was looking for as well. I'd like to note that I was running into the error message 'security: SecKeychainItemImport: User interaction is not allowed.' when trying to run the above command. I forgot to unlock my keychain. Doh! Running 'security unlock-keychain' made it work like a charm.Renaldo
This works as expected, but I need a little more... My certificate+key pair is NOT the original Apple thing, but a self-signed certificate we create for our internal developers (we don't want them to have our real private key on their machines). Now here I need also configure the KeyChain to always-trust the certificate. I know how to do it in the GUY, and I also know how to add (import + trust) a trusted certificate via: security add-trusted-cert -k /Library/Keychains/System.keychain -d XXXX.cer --- However, that command doesn't work with .p12 files. Any Idea how I can do this?Gina
Update: as of maOS Sierra, you should probably follow the flow by Ilian Iliev here: #39869078Kenny
R
15

I found hints from: http://lists.apple.com/archives/apple-cdsa/2010/Mar/msg00021.html

The command is security. I'm reading manual page. I'll update this answer later after trial :)

--(edit)--

First, we have to give 'Always Allow' access to the certificates/keys in the Keychain manually once. I don't know how to do this without GUI.

And run the command security unlock-keychain before running build tool for every session. I've used SSH, so I had to execute it once for every login sessions.

Revelatory answered 6/12, 2010 at 17:58 Comment(2)
To give 'Always Allow' access, use the -A switch on security import when adding the certificates and keys.Dosser
The -A option is not recommended as it allows any application to use these certificates. To be more secure use the -T /usr/bin/codesign option described above. This will allow specific applications. See security import --help for other options.Priapic
P
3

Install certificate using command line:

security unlock-keychain -p <machine login password>
security import my_certificate.p12 -k ~/Library/Keychains/login.keychain -P my_password -T /usr/bin/codesign

Install mobile provision profile:

The simple way:

#install profiles, will trigger xcode to install the profile
open "my_profile1.mobileprovision"

# wait for xcode to process the request
sleep 3

# shut down xcode (optional)
kill $(ps aux | grep 'Xcode' | awk '{print $2}')

The complex way:

PROVISION_FILE ="my_profile.mobileprovision"

uuid=`security cms -D -i ${PROVISION_FILE } | grep -aA1 UUID | grep -o "[-a-zA-Z0-9]\{36\}"`

cp "$PROVISION_FILE " ~/Library/MobileDevice/Provisioning\ Profiles/$uuid.mobileprovision
Pressure answered 20/8, 2020 at 1:32 Comment(1)
I ran into some issues with the certificate creation when I tried the above command. Since the certificate provided by Apple was a PEM type x509 cert (without the private key), I created a p12 cert manually with openssl. However, importing it to the login.keychain gave me the following fault when running codesign "Warning: unable to build chain to self-signed root for signer XXX". Any idea how to create a proper p12 cert?Endogen

© 2022 - 2024 — McMap. All rights reserved.