1. 技术文章
  2. CLI: Switch keychains in order to sign an xcodebuild

CLI: Switch keychains in order to sign an xcodebuild

社会主义新天地 提交于 2019-12-04 02:15:35

You can tell Xcode which keychain to use:

xcodebuild "OTHER_CODE_SIGN_FLAGS=--keychain '$PATH_TO_KEYCHAIN'"

Or, if you call codesign directly:

codesign --keychain "$PATH_TO_KEYCHAIN"

If you use PackageApplication, there isn't a way to set this. However, PackageApplication is a pretty simple script that can be reimplemented if necessary (very useful if you're integrating with a larger system/script).

Solution: I've put all the appstore related stuff in the login keychain, and the enterprise stuff in a seperate keychain file.

In the buildscript, I switch between those as follows:

    # 1. Only activate the System and either the Appstore(=login) or Enterprise keychain.
security list-keychains -s $KEYCHAIN_NAME $SYSTEM_KEYCHAIN

# 2. Loop through App Schema's
for APP_SCHEME in ${APP_SCHEMES[@]}; do
    echo "--=  Processing $APP_SCHEME  =--"
    xcodebuild -scheme "${APP_SCHEME}" archive
done ### Looping through App Schema's

# 3. Restore login & system keychains
security list-keychains -s $APPSTORE_KEYCHAIN $ENTERPRISE_KEYCHAIN $SYSTEM_KEYCHAIN
Paul Du Bois

Another solution for xcode version 6 and below: specify your certificate by SHA1 instead of by (ambiguous) name. From "man codesign":

 If identity consists of exactly forty hexadecimal digits, it is instead
 interpreted as the SHA-1 hash of the certificate part of the desired iden-
 tity.  In this case, the identity's subject name is not considered.

And from "security help find-certificate"

-Z  Print SHA-1 hash of the certificate

Unfortunately, this method requires using the PackageSign script, which has been deprecated in Xcode 7

标签
xcode
xcodebuild
keychain
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!