无需密码即可解锁 OS X 钥匙串
我正在对 Xcode 项目[2]进行远程/自动构建[1],为了签署我的应用程序,我在构建之前添加了这一行。
security unlock-keychain -p keychainpassword
这工作正常,并解锁存储证书的系统钥匙串,但它暴露了在 TeamCity 界面供所有人查看。
构建过程作为登录用户运行,并且是独立的...有没有办法可以在不提供密码的情况下解锁系统/默认钥匙串?
我刚刚有了一个想法。如果我将证书移至登录名的钥匙串(而不是系统)中,会怎样?我还需要用密码解锁吗?
这有可能吗?或者我应该设置一个不能造成任何损害的用户,只是构建而不执行任何其他操作并公开该用户的密码?
[1] 使用 TeamCity,但无关紧要。
[2] iPhone 项目,但又无关紧要。
I'm doing a remote/automated build[1] of my Xcode projects[2] and in order to sign my apps, I add this line before the build.
security unlock-keychain -p keychainpassword
This works fine, and unlocks the SYSTEM keychains where the certificates are stored, but it's exposing the password for the user which the build agent is running on in the TeamCity interface for all to see.
The build process is running as a logged in user, and is self-contained... is there a way I can unlock the system/default keychain without providing the password?
I've just had a thought. What if I moved the certificates into the login's keychain (instead of system)? Would I still have to unlock it with a password?
Is this possible at all? Or should I set up a user which cannot do any damage and just build and do nothing else and expose that user's password?
[1] Using TeamCity, but irrelevant.
[2] iPhone projects, but again irrelevant.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您应该能够使用常规(非管理员)用户进行构建,并使该用户没有密码。然后,您可以在构建系统上以该用户的身份自动登录。
另一种选择是将密码存储在环境变量中,但这几乎无法隐藏密码。
如果您有一个没有密码的普通用户,并且将证书添加到登录钥匙串中,您应该能够远程/自动/无人值守地构建,没有任何问题,包括代码签名。
You should be able to build with a regular (non-admin) user, and make that user have no password. Then, you can auto-login as that user on your build system.
Another alternative is to store the password in an environment variable, but that barely hides the password.
If you have a regular user with no password, and you add the certificates to the Login keychain, you should be able to build remotely / automatically / unattended with no issues, including code-signing.
security unlock-keychain自行提示输入密码。security unlock-keychainon its own prompts for the password.