forked from OpenSC/OpenSC
-
Notifications
You must be signed in to change notification settings - Fork 0
/
add_signing_key.sh
executable file
·37 lines (30 loc) · 1.31 KB
/
add_signing_key.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/sh
set -ex -o xtrace
pushd .github/
tar xvf secrets.tar
KEY_CHAIN=mac-build.keychain
# Create the keychain with a password
security create-keychain -p travis $KEY_CHAIN
# Make the custom keychain default, so xcodebuild will use it for signing
security default-keychain -s $KEY_CHAIN
# Unlock the keychain for one hour
security unlock-keychain -p travis $KEY_CHAIN
security set-keychain-settings -t 3600 -u $KEY_CHAIN
# Add certificates to keychain and allow codesign to access them
curl -L https://developer.apple.com/certificationauthority/AppleWWDRCA.cer > AppleWWDRCA.cer
security import AppleWWDRCA.cer \
-k ~/Library/Keychains/$KEY_CHAIN \
-T /usr/bin/codesign -T /usr/bin/productsign
security import DeveloperIDApplication.cer \
-k ~/Library/Keychains/$KEY_CHAIN \
-T /usr/bin/codesign -T /usr/bin/productsign
security import DeveloperIDInstaller.cer \
-k ~/Library/Keychains/$KEY_CHAIN \
-T /usr/bin/codesign -T /usr/bin/productsign
security import key.p12 \
-k ~/Library/Keychains/$KEY_CHAIN -P $KEY_PASSWORD \
-T /usr/bin/codesign -T /usr/bin/productsign
security unlock-keychain -p travis $KEY_CHAIN
# https://docs.travis-ci.com/user/common-build-problems/#mac-macos-sierra-1012-code-signing-errors
security set-key-partition-list -S apple-tool:,apple: -s -k travis $KEY_CHAIN
popd