I'm trying to set up continuous builds/integration for a stable of iPhone apps.
I have:
The big problem is codesigning and the Keychain.
We create code on behalf of our clients' developer identities, so we have several developer identities and we will be adding more.
I want to put the Mini in a deep dark room and never look at it, but the first time you build with a developer identity, a GUI dialog pops up asking if you want to always allow codesign to access the developer identity.
Assuming you do, that dialog box modifies the keychain access control list (ACL) so that codesign is allowed.
You can view this by opening Keychain Access, expanding the certificate, selecting the private key, right-clicking, selecting Get Info, and then switching to the Access Control tab. A "virgin" key will only have Keychain Access in its "always allow" application list. One you have used and confirmed in the dialog box will have codesign as well.
This box provides a way to add an application, except you get the standard Finder file picker, which hides Unix folders. There's no way to navigate to /usr/bin/codesign. So it's impossible to add manually!
Does anyone know of a way around this?
I'm aware of one method using the -T switch of "security import" but then you must specify the ACL when you import the key in the first place, so any keys added in the Keychain GUI would have to be tossed and reimported. Not exactly very nice.
Normally the "cleansed" version of the file system that the Keychain's Get Info dialog presents to you won't allow you to access the hidden /usr/bin directory, but I found a way around this.
Just registred to say THANK you very much, David Boike. Great workaround that helped me a lot. But there is a better way to do this.
Open File Dialog press 'Cmd' + 'Shift' + '.'
That combination should toggle visibility of hidden items on file system. If combination was not effective, try to change presentation mode to 'list' or 'grid' and try it again.
Thanks and good luck!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With