security / codesign in Sierra: Keychain ignores access control settings and UI-prompts for permission

by

The command you need to use is as follows:

security set-key-partition-list -S apple-tool:,apple: -s -k keychainPass keychainName

Please have in mind that this command line tool works like the list-keychains’s way of modification. If you execute set-key-partition-list with a single value it will overwrite all partitionIDs in the certificates. It won’t validate the values passed.

What this command does is that it sets the PartitionIDs (items after -S separated by comma) for keys that can sign (-s) for a specific keychain.
The actual partitionID that allows the codesigning is apple:.

I am not aware what apple-tool: is doing as it is not documented, but it was there after importing the key with security import so I’m keeping it in order to avoid breaking people who copy-paste the command.

This change was introduced with Mac OS Sierra and is not documented (or at least I could not find documentation). As of Oct 16 the man page for security still doesn’t list this command.

For more information you can refer to this bug report – http://www.openradar.me/28524119

More Related Contents:

  1. How to run an iOS app that causes runtime error for frameworks “code signature invalid”
  2. missing private key in the distribution certificate on keychain
  3. Use of unresolved identifier ‘UIScreen’; did you mean ‘NSScreen’? DynamicTypes works fine on iOS, but it doesn’t on macOS
  4. Getting the difference between two Dates (months/days/hours/minutes/seconds) in Swift
  5. iOS: How to store username/password within an app?
  6. This certificate has an invalid issuer Apple Push Services
  7. Code Sign Error in macOS Monterey, Xcode – resource fork, Finder information, or similar detritus not allowed
  8. Fatal error: use of unimplemented initializer ‘init(coder:)’ for class
  9. Swift native functions to have numbers as hex strings
  10. How do I determine the OS version at runtime in OS X or iOS (without using Gestalt)?
  11. Missing certificates and keys in the keychain while using Jenkins/Hudson as Continuous Integration for iOS and Mac development
  12. Codesign error: Provisioning profile cannot be found after deleting expired profile
  13. ld: library not found for -lstdc++.6
  14. How to access own window within SwiftUI view?
  15. How to use Namespaces in Swift?
  16. How to I import 3rd party frameworks into Xcode Playground?
  17. Command /usr/bin/codesign failed with exit code 1
  18. Error when trying to obtain a certificate: The specified item could not be found in the keychain
  19. iOS: Pre install SSL certificate in keychain – programmatically
  20. Save and Load from KeyChain | Swift [duplicate]
  21. WKWebView in Interface Builder
  22. How does Xcode find implicit target dependencies?
  23. Is there a swift native function to convert a number to a hex string?
  24. Bundle.main.path(forResource:ofType:inDirectory:) returns nil
  25. iPhone Simulator suddenly started running very slow
  26. Suppressing deprecated warnings in Xcode
  27. Querying iOS Keychain using Swift
  28. Swift String escaping when serializing to JSON using Codable
  29. Is there a way to remove the authorization prompt from command-line instances of Instruments (Xcode)?
  30. Distribution certificate / private key not installed

Leave a Comment