2

I need to automatise the process of notarising MacOS application. In order to achieve that I have created generic password:

security add-generic-password -a <apple_id> -w <app specific passwd> -s "ALIAS" build.keychain-db

Now to avoid having to enter the password I have added as well:

security set-generic-password-partition-list -S apple-tool:,apple: -s "ALIAS" -k <keychain_passwd> <keychain>

And finally I run altool command, but I still get popup asking me for keychain password.

Does anyone know how to avoid this popup? Everything must be done on command line, so if you could provide with the commands to run, it would be great

Steffen Moritz
  • 7,277
  • 11
  • 36
  • 55
RuLoViC
  • 825
  • 7
  • 23

1 Answers1

3

To prevent the security confirmation dialog from appearing, either click on Always allow once or modify the appropriate keychain entry. This works like this:

  • Locate the path to altool by opening a shell and typing xcrun -find altool.
  • Either use this path as argument -T <path> when creating the password using the security add-generic-password command:
    • security add-generic-password -a <apple_id> -w <app specific passwd> -s "ALIAS" -T <path_to_altool> build.keychain-db
  • Or use the keychain access app:
    • Open Keychain Access.app.
    • Select the password entry, select the menu File > Get Info (or press Cmd+I or click the icon).
    • In this dialog, select the Access Control tab and press the + button. A file selection dialog opens.
    • Open Finder and select the menu Go > Go to Folder… and paste the path to altool (the directory part, without altool itself, e.g. /Applications/Xcode.app/Contents/Developer/usr/bin/).
    • Drag altool to the open panel of Keychain Access and press the Add button.
DarkDust
  • 90,870
  • 19
  • 190
  • 224
  • I will test that and let you know – RuLoViC Jun 18 '19 at 09:26
  • 1
    Unfortunately it does not work for me. I run security add-generic-password as you shown me before but then when I run altool with "@keychain:ALIAS", I get "*** Error: The specified item could not be found in the keychain." – RuLoViC Jun 18 '19 at 18:42
  • 1
    Ah, it seems that using a custom keychain is not supported, [only the login keychain is supported by `altool`](https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow): _Note that altool can’t access your iCloud keychain for security reasons, so the item must be in your login keychain._ – DarkDust Jun 19 '19 at 06:32
  • Anyway, I don't understand why you are trying to use the keychain in this case: you already have the password in plain-text, don't you? Then pass that to `altool`'s `-p` option instead of `@keychain:`. – DarkDust Jun 19 '19 at 06:33