search

codemagic-ci-cd / cli-tools

Various utilities to managing Android and iOS app builds, code signing, and deployment.
https://codemagic.io/start/
GNU General Public License v3.0
267 stars 42 forks source link

Fix `keychain add-certificates` on macOS 15 #428

Closed priitlatt closed 2 months ago

priitlatt commented 2 months ago

On macOS 15.0 security import -f pkcs12 does not accept unencrypted PKCS#12 containers that are generated by OpenSSL. The command terminates with exist code 1 and emits an error:

% security import certificate.p12 -f pkcs12 -k my-keychain.keychain-db -P "" -T /usr/bin/codesign -T /usr/bin/productsign
security: SecKeychainItemImport: Unable to decode the provided data.

The very same certificate can be still imported when -f switch value is changed to openssl:

% security import certificate.p12 -f openssl -k my-keychain.keychain-db -P "" -T /usr/bin/codesign -T /usr/bin/productsign
1 key imported.
1 certificate imported.

Alter action keychain add-certificates to use attempt certificate import with openssl format if initial import with pkcs12 format fails such that error message contains Unable to decode the provided data.

Updated actions: