Class: FastlaneCore::KeychainImporter
- Inherits:
-
Object
- Object
- FastlaneCore::KeychainImporter
- Defined in:
- fastlane_core/lib/fastlane_core/keychain_importer.rb
Class Method Summary collapse
- .import_file(path, keychain_path, keychain_password: nil, certificate_password: "", skip_set_partition_list: false, output: FastlaneCore::Globals.verbose?) ⇒ Object
-
.resolve_keychain_password(keychain_path) ⇒ Object
github.com/fastlane/fastlane/issues/14196 Keychain password is needed to set the partition list to prevent Xcode from prompting dialog for keychain password when signing 1.
- .set_partition_list(path, keychain_path, keychain_password: nil, output: FastlaneCore::Globals.verbose?) ⇒ Object
Class Method Details
.import_file(path, keychain_path, keychain_password: nil, certificate_password: "", skip_set_partition_list: false, output: FastlaneCore::Globals.verbose?) ⇒ Object
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'fastlane_core/lib/fastlane_core/keychain_importer.rb', line 7 def self.import_file(path, keychain_path, keychain_password: nil, certificate_password: "", skip_set_partition_list: false, output: FastlaneCore::Globals.verbose?) UI.user_error!("Could not find file '#{path}'") unless File.exist?(path) command = "security import #{path.shellescape} -k '#{keychain_path.shellescape}'" command << " -P #{certificate_password.shellescape}" command << " -T /usr/bin/codesign" # to not be asked for permission when running a tool like `gym` (before Sierra) command << " -T /usr/bin/security" command << " -T /usr/bin/productbuild" # to not be asked for permission when using an installer cert for macOS command << " 1> /dev/null" unless output UI.command(command) if output Open3.popen3(command) do |stdin, stdout, stderr, thrd| UI.command_output(stdout.read.to_s) if output # Set partition list only if success since it can be a time consuming process if a lot of keys are installed if thrd.value.success? && !skip_set_partition_list keychain_password ||= resolve_keychain_password(keychain_path) set_partition_list(path, keychain_path, keychain_password: keychain_password, output: output) else # Output verbose if file is already installed since not an error otherwise we will show the whole error err = stderr.read.to_s.strip if err.include?("SecKeychainItemImport") && err.include?("The specified item already exists in the keychain") UI.verbose("'#{File.basename(path)}' is already installed on this machine") else UI.error(err) end end end end |
.resolve_keychain_password(keychain_path) ⇒ Object
github.com/fastlane/fastlane/issues/14196 Keychain password is needed to set the partition list to prevent Xcode from prompting dialog for keychain password when signing
-
Uses keychain password from login keychain if found
-
Prompts user for keychain password and stores it in login keychain for user later
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'fastlane_core/lib/fastlane_core/keychain_importer.rb', line 86 def self.resolve_keychain_password(keychain_path) keychain_name = File.basename(keychain_path, ".*") server = server_name(keychain_name) # Attempt to find password in keychain for keychain item = Security::InternetPassword.find(server: server) if item keychain_password = item.password UI.important("Using keychain password from keychain item #{server} in #{keychain_path}") end if keychain_password.nil? if UI.interactive? UI.important("Enter the password for #{keychain_path}") UI.important("This passphrase will be stored in your local keychain with the name #{server} and used in future runs") UI.important("This prompt can be avoided by specifying the 'keychain_password' option or 'MATCH_KEYCHAIN_PASSWORD' environment variable") keychain_password = FastlaneCore::Helper.ask_password(message: "Password for #{keychain_name} keychain: ", confirm: true, confirmation_message: "Type password for #{keychain_name} keychain again: ") Security::InternetPassword.add(server, "", keychain_password) else UI.important("Keychain password for #{keychain_path} was not specified and not found in your keychain. Specify the 'keychain_password' option to prevent the UI permission popup when code signing") keychain_password = "" end end return keychain_password end |
.set_partition_list(path, keychain_path, keychain_password: nil, output: FastlaneCore::Globals.verbose?) ⇒ Object
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'fastlane_core/lib/fastlane_core/keychain_importer.rb', line 37 def self.set_partition_list(path, keychain_path, keychain_password: nil, output: FastlaneCore::Globals.verbose?) # When security supports partition lists, also add the partition IDs # See https://openradar.appspot.com/28524119 if Helper.backticks('security -h | grep set-key-partition-list', print: false).length > 0 command = "security set-key-partition-list" command << " -S apple-tool:,apple:,codesign:" command << " -s" # This is a needed in Catalina to prevent "security: SecKeychainItemCopyAccess: A missing value was detected." command << " -k #{keychain_password.to_s.shellescape}" command << " #{keychain_path.shellescape}" command << " 1> /dev/null" # always disable stdout. This can be very verbose, and leak potentially sensitive info # Showing loading indicator as this can take some time if a lot of keys installed Helper.show_loading_indicator("Setting key partition list... (this can take a minute if there are a lot of keys installed)") UI.command(command) if output Open3.popen3(command) do |stdin, stdout, stderr, thrd| unless thrd.value.success? err = stderr.read.to_s.strip # Inform user when no/wrong password was used as its needed to prevent UI permission popup from Xcode when signing if err.include?("SecKeychainItemSetAccessWithPassword") keychain_name = File.basename(keychain_path, ".*") Security::InternetPassword.delete(server: server_name(keychain_name)) UI.important("") UI.important("Could not configure imported keychain item (certificate) to prevent UI permission popup when code signing\n" \ "Check if you supplied the correct `keychain_password` for keychain: `#{keychain_path}`\n" \ "#{err}") UI.important("") UI.important("Please look at the following docs to see how to set a keychain password:") UI.important(" - https://docs.fastlane.tools/actions/sync_code_signing") UI.important(" - https://docs.fastlane.tools/actions/get_certificates") else UI.error(err) end end end # Hiding after Open3 finishes Helper.hide_loading_indicator end end |