Skip to content

Avoid codesign modal keychain password dialog #30252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 4, 2024
Merged

Avoid codesign modal keychain password dialog #30252

merged 2 commits into from
Mar 4, 2024

Conversation

hrishikesh-kadam
Copy link
Contributor

@hrishikesh-kadam hrishikesh-kadam commented Nov 30, 2023
edited
Loading

Why:

Following lines are pasted from man security ran on macOS 14.0:

set-key-partition-list [-S <partition list (comma separated)>] [-k <keychain password>] [options...] [keychain] Sets the "partition list" for a key. The "partition list"
is an extra parameter in the ACL which limits access to the key based on an application's code signature. You must present the keychain's password to change a partition
list. If you'd like to run /usr/bin/codesign with the key, "apple:" must be an element of the partition list.

       -S partition-list
                       Comma-separated partition list. See output of "security dump-keychain" for examples.
       -k password     Password for keychain
       -a application-label
                       Match "application label" string
       -c creator      Match creator (four-character code)
       -d              Match keys that can decrypt
       -D description  Match "description" string
       -e              Match keys that can encrypt
       -j comment      Match comment string
       -l label        Match label string
       -r              Match keys that can derive
       -s              Match keys that can sign
       -t type         Type of key to find: one of "symmetric", "public", or "private"
       -u              Match keys that can unwrap
       -v              Match keys that can verify
       -w              Match keys that can wrap

See:

  1. https://github.com/Apple-Actions/import-codesign-certs/blob/5565bb656f60c98c8fc515f3444dd8db73545dc2/src/security.ts#L121-L141

Closes:

What's being changed (if available, include any code snippets, screenshots, or gifs):

Doc Link: https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development

Check off the following:

  • I have reviewed my changes in staging, available via the View deployment link in this PR's timeline.

    • For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the data directory.

Preview Link: https://docs-30252-d1abb2.preview.ghdocs.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development

@hrishikesh-kadam
Avoid codesign modal keychain password dialog
ae0757a 
Following lines are pasted from `man security` ran on macOS 14.0:
```console
set-key-partition-list [-S <partition list (comma separated)>] [-k <keychain password>] [options...] [keychain] Sets the "partition list" for a key. The "partition list"
is an extra parameter in the ACL which limits access to the key based on an application's code signature. You must present the keychain's password to change a partition
list. If you'd like to run /usr/bin/codesign with the key, "apple:" must be an element of the partition list.

       -S partition-list
                       Comma-separated partition list. See output of "security dump-keychain" for examples.
       -k password     Password for keychain
       -a application-label
                       Match "application label" string
       -c creator      Match creator (four-character code)
       -d              Match keys that can decrypt
       -D description  Match "description" string
       -e              Match keys that can encrypt
       -j comment      Match comment string
       -l label        Match label string
       -r              Match keys that can derive
       -s              Match keys that can sign
       -t type         Type of key to find: one of "symmetric", "public", or "private"
       -u              Match keys that can unwrap
       -v              Match keys that can verify
       -w              Match keys that can wrap
```

See:
1. https://github.com/Apple-Actions/import-codesign-certs/blob/5565bb656f60c98c8fc515f3444dd8db73545dc2/src/security.ts#L121-L141
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Nov 30, 2023
@steveward steveward added actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Nov 30, 2023
@nguyenalex836
Copy link
Contributor

@hrishikesh-kadam Hello! 👋 Apologies for our delay in getting back to you! We are asking our team about this internally, and will respond once we have more information 💛

Internal: asked here

@nguyenalex836
Copy link
Contributor

@hrishikesh-kadam Thank you very much for your patience while we reviewed this PR! The changes look great ✨ I'll update the branch and get this merged once tests are passing 🍏

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 4, 2024

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development.md fpt
ghec
ghes@ 3.12 3.11 3.10 3.9 3.8
fpt
ghec
ghes@ 3.12 3.11 3.10 3.9 3.8

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server

@nguyenalex836 nguyenalex836 added this pull request to the merge queue Mar 4, 2024
Merged via the queue into github:main with commit bbc1bad Mar 4, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 4, 2024

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nguyenalex836 nguyenalex836 nguyenalex836 approved these changes

Assignees
No one assigned
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hrishikesh-kadam @nguyenalex836 @steveward