On Mar 16, 2010, at 7:39 AM, Rustam Muginov wrote:
> Hello all.
> I am planning to deploy a build computer at the server which i would have no physical access too.
> I am pretty sure that most of the build procedure could be done via ssh, but i am curious about item rights to access keychain.
>
> Then i first run codesign on the system, (either from Xcode or from command line), the dialog popping up requesting authorization for a tool to access Keychain. I have to click "always allow" then i never had this dialog again. How would things happens if i run build scripts remotely via ssh? Are where any commands to grant such access without requiring VNC connection or physical access to keyboard?
>
> Thank you in advance.
You need to eliminate the need for dialogs. There are two kinds: keychain unlocking, and (ACL) access control.
The "always allow" button edits the item's ACL to give permanent access to codesign(1). So do that once (interactively) and you're set. (You can also explicitly edit the ACL in Keychain Access, but the Always Allow button is way more convenient in this case.)
You still need to unlock the keychain. (Sshd will not unlock your keychain for you when you ssh into the system.) You can do that explicitly using the security(1) command:
security unlock-keychain -p password /path/to/keychain
That's the password of your keychain, which defaults to your login password. If you feel queasy about storing that in a script (you should), you can store the key in a separate keychain you create for that purpose, and give it a different password.
Cheers
-- perry
---------------------------------------------------------------------------
Perry The Cynic email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
