Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix keychain add-certificates on macOS 15 #428

Merged
merged 3 commits into from
Sep 20, 2024
Merged

Fix keychain add-certificates on macOS 15 #428

merged 3 commits into from
Sep 20, 2024

Conversation

priitlatt
Copy link
Contributor

@priitlatt priitlatt commented Sep 20, 2024
edited
Loading

On macOS 15.0 security import -f pkcs12 does not accept unencrypted PKCS#12 containers that are generated by OpenSSL. The command terminates with exist code 1 and emits an error:

% security import certificate.p12 -f pkcs12 -k my-keychain.keychain-db -P "" -T /usr/bin/codesign -T /usr/bin/productsign
security: SecKeychainItemImport: Unable to decode the provided data.

The very same certificate can be still imported when -f switch value is changed to openssl:

% security import certificate.p12 -f openssl -k my-keychain.keychain-db -P "" -T /usr/bin/codesign -T /usr/bin/productsign
1 key imported.
1 certificate imported.

Alter action keychain add-certificates to use attempt certificate import with openssl format if initial import with pkcs12 format fails such that error message contains Unable to decode the provided data.

Updated actions:

  • keychain add-certificates

@priitlatt priitlatt marked this pull request as ready for review September 20, 2024 12:38
mikhail-tokarev
mikhail-tokarev approved these changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@mikhail-tokarev mikhail-tokarev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@priitlatt priitlatt merged commit 906eac1 into master Sep 20, 2024
11 checks passed
@priitlatt priitlatt deleted the bugfix/macos-15-keychain-add-certificates branch September 20, 2024 14:00
@priitlatt priitlatt mentioned this pull request Nov 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikhail-tokarev mikhail-tokarev mikhail-tokarev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@priitlatt @mikhail-tokarev