0

I have a script that runs on a Mac Pro continuous integration server running OS X 10.12 Sierra. Occasionally, it needs to run /usr/bin/codesign, which will show a GUI prompt if the private key it signs with is new. (Previously, when you imported a key, you could grant arbitrary applications access with the -T option, but that no longer works.)

Since this is a continuous integration server, no one is observing individual runs, so if the GUI prompt shows, we have to wait for the continuous integration job to time out before we discover what went wrong. The continuous integration server starts as a launch agent attached to a non-root user, and start automatically when the Mac Pro starts. This gives the continuous integration server a GUI environment, which it needs to run the iOS Simulator.

Is there a way to disable the GUI prompt? If I ssh into the box and try to run /usr/bin/codesign instead of a prompt, I get a User interaction is not allowed error message. This would be fine. Is there a way to replicate the ssh terminal environment locally?

Community
  • 1
  • 1
Heath Borders
  • 29,483
  • 16
  • 137
  • 246
  • How do you start the continuous integration server on the Mac Pro? – rob mayoff Mar 10 '17 at 05:38
  • I updated the question: – Heath Borders Mar 10 '17 at 14:50
  • "The continuous integration server starts as a launch agent attached to a non-root user, and start automatically when the Mac Pro starts. This gives the continuous integration server a GUI environment, which it needs to run the iOS Simulator." – Heath Borders Mar 10 '17 at 14:50
  • Did you ever solve this issue? I think you could write an AppleScript script that just automatically accepts the prompt whenever it comes up. Alternatively there is probably another CLI way to add the private key into your keychain as trusted before you run codesign so it bypasses the prompt. – Andrew Fox Apr 03 '22 at 06:47

0 Answers0