I have an unprivileged user that I created to start Tomcat 8 as a service. Tomcat runs Jenkins, which is used to provide jobs where members of my team can upload an .ipa file and a provisioning profile and re-sign the .ipa file. Jenkins is running a shell script whenever it re-signs the .ipa file. That shell script was recently updated and now calls the security command, which results in the following error:
security: cert import failed: a default keychain could not be found.
I need to set the default keychain for my unprivileged Tomcat user.
How can I do that? I don't see much on the web about it, and I see another, unanswered StackOverflow post regarding the topic.
I found a workaround, which is a better solution. I was able to use the following to dynamically create a new keychain, add a cert to the keychain, and later remove the keychain:
security create-keychain -p temp "temp.keychain"
security add-certificates -k "temp.keychain" "ios_distribution.cer"
security unlock-keychain -p temp "temp.keychain"
security cms -D -k "temp.keychain" -i "blah.mobileprovision" > <entitlements>
...do some stuff...
security delete-keychain -h "temp.keychain"
If you do want to set the keychain for an unprivileged user, you can use the following command:
default-keychain [-h] [-d user|system|common|dynamic] [-s [keychain]]
Ex.
default-keychain -h "temp.keychain"
You can run that command from a shell script that is being executed by the unprivileged user (as I am doing).