Files
steipete--codexbar/Scripts/setup_dev_signing.sh
T
2026-07-13 12:22:33 +08:00

81 lines
2.4 KiB
Bash
Executable File

#!/usr/bin/env bash
# Setup stable development code signing to reduce keychain prompts
set -euo pipefail
echo "🔐 Setting up stable development code signing..."
echo ""
echo "This will create a self-signed certificate that stays consistent across rebuilds,"
echo "reducing keychain permission prompts."
echo ""
# Check if we already have a CodexBar development certificate
CERT_NAME="CodexBar Development"
if security find-certificate -c "$CERT_NAME" >/dev/null 2>&1; then
echo "✅ Certificate '$CERT_NAME' already exists!"
echo ""
echo "To use it, add this to your shell profile (~/.zshrc or ~/.bashrc):"
echo ""
echo " export APP_IDENTITY='$CERT_NAME'"
echo ""
echo "Then restart your terminal and rebuild with ./Scripts/compile_and_run.sh"
exit 0
fi
echo "Creating self-signed certificate '$CERT_NAME'..."
echo ""
# Create a temporary config file for the certificate
TEMP_CONFIG=$(mktemp)
trap "rm -f $TEMP_CONFIG" EXIT
cat > "$TEMP_CONFIG" <<EOF
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[ req_distinguished_name ]
CN = $CERT_NAME
O = CodexBar Development
C = US
[ v3_req ]
keyUsage = critical,digitalSignature
extendedKeyUsage = codeSigning
EOF
# Generate the certificate
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \
-nodes -keyout /tmp/codexbar-dev.key -out /tmp/codexbar-dev.crt \
-config "$TEMP_CONFIG" 2>/dev/null
# Convert to PKCS12 format
openssl pkcs12 -export -out /tmp/codexbar-dev.p12 \
-inkey /tmp/codexbar-dev.key -in /tmp/codexbar-dev.crt \
-passout pass: 2>/dev/null
# Import into keychain
security import /tmp/codexbar-dev.p12 -k ~/Library/Keychains/login.keychain-db -T /usr/bin/codesign -T /usr/bin/security
# Clean up temporary files
rm -f /tmp/codexbar-dev.{key,crt,p12}
echo ""
echo "✅ Certificate created successfully!"
echo ""
echo "⚠️ IMPORTANT: You need to trust this certificate for code signing:"
echo ""
echo "1. Open Keychain Access.app"
echo "2. Find '$CERT_NAME' in the 'login' keychain"
echo "3. Double-click it"
echo "4. Expand 'Trust' section"
echo "5. Set 'Code Signing' to 'Always Trust'"
echo "6. Close the window (enter your password when prompted)"
echo ""
echo "Then add this to your shell profile (~/.zshrc or ~/.bashrc):"
echo ""
echo " export APP_IDENTITY='$CERT_NAME'"
echo ""
echo "Restart your terminal and rebuild with ./Scripts/compile_and_run.sh"