Avoid having to enter keychain password for altool

Question

I need to automatise the process of notarising MacOS application. In order to achieve that I have created generic password:

security add-generic-password -a <apple_id> -w <app specific passwd> -s "ALIAS" build.keychain-db

Now to avoid having to enter the password I have added as well:

security set-generic-password-partition-list -S apple-tool:,apple: -s "ALIAS" -k <keychain_passwd> <keychain>

And finally I run altool command, but I still get popup asking me for keychain password.

Does anyone know how to avoid this popup? Everything must be done on command line, so if you could provide with the commands to run, it would be great

Answer 1

To prevent the security confirmation dialog from appearing, either click on Always allow once or modify the appropriate keychain entry. This works like this:

• Locate the path to altool by opening a shell and typing xcrun -find altool.
• Either use this path as argument -T <path> when creating the password using the security add-generic-password command:
  • security add-generic-password -a <apple_id> -w <app specific passwd> -s "ALIAS" -T <path_to_altool> build.keychain-db
• Or use the keychain access app:
  • Open Keychain Access.app.
  • Select the password entry, select the menu File > Get Info (or press Cmd+I or click the ⓘ icon).
  • In this dialog, select the Access Control tab and press the + button. A file selection dialog opens.
  • Open Finder and select the menu Go > Go to Folder… and paste the path to altool (the directory part, without altool itself, e.g. /Applications/Xcode.app/Contents/Developer/usr/bin/).
  • Drag altool to the open panel of Keychain Access and press the Add button.