All geek questions in one place

How should the keychain parameter be used for altola?

I am trying to use the @keychain with the -p switch in altool to download my iTunes Connect password from a keychain:

 altool --validate-app -f "${IPA}" -u "redacted" -p "@keychain:?????"

I am trying to figure out what I need to enter after @keychain: Everything I try (path to keychain file, name of keychain entry, username in keychain entry) throws the following error:

*** Error: the specified item was not found in the keychain.

altool contains the following information about the -p option:

 -p, --password Password. Required if username specified. Password is read from stdin if one is not supplied. May use @keychain: or @env: prefixes followed by the keychain or environment variable lookup name. eg -p @env:SECRET which would use the value in the SECRET environment variable.
+8
source share
3 answers

Proper use is to enter the name of the keychain element (not the name of the keychain itself, and not the Account field for the keychain element).

My problem was access control. I had to edit the keychain element in Keychain Access and configure access control settings so that altool could see the keychain element.

+4
source

For me, the way to log in using the application loader itself worked (check the "Save me in the system" box) and use the keychain entry for the application loader .

So my command looks like this:

 altool --validate-app -f APPLICATION.ipa -u my@apple.id -p @keychain:"Application Loader: my@apple.id "
+12
source

Prerequisites:

  • You need an Apple developer account, obviously. This is AC_USERNAME .
  • You need a password for this account. If you can enable two-factor authentication, you need to create a special application password -s (beyond the scope of this answer). Password AC_PASSWORD .
  • The keychain item will need a name that is referenced via the altool @keychain parameter. We call it ITEM_NAME .

In the instructions below, replace AC_USERNAME , AC_PASSWORD and ITEM_NAME values. Do not enter these names verbatim.

Now:

  1. Create a shared password in your keychain.
    • You can do this through the Keychain Access.app File> New Password Element .... In the ITEM_NAME Name for ITEM_NAME enter the name you want for ITEM_NAME , the account name is AC_USERNAME and AC_PASSWORD goes into the Password field.
    • Or you can do this using the command line: security add-generic-password -a "AC_USERNAME" -w "AC_PASSWORD" -s "ITEM_NAME"
  2. In the altool arguments altool you now pass -u AC_USERNAME -p "@keychain:ITEM_NAME" to force it to extract the password from the keychain.
  3. The first time you launch altool you will get a security confirmation dialog box in which you altool whether to allow altool to read the password. Enter the password for the keychain and click " Always allow ."

To prevent the Security Confirmation dialog box from appearing, click Always allow or change the corresponding keychain entry. This works like this:

  • Find the path to altool by opening the shell and typing xcrun -find altool .
  • Either use this path as the -T <path> argument when creating a password using the security add-generic-password command, either:
    • Open Keychain Access.app .
    • Select a password entry, select File > Get Info (or press Cmd + i or click the β“˜ icon).
    • In this dialog box, select the " Access Control " tab and click the + button. A file selection dialog box will open.
    • Open the Finder and select the menu " Go > Go to Folder… and paste the path to altool (part of the directory, without altool itself, for example /Applications/Xcode.app/Contents/Developer/usr/bin/ ).
    • Drag altool to the open Keychain Access panel and click the Add button.
0
source

Source: https://habr.com/ru/post/1233082/

More articles:


All Articles