TLDR: How can I find make security set-key-partition-list run against a single entry, rather than everything in the keystore?
I was facing issues with a cipher mismatch with an dotnet/aspnet app and a self signed cert:
Eventually I found this github issue, which led me to
log stream --process <PID_OF_SECURITYD>
Giving:
securityd: [com.apple.securityd:integrity] failure extending partition
securityd: [com.apple.securityd:security_exception] MacOS error: 32
securityd: [com.apple.securityd:clientid] code requirement check failed (-67050), client is not Apple-signed
securityd: [com.apple.securityd:integrity] ACL partition mismatch: client teamid:UBF8T346G9 ACL ("cdhash:71c6a2e36e9b3aa01232049c467ebbad51311b9")
Searching from there gave me this SO question(!), which suggested
sudo security set-key-partition-list -D localhost -S unsigned:,teamid:UBF8T346G9 $(security login-keychain)
And voila, this worked – I can now use this certificate to run the app locally.
But, that command ran against ~2489 entries, rather than the 1 that I expected.
So, how can I find make security set-key-partition-list run against a
single entry, rather than everything in the keystore?
It seems that security find-key has completely different args that don’t seem to match – I either get no results, or ~2489 results.
I’ve even got to the point of spelunking through the source code to try and figure this out, but I didn’t get very far.
