I have a script which remotes ssh into a Mac. The original script, which worked on El Capitan, would unlock the keychain with this:
security unlock-keychain -p mypassword
The above command gives on error on Sierra so I updated it to this:
security unlock-keychain -p mypassword ~/Library/Keychains/login.keychain
The command above appears to work but then when I list keychains, the login keychain still isn't there and my script fails trying to sign my code because it can't get to the certificates.
(~)$ security list-keychains
"/Library/Keychains/System.keychain"
"/Library/Keychains/System.keychain"
This all works perfectly in a terminal window on the host but I need it to work remotely in SSH.
Thank you for any help or suggestions.
Update October 10, 2016: I changed the ssh authentication from password to rsa key and it started working. After I could access the login keychain, I started getting an error in the ssh shell: SecKey API returned: -25308 from codesign. This turned out to be a permissions error. When I tried it on the host in a terminal, a dialog from the keychain popped up asking me to allow access.
Best Answer
Your login keychain doesn't appear to be in the search list, i.e. when you checked it, it just shows the System keychain twice. No login keychain:
You can use the security command to lookup the -25308 error code. In this case, it says "User interaction not allowed". This is typical if you're trying to sign your app via SSH (or via Jenkins).
You need to do a security command to enable codesigning of your application through a non interactive shell:
Here is a "complete" Jenkins / SSH friendly script to signing your app:
Shout out to Bochun Bai for spending 3 weeks with Apple support to finding the solution to the -25308 issue and posting it to https://sinofool.net/blog/archives/322