On 2016-09-09 13:38, René J.V. Bertin wrote:
>> At least on OS X 10.10 Yosemite, I can use any path to a keychain with
>> `codesign --keychain`. This keychain does not have to be listed in
>> `security list-keychains`.
>
> Does `man codesign` still mention the search list requirement in the
> documentation for --keychain?
>From the man page:
"""
--keychain filename
...
Note that _filename_ will not be searched to resolve the signing
identity's certificate chain unless it is also on the user's
keychain search list.
"""
I think you misunderstand this sentence. codesign will search in this
keychain for the certificate itself, but the keychain will not be used
to find other certificates in the certificate chain (all intermediates
up to a root CA). With a self-signed certificate, there is no additional
certificate in the chain.
Rainer
_______________________________________________
macports-dev mailing list
[email protected]
https://lists.macosforge.org/mailman/listinfo/macports-dev
