Posted on 08-09-2022 11:32 AM
The following script does not work in Extension Attribute but works with ran manually (with BBEdit)
What am I missing
#!/bin/bash
SSKeychain=$( security find-certificate -a -c "Some Software, Inc" 2>&1 | grep labl )
if [[ -z $SSKeychain ]]
then echo "<result>Some Software Certificate not installed</result>"
else echo "<result>Applied</result>"
fi
Solved! Go to Solution.
08-10-2022 07:41 AM - edited 08-10-2022 07:44 AM
Ah.... of course!
If you're looking in the users login.keychain-db, you'll need to specify the current logged in user & the absolute keychain path. I prefer to use `scutil` to get the currentUser.
I tried this method below and it spewed out a lot of data (I have 4 or 5 developer certs in my login keychain) so grep / awk if you want a specific name/trim the data returned down.
#get current user
currentUser="$(scutil <<<"show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')"
# searches for 'developer' certs in current users login.keychain-db
# change path to /Library/Keychains/System.keychain if thats the one you want
SSKeychain=$(security find-certificate -a -c 'Developer' "/Users/${currentUser}/Library/Keychains/login.keychain-db")
# echos out but grep/awk the abve command to get a succinct reply then check with if clause
echo $SSKeychain
Posted on 08-10-2022 01:21 AM
What's the result of just the following command?
security find-certificate -a -c "Some Software, Inc" 2>&1 | grep labl
Posted on 08-10-2022 06:27 AM
@Tangentism when I run in BBEdit, it output is correct but when I run in as a EA the output is blank. The issue is the EA is running as Root, not as the user context (just figured that out yesterday (brain fart)).
I updated the EA script but still does not work
#!/bin/bash
#get uid of console owner
eval $(stat -s /dev/console)
#get username
consoleUsername=$(id -un $st_uid)
#grep for string as console user
SSKeychain=$(su $consoleUsername -c "security find-certificate -a -c 'Some Software, Inc'" )
#if string is not empty
if [ -n "${SSKeychain}" ]; then
echo "<result>Installed</result>"
else
echo "<result>SS Certificate not installed</result>"
fi
08-10-2022 07:41 AM - edited 08-10-2022 07:44 AM
Ah.... of course!
If you're looking in the users login.keychain-db, you'll need to specify the current logged in user & the absolute keychain path. I prefer to use `scutil` to get the currentUser.
I tried this method below and it spewed out a lot of data (I have 4 or 5 developer certs in my login keychain) so grep / awk if you want a specific name/trim the data returned down.
#get current user
currentUser="$(scutil <<<"show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')"
# searches for 'developer' certs in current users login.keychain-db
# change path to /Library/Keychains/System.keychain if thats the one you want
SSKeychain=$(security find-certificate -a -c 'Developer' "/Users/${currentUser}/Library/Keychains/login.keychain-db")
# echos out but grep/awk the abve command to get a succinct reply then check with if clause
echo $SSKeychain
Posted on 08-10-2022 09:20 AM
Thank you @Tangentism it works