Fix Apple signing

.github/workflows/release.yml

@@ -63,17 +63,21 @@ jobs:
           KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
         run: |
           echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
-          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security default-keychain -s build.keychain
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security set-keychain-settings -t 3600 -u build.keychain
+          # security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          # security default-keychain -s build.keychain
+          # security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          # security set-keychain-settings -t 3600 -u build.keychain
           
-          curl https://droposs.org/drop.crt --output drop.pem
-          sudo security authorizationdb write com.apple.trust-settings.user allow
-          security add-trusted-cert -r trustRoot -k build.keychain -p codeSign -u -1 drop.pem
-          sudo security authorizationdb remove com.apple.trust-settings.user
+          curl https://droposs.org/drop.der --output drop.der
+          swiftc libs/appletrust/add-certificate.swift
+          ./add-certificate drop.der
+          rm add-certificate
 
-          security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+          # sudo security authorizationdb write com.apple.trust-settings.user allow
+          # security add-trusted-cert -r trustRoot -k build.keychain -p codeSign -u -1 drop.pem
+          # sudo security authorizationdb remove com.apple.trust-settings.user
+
+          security import certificate.p12 -k /Library/Keychains/System.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
           security find-identity -v -p codesigning build.keychain