I am writing an application that uses the keychain. The app has a GUI, so as part of testing it, I need to run py2app to recompile its xib files, which creates a new bundle and a new ad-hoc signature. Because it's an ad-hoc signature, this means that every time I launch the test app, I am prompted to grant access to its keychain item again.

I do have a valid local signing identity, and I'd like py2app to just use it so that the identity on the app is stable during testing so it can continue to have access to this item without requiring a new password entry every time, even if the signature isn't going to stand up to Gatekeeper scrutiny or be otherwise valid.