Running on Sierra I found that "Keychain Access" is no longer updated with a new keychain created with "security create-keychain".
So what happens is:
1. security delete-keychain <keychain> ; this actually deletes the keychain and removes from "Keychain Access"
2. security create-keychain <keychain> ; this creates the keychain however it does not populate to "Keychain Access" unless it is the "login.keychain[-db]" - which it is not
3. security find-identity <keychain> -p codesigning -v ; fails even after adding .p12 and .cer / .pem files
4. unlocking the keychain does not help, setting default-keychain does not help either as those do not populate the created keychain into "Keychain Access"
5. opening "Keychain Access" and selecting "File / Add Keychain..." is the only thing what helps and makes "security find-identity <keychain> -p codesigning -v" successful
The problem is that I create the keychain with about 40 keys and certs in a batch job on a build machine so adding the signing identites must happen using the command line. Something like "security add-keychain" or similar is needed, or scripting of the "Add Keychain" functionality of "Keychain Access", or anything else what works.
How do I get this done?