Ticket #66358: macports-codesign.sh

File macports-codesign.sh, 2.0 KB (added by kencu (Ken), 21 months ago)

my slightly edited copy of lldb's codesign-certificate-generatings-script to generate a macports signing certificate

Line 
1#!/bin/bash
2
3CERT="macports_codesign"
4
5function error() {
6    echo error: "$@"
7    exit 1
8}
9
10function cleanup {
11    # Remove generated files
12    rm -f "$TMPDIR/$CERT.tmpl" "$TMPDIR/$CERT.cer" "$TMPDIR/$CERT.key" > /dev/null 2>&1
13}
14
15trap cleanup EXIT
16
17# Check if the certificate is already present in the system keychain
18security find-certificate -Z -p -c "$CERT" /Library/Keychains/System.keychain > /dev/null 2>&1
19if [ $? -eq 0 ]; then
20    echo Certificate has already been generated and installed
21    exit 0
22fi
23
24# Create the certificate template
25cat <<EOF >$TMPDIR/$CERT.tmpl
26[ req ]
27default_bits       = 2048        # RSA key size
28encrypt_key        = no          # Protect private key
29default_md         = sha512      # MD to use
30prompt             = no          # Prompt for DN
31distinguished_name = codesign_dn # DN template
32[ codesign_dn ]
33commonName         = "$CERT"
34[ codesign_reqext ]
35keyUsage           = critical,digitalSignature
36extendedKeyUsage   = critical,codeSigning
37EOF
38
39echo Generating and installing macports_codesign certificate
40
41# Generate a new certificate
42openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config "$TMPDIR/$CERT.tmpl" -extensions codesign_reqext -batch -out "$TMPDIR/$CERT.cer" -keyout "$TMPDIR/$CERT.key" > /dev/null 2>&1
43[ $? -eq 0 ] || error Something went wrong when generating the certificate
44
45# Install the certificate in the system keychain
46sudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain "$TMPDIR/$CERT.cer" > /dev/null 2>&1
47[ $? -eq 0 ] || error Something went wrong when installing the certificate
48
49# Install the key for the certificate in the system keychain
50sudo security import "$TMPDIR/$CERT.key" -A -k /Library/Keychains/System.keychain > /dev/null 2>&1
51[ $? -eq 0 ] || error Something went wrong when installing the key
52
53# Kill task_for_pid access control daemon
54sudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1
55
56# Exit indicating the certificate is now generated and installed
57exit 0