diff options
| author | Frederic Riss <friss@apple.com> | 2018-06-14 18:04:13 +0000 |
|---|---|---|
| committer | Frederic Riss <friss@apple.com> | 2018-06-14 18:04:13 +0000 |
| commit | a051c7a2f6d386a4c5b072299c6e7e01327d8bc3 (patch) | |
| tree | 9ba0bb8c8c9704b5c663670ca7c08777200047b8 /lldb/scripts/macos-setup-codesign.sh | |
| parent | 4cafb297d5c1ed11cc650d51fccd5e22adb83f84 (diff) | |
| download | bcm5719-llvm-a051c7a2f6d386a4c5b072299c6e7e01327d8bc3.tar.gz bcm5719-llvm-a051c7a2f6d386a4c5b072299c6e7e01327d8bc3.zip | |
Add a script to setup codesigning on macOS.
I've been using this script on a couple machines and it seems to work
so I'm putting it out there, maybe other people will find it useful.
It is strongly inspired from a similar script in the delve project.
llvm-svn: 334743
Diffstat (limited to 'lldb/scripts/macos-setup-codesign.sh')
| -rwxr-xr-x | lldb/scripts/macos-setup-codesign.sh | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/lldb/scripts/macos-setup-codesign.sh b/lldb/scripts/macos-setup-codesign.sh new file mode 100755 index 00000000000..6e8ad768d5f --- /dev/null +++ b/lldb/scripts/macos-setup-codesign.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +CERT="lldb_codesign" + +function error() { + echo error: "$@" + exit 1 +} + +function cleanup { + # Remove generated files + rm -f "$TMPDIR/$CERT.tmpl" "$TMPDIR/$CERT.cer" "$TMPDIR/$CERT.key" > /dev/null 2>&1 +} + +trap cleanup EXIT + +# Check if the certificate is already present in the system keychain +security find-certificate -Z -p -c "$CERT" /Library/Keychains/System.keychain > /dev/null 2>&1 +if [ $? -eq 0 ]; then + echo Certificate has already been generated and installed + exit 0 +fi + +# Create the certificate template +cat <<EOF >$TMPDIR/$CERT.tmpl +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = no # Protect private key +default_md = sha512 # MD to use +prompt = no # Prompt for DN +distinguished_name = codesign_dn # DN template +[ codesign_dn ] +commonName = "$CERT" +[ codesign_reqext ] +keyUsage = critical,digitalSignature +extendedKeyUsage = critical,codeSigning +EOF + +echo Generating and installing lldb_codesign certificate + +# Generate a new certificate +openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config "$TMPDIR/$CERT.tmpl" -extensions codesign_reqext -batch -out "$TMPDIR/$CERT.cer" -keyout "$TMPDIR/$CERT.key" > /dev/null 2>&1 +[ $? -eq 0 ] || error Something went wrong when generating the certificate + +# Install the certificate in the system keychain +sudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain "$TMPDIR/$CERT.cer" > /dev/null 2>&1 +[ $? -eq 0 ] || error Something went wrong when installing the certificate + +# Install the key for the certificate in the system keychain +sudo security import "$TMPDIR/$CERT.key" -A -k /Library/Keychains/System.keychain > /dev/null 2>&1 +[ $? -eq 0 ] || error Something went wrong when installing the key + +# Kill task_for_pid access control daemon +sudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1 + +# Exit indicating the certificate is now generated and installed +exit 0 |
