1*061da546Spatrick#!/bin/bash 2*061da546Spatrick 3*061da546SpatrickCERT="lldb_codesign" 4*061da546Spatrick 5*061da546Spatrickfunction error() { 6*061da546Spatrick echo error: "$@" 7*061da546Spatrick exit 1 8*061da546Spatrick} 9*061da546Spatrick 10*061da546Spatrickfunction cleanup { 11*061da546Spatrick # Remove generated files 12*061da546Spatrick rm -f "$TMPDIR/$CERT.tmpl" "$TMPDIR/$CERT.cer" "$TMPDIR/$CERT.key" > /dev/null 2>&1 13*061da546Spatrick} 14*061da546Spatrick 15*061da546Spatricktrap cleanup EXIT 16*061da546Spatrick 17*061da546Spatrick# Check if the certificate is already present in the system keychain 18*061da546Spatricksecurity find-certificate -Z -p -c "$CERT" /Library/Keychains/System.keychain > /dev/null 2>&1 19*061da546Spatrickif [ $? -eq 0 ]; then 20*061da546Spatrick echo Certificate has already been generated and installed 21*061da546Spatrick exit 0 22*061da546Spatrickfi 23*061da546Spatrick 24*061da546Spatrick# Create the certificate template 25*061da546Spatrickcat <<EOF >$TMPDIR/$CERT.tmpl 26*061da546Spatrick[ req ] 27*061da546Spatrickdefault_bits = 2048 # RSA key size 28*061da546Spatrickencrypt_key = no # Protect private key 29*061da546Spatrickdefault_md = sha512 # MD to use 30*061da546Spatrickprompt = no # Prompt for DN 31*061da546Spatrickdistinguished_name = codesign_dn # DN template 32*061da546Spatrick[ codesign_dn ] 33*061da546SpatrickcommonName = "$CERT" 34*061da546Spatrick[ codesign_reqext ] 35*061da546SpatrickkeyUsage = critical,digitalSignature 36*061da546SpatrickextendedKeyUsage = critical,codeSigning 37*061da546SpatrickEOF 38*061da546Spatrick 39*061da546Spatrickecho Generating and installing lldb_codesign certificate 40*061da546Spatrick 41*061da546Spatrick# Generate a new certificate 42*061da546Spatrickopenssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config "$TMPDIR/$CERT.tmpl" -extensions codesign_reqext -batch -out "$TMPDIR/$CERT.cer" -keyout "$TMPDIR/$CERT.key" > /dev/null 2>&1 43*061da546Spatrick[ $? -eq 0 ] || error Something went wrong when generating the certificate 44*061da546Spatrick 45*061da546Spatrick# Install the certificate in the system keychain 46*061da546Spatricksudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain "$TMPDIR/$CERT.cer" > /dev/null 2>&1 47*061da546Spatrick[ $? -eq 0 ] || error Something went wrong when installing the certificate 48*061da546Spatrick 49*061da546Spatrick# Install the key for the certificate in the system keychain 50*061da546Spatricksudo security import "$TMPDIR/$CERT.key" -A -k /Library/Keychains/System.keychain > /dev/null 2>&1 51*061da546Spatrick[ $? -eq 0 ] || error Something went wrong when installing the key 52*061da546Spatrick 53*061da546Spatrick# Kill task_for_pid access control daemon 54*061da546Spatricksudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1 55*061da546Spatrick 56*061da546Spatrick# Exit indicating the certificate is now generated and installed 57*061da546Spatrickexit 0 58