Author: friss Date: Thu Jun 14 11:04:13 2018 New Revision: 334743 URL: http://llvm.org/viewvc/llvm-project?rev=334743&view=rev Log: Add a script to setup codesigning on macOS.
I've been using this script on a couple machines and it seems to work so I'm putting it out there, maybe other people will find it useful. It is strongly inspired from a similar script in the delve project. Added: lldb/trunk/scripts/macos-setup-codesign.sh (with props) Added: lldb/trunk/scripts/macos-setup-codesign.sh URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/scripts/macos-setup-codesign.sh?rev=334743&view=auto ============================================================================== --- lldb/trunk/scripts/macos-setup-codesign.sh (added) +++ lldb/trunk/scripts/macos-setup-codesign.sh Thu Jun 14 11:04:13 2018 @@ -0,0 +1,57 @@ +#!/bin/bash + +CERT="lldb_codesign" + +function error() { + echo error: "$@" + exit 1 +} + +function cleanup { + # Remove generated files + rm -f "$TMPDIR/$CERT.tmpl" "$TMPDIR/$CERT.cer" "$TMPDIR/$CERT.key" > /dev/null 2>&1 +} + +trap cleanup EXIT + +# Check if the certificate is already present in the system keychain +security find-certificate -Z -p -c "$CERT" /Library/Keychains/System.keychain > /dev/null 2>&1 +if [ $? -eq 0 ]; then + echo Certificate has already been generated and installed + exit 0 +fi + +# Create the certificate template +cat <<EOF >$TMPDIR/$CERT.tmpl +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = no # Protect private key +default_md = sha512 # MD to use +prompt = no # Prompt for DN +distinguished_name = codesign_dn # DN template +[ codesign_dn ] +commonName = "$CERT" +[ codesign_reqext ] +keyUsage = critical,digitalSignature +extendedKeyUsage = critical,codeSigning +EOF + +echo Generating and installing lldb_codesign certificate + +# Generate a new certificate +openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config "$TMPDIR/$CERT.tmpl" -extensions codesign_reqext -batch -out "$TMPDIR/$CERT.cer" -keyout "$TMPDIR/$CERT.key" > /dev/null 2>&1 +[ $? -eq 0 ] || error Something went wrong when generating the certificate + +# Install the certificate in the system keychain +sudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain "$TMPDIR/$CERT.cer" > /dev/null 2>&1 +[ $? -eq 0 ] || error Something went wrong when installing the certificate + +# Install the key for the certificate in the system keychain +sudo security import "$TMPDIR/$CERT.key" -A -k /Library/Keychains/System.keychain > /dev/null 2>&1 +[ $? -eq 0 ] || error Something went wrong when installing the key + +# Kill task_for_pid access control daemon +sudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1 + +# Exit indicating the certificate is now generated and installed +exit 0 Propchange: lldb/trunk/scripts/macos-setup-codesign.sh ------------------------------------------------------------------------------ svn:executable = * _______________________________________________ lldb-commits mailing list lldb-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits