[Lldb-commits] [lldb] r334743 - Add a script to setup codesigning on macOS.

Frederic Riss via lldb-commits lldb-commits at lists.llvm.org
Thu Jun 14 11:04:13 PDT 2018 

Author: friss
Date: Thu Jun 14 11:04:13 2018
New Revision: 334743

URL: http://llvm.org/viewvc/llvm-project?rev=334743&view=rev
Log:
Add a script to setup codesigning on macOS.

I've been using this script on a couple machines and it seems to work
so I'm putting it out there, maybe other people will find it useful.
It is strongly inspired from a similar script in the delve project.

Added:
    lldb/trunk/scripts/macos-setup-codesign.sh   (with props)

Added: lldb/trunk/scripts/macos-setup-codesign.sh
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/scripts/macos-setup-codesign.sh?rev=334743&view=auto
==============================================================================
--- lldb/trunk/scripts/macos-setup-codesign.sh (added)
+++ lldb/trunk/scripts/macos-setup-codesign.sh Thu Jun 14 11:04:13 2018
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+CERT="lldb_codesign"
+
+function error() {
+    echo error: "$@"
+    exit 1
+}
+
+function cleanup {
+    # Remove generated files
+    rm -f "$TMPDIR/$CERT.tmpl" "$TMPDIR/$CERT.cer" "$TMPDIR/$CERT.key" > /dev/null 2>&1
+}
+
+trap cleanup EXIT
+
+# Check if the certificate is already present in the system keychain
+security find-certificate -Z -p -c "$CERT" /Library/Keychains/System.keychain > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+    echo Certificate has already been generated and installed
+    exit 0
+fi
+
+# Create the certificate template
+cat <<EOF >$TMPDIR/$CERT.tmpl
+[ req ]
+default_bits       = 2048        # RSA key size
+encrypt_key        = no          # Protect private key
+default_md         = sha512      # MD to use
+prompt             = no          # Prompt for DN
+distinguished_name = codesign_dn # DN template
+[ codesign_dn ]
+commonName         = "$CERT"
+[ codesign_reqext ]
+keyUsage           = critical,digitalSignature
+extendedKeyUsage   = critical,codeSigning
+EOF
+
+echo Generating and installing lldb_codesign certificate
+
+# Generate a new certificate
+openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config "$TMPDIR/$CERT.tmpl" -extensions codesign_reqext -batch -out "$TMPDIR/$CERT.cer" -keyout "$TMPDIR/$CERT.key" > /dev/null 2>&1
+[ $? -eq 0 ] || error Something went wrong when generating the certificate
+
+# Install the certificate in the system keychain
+sudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain "$TMPDIR/$CERT.cer" > /dev/null 2>&1
+[ $? -eq 0 ] || error Something went wrong when installing the certificate
+
+# Install the key for the certificate in the system keychain
+sudo security import "$TMPDIR/$CERT.key" -A -k /Library/Keychains/System.keychain > /dev/null 2>&1
+[ $? -eq 0 ] || error Something went wrong when installing the key
+
+# Kill task_for_pid access control daemon
+sudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1
+
+# Exit indicating the certificate is now generated and installed
+exit 0

Propchange: lldb/trunk/scripts/macos-setup-codesign.sh
------------------------------------------------------------------------------
    svn:executable = *

More information about the lldb-commits mailing list