gitlab.com/Raven-IO/raven-delve@v1.22.4/_scripts/gencert.sh (about) 1 #!/bin/bash 2 3 # Check if the certificate is already present in the system keychain 4 security find-certificate -Z -p -c "dlv-cert" /Library/Keychains/System.keychain > /dev/null 2>&1 5 EXIT_CODE=$? 6 if [ $EXIT_CODE -eq 0 ]; then 7 # Certificate has already been generated and installed 8 exit 0 9 fi 10 11 CERT="dlv-cert" 12 13 # Create the certificate template 14 cat <<EOF >$CERT.tmpl 15 [ req ] 16 default_bits = 2048 # RSA key size 17 encrypt_key = no # Protect private key 18 default_md = sha512 # MD to use 19 prompt = no # Prompt for DN 20 distinguished_name = codesign_dn # DN template 21 [ codesign_dn ] 22 commonName = "dlv-cert" 23 [ codesign_reqext ] 24 keyUsage = critical,digitalSignature 25 extendedKeyUsage = critical,codeSigning 26 EOF 27 28 # Generate a new certificate 29 openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config $CERT.tmpl -extensions codesign_reqext -batch -out $CERT.cer -keyout $CERT.key > /dev/null 2>&1 30 EXIT_CODE=$? 31 if [ $EXIT_CODE -ne 0 ]; then 32 # Something went wrong when generating the certificate 33 exit 1 34 fi 35 36 # Install the certificate in the system keychain 37 sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $CERT.cer > /dev/null 2>&1 38 EXIT_CODE=$? 39 if [ $EXIT_CODE -ne 0 ]; then 40 # Something went wrong when installing the certificate 41 exit 1 42 fi 43 44 # Install the key for the certificate in the system keychain 45 sudo security import $CERT.key -A -k /Library/Keychains/System.keychain > /dev/null 2>&1 46 EXIT_CODE=$? 47 if [ $EXIT_CODE -ne 0 ]; then 48 # Something went wrong when installing the key 49 exit 1 50 fi 51 52 # Kill task_for_pid access control daemon 53 sudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1 54 55 # Remove generated files 56 rm $CERT.tmpl $CERT.cer $CERT.key > /dev/null 2>&1 57 58 # Exit indicating the certificate is now generated and installed 59 exit 0