#! /bin/csh -f # # Build SystemRootCerts.keychain and SystemTrustSettings.plist from # all the certs in a given directory. Creates these two files in # $LOCAL_BUILD_DIR and copies the results into /System/Library/Keychains/. # if ( $#argv != 1 ) then echo "Usage: buildSysAnchors cert_dir" echo "A typical run, when in the rootStoreTool dir, would be:" echo "buildSysAnchors ../../../security_certificates/roots" exit(1) endif set BUILD_DIR=$LOCAL_BUILD_DIR set ROOT_KC=SystemRootCerts.keychain set ROOT_KC_PATH=$BUILD_DIR/$ROOT_KC set SETTINGS_FILE=SystemTrustSettings.plist set SETTINGS_FILE_PATH=$BUILD_DIR/$SETTINGS_FILE echo Creating empty $ROOT_KC in build directory... rm -f "$ROOT_KC_PATH" || exit(1) security create-keychain -p password "$ROOT_KC_PATH" || exit(1) echo Creating empty $SETTINGS_FILE in build directory.... rm -f "$SETTINGS_FILE_PATH" || exit(1) security add-trusted-cert -o "$SETTINGS_FILE_PATH" || exit(1) set cmd="cd $argv[1]" echo $cmd $cmd set GOT_ERROR=NO foreach root (*) echo Processing $root... security import "$root" -k "$ROOT_KC_PATH" -t cert || exit(1) security add-trusted-cert -i "$SETTINGS_FILE_PATH" -o "$SETTINGS_FILE_PATH" "$root" || exit(1) end set DST_PATH=/System/Library/Keychains echo Copying $ROOT_KC and $SETTINGS_FILE to $DST_PATH... cp $ROOT_KC_PATH $SETTINGS_FILE_PATH $DST_PATH || exit(1) echo "=== Done. ==="