--- /dev/null
+#! /bin/csh -f
+#
+# Build SystemRootCerts.keychain and SystemTrustSettings.plist from
+# all the certs in a given directory. Creates these two files in
+# $LOCAL_BUILD_DIR and copies the results into /System/Library/Keychains/.
+#
+if ( $#argv != 1 ) then
+ echo "Usage: buildSysAnchors cert_dir"
+ echo "A typical run, when in the rootStoreTool dir, would be:"
+ echo "buildSysAnchors ../../../security_certificates/roots"
+ exit(1)
+endif
+
+set BUILD_DIR=$LOCAL_BUILD_DIR
+set ROOT_KC=SystemRootCerts.keychain
+set ROOT_KC_PATH=$BUILD_DIR/$ROOT_KC
+set SETTINGS_FILE=SystemTrustSettings.plist
+set SETTINGS_FILE_PATH=$BUILD_DIR/$SETTINGS_FILE
+
+echo Creating empty $ROOT_KC in build directory...
+rm -f "$ROOT_KC_PATH" || exit(1)
+security create-keychain -p password "$ROOT_KC_PATH" || exit(1)
+
+echo Creating empty $SETTINGS_FILE in build directory....
+rm -f "$SETTINGS_FILE_PATH" || exit(1)
+security add-trusted-cert -o "$SETTINGS_FILE_PATH" || exit(1)
+
+set cmd="cd $argv[1]"
+echo $cmd
+$cmd
+
+set GOT_ERROR=NO
+
+foreach root (*)
+ echo Processing $root...
+ security import "$root" -k "$ROOT_KC_PATH" -t cert || exit(1)
+ security add-trusted-cert -i "$SETTINGS_FILE_PATH" -o "$SETTINGS_FILE_PATH" "$root" || exit(1)
+end
+
+set DST_PATH=/System/Library/Keychains
+
+echo Copying $ROOT_KC and $SETTINGS_FILE to $DST_PATH...
+cp $ROOT_KC_PATH $SETTINGS_FILE_PATH $DST_PATH || exit(1)
+
+echo "=== Done. ==="
projects / apple / security.git / blobdiff