golang/delve
1
0
Fork 0
mirror of https://github.com/go-delve/delve.git synced 2025-10-27 12:05:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bash script to generate & install signing certificate for delve (#760)

Browse Source
This commit is contained in:
Justin Clift
2017-03-13 17:59:10 +00:00
committed by Derek Parker
parent b7f9e3c73e
commit a8d11f02a8
2 changed files with 61 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -29,7 +29,8 @@ check-cert:
ifneq "$(TRAVIS)" "true"
ifdef DARWIN
ifeq "$(CERT)" ""
$(error You must provide a CERT environment variable in order to codesign the binary.)
scripts/gencert.sh || (echo "An error occurred when generating and installing a new certicate"; exit 1)
CERT = dlv-cert
endif
endif
endif

59
scripts/gencert.sh Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
# Check if the certificate is already present in the system keychain
security find-certificate -Z -p -c "dlv-cert" /Library/Keychains/System.keychain > /dev/null 2>&1
EXIT_CODE=$?
if [ $EXIT_CODE -eq 0 ]; then
# Certificate has already been generated and installed
exit 0
fi
CERT="dlv-cert"
# Create the certificate template
cat <<EOF >$CERT.tmpl
[ req ]
default_bits = 2048 # RSA key size
encrypt_key = no # Protect private key
default_md = sha512 # MD to use
prompt = no # Prompt for DN
distinguished_name = codesign_dn # DN template
[ codesign_dn ]
commonName = "dlv-cert"
[ codesign_reqext ]
keyUsage = critical,digitalSignature
extendedKeyUsage = critical,codeSigning
EOF
# Generate a new certificate
openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config $CERT.tmpl -extensions codesign_reqext -batch -out $CERT.cer -keyout $CERT.key > /dev/null 2>&1
EXIT_CODE=$?
if [ $EXIT_CODE -ne 0 ]; then
# Something went wrong when generating the certificate
exit 1
fi
# Install the certificate in the system keychain
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $CERT.cer > /dev/null 2>&1
EXIT_CODE=$?
if [ $EXIT_CODE -ne 0 ]; then
# Something went wrong when installing the certificate
exit 1
fi
# Install the key for the certificate in the system keychain
sudo security import $CERT.key -A -k /Library/Keychains/System.keychain > /dev/null 2>&1
EXIT_CODE=$?
if [ $EXIT_CODE -ne 0 ]; then
# Something went wrong when installing the key
exit 1
fi
# Kill task_for_pid access control daemon
sudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1
# Remove generated files
rm $CERT.tmpl $CERT.cer $CERT.key > /dev/null 2>&1
# Exit indicating the certificate is now generated and installed
exit 0