1#!/bin/bash 2# 3 4# set -x 5 6DEFAULT_SECCERTDIR=`pwd` 7DEFAULT_SECURITYTESTS_DIR=/Volumes/xenos/dev/tla9/SecurityTests 8 9#This is usually the security_certificates directory in the checked out branch 10 11if [ -z ${SECCERTDIR} ] ; then 12 SECCERTDIR=${DEFAULT_SECCERTDIR} 13fi 14 15# 16#Look for the directory with the sources for SecurityTests 17#This will often be different from the directory for the current branch 18# if that has been checked out sparsely 19# 20 21if [ -z ${SECTESTSDIR} ] ; then 22 /bin/echo "SECTESTSDIR not set, bailing" 1>&2 23 exit 2 24fi 25 26if [ -z ${LOCAL_BUILD_DIR} ] ; then 27 /bin/echo "LOCAL_BUILD_DIR not set, bailing" 1>&2 28 exit 2 29fi 30 31#Make sure we are in a proper security_certificates directory 32 33if [ ! -d "${SECCERTDIR}/roots" ] ; then 34 /bin/echo "${SECCERTDIR}/roots not found, bailing" 1>&2 35 exit 2 36fi 37 38# 39# Check for tools 40# 41 42if [ ! -f "${LOCAL_BUILD_DIR}/vfyCertChain" ]; then 43 /bin/echo "Cant find ${LOCAL_BUILD_DIR}/vfyCertChain" 44 /bin/echo "Making cspxutils and clxutils" 1>&2 45 (cd "${SECTESTSDIR}/cspxutils"; make all) 46fi 47 48# Test that the anchors are OK 49 50(cd roots; "${SECTESTSDIR}"/clxutils/anchorTest/anchorSourceTest .) 51 52# Build a new SystemRootCertificates.keychain and 53# SystemTrustSettings.plist in place on your branch 54 55/bin/echo "Building a new SystemRootCertificates.keychain and SystemTrustSettings.plist" 56(cd "${SECCERTDIR}"; ./buildRootKeychain) 57 58if [ ! -d "/System/Library/Keychains/saved" ] ; then 59 sudo mkdir /System/Library/Keychains/saved 60 sudo cp /System/Library/Keychains/System* /System/Library/Keychains/saved/ 61fi 62 63sudo cp $SECCERTDIR/BuiltKeychains/SystemRootCertificates.keychain $SECCERTDIR/BuiltKeychains/SystemTrustSettings.plist $SECCERTDIR/BuiltKeychains/EVRoots.plist /System/Library/Keychains/ 64 65"${LOCAL_BUILD_DIR}"/anchorTest t 66 67/bin/echo "--- Don't forget to run buildEVRoots ---" 68/bin/echo "------- Done ------" 69 70