1#! /bin/csh -f 2# 3# Build SystemCACertificates.keychain from all the certs in cwd/certs. 4# Creates this file in ./BuiltKeychains/. 5# 6set CWD=`pwd` 7set CA_CERT_DIR=$CWD/certs 8set KC_DIR=$CWD/BuiltKeychains 9 10if((! -e "$CA_CERT_DIR") || (! -e "$KC_DIR")) then 11 echo "You do not seem to be in a current security_certificates directory. Aborting." 12 exit(1) 13endif 14 15# this option is essential to process filenames containing a wildcard 16set nonomatch 17 18set CA_CERT_KC=SystemCACertificates.keychain 19set CA_CERT_KC_PATH="$KC_DIR/$CA_CERT_KC" 20set SECURITY=/usr/bin/security 21 22# save keychain list so we don't add SystemRootCertificates to it 23#set SAVED_KC_LIST=`$SECURITY list` 24 25echo Creating empty $CA_CERT_KC... 26rm -f "$CA_CERT_KC_PATH" || exit(1) 27$SECURITY create-keychain -p $CA_CERT_KC "$CA_CERT_KC_PATH" || exit(1) 28 29echo Adding intermediate certs to $CA_CERT_KC... "($CA_CERT_KC_PATH)" 30echo Intermediates from "$CA_CERT_DIR" 31 32cd "$CA_CERT_DIR" || exit(1) 33 34foreach root (*) 35 echo Intermediate $root... 36 $SECURITY -q add-certificates -k "$CA_CERT_KC_PATH" "$root" || exit(1) 37end 38 39chmod 0644 "$CA_CERT_KC_PATH" || exit(1) 40 41#$SECURITY list -s $SAVED_KC_LIST 42 43echo "=== System CA Certificate Processing complete. ===" 44