macosx-10.10.1/security_certificates-55040/buildCAKeychain

#! /bin/csh -f
#
# Build SystemCACertificates.keychain from all the certs in cwd/certs.
# Creates this file in ./BuiltKeychains/.
#
set CWD=`pwd`
set CA_CERT_DIR=$CWD/certs
set KC_DIR=$CWD/BuiltKeychains

if((! -e "$CA_CERT_DIR") || (! -e "$KC_DIR")) then
   echo "You do not seem to be in a current security_certificates directory. Aborting."
   exit(1)
endif

# this option is essential to process filenames containing a wildcard
set nonomatch

set CA_CERT_KC=SystemCACertificates.keychain
set CA_CERT_KC_PATH="$KC_DIR/$CA_CERT_KC"
set SECURITY=/usr/bin/security

# save keychain list so we don't add SystemRootCertificates to it
#set SAVED_KC_LIST=`$SECURITY list`

echo Creating empty $CA_CERT_KC...
rm -f "$CA_CERT_KC_PATH" || exit(1)
$SECURITY create-keychain -p $CA_CERT_KC "$CA_CERT_KC_PATH" || exit(1)

echo Adding intermediate certs to $CA_CERT_KC... "($CA_CERT_KC_PATH)"
echo Intermediates from "$CA_CERT_DIR"

cd "$CA_CERT_DIR" || exit(1)

foreach root (*)
        echo Intermediate $root...
	$SECURITY -q add-certificates -k "$CA_CERT_KC_PATH" "$root" || exit(1)
end

chmod 0644 "$CA_CERT_KC_PATH" || exit(1)

#$SECURITY list -s $SAVED_KC_LIST

echo "=== System CA Certificate Processing complete. ==="