Question

我正在尝试按照link1和link2在Mac OS X上安装gdb。这个过程分四个步骤完成：

使用brew install gdb
创建证书
使用codesign -s [cert-name] [your-gdb-location]

如何在bash脚本中自动执行第2步？

Answer 1

这是我的最终代码（基于here，here和here）：

cat > myconfig.cnf << EOF

[ req ]
prompt             = no
distinguished_name = my dn

[ my dn ]
# The bare minimum is probably a commonName
commonName = VENTOS
countryName = XX
localityName = Fun Land
organizationName = MyCo LLC LTD INC (d.b.a. OurCo)
organizationalUnitName = SSL Dept.
stateOrProvinceName = YY
emailAddress = ssl-admin@example.com
name = John Doe
surname = Doe
givenName = John
initials = JXD
dnQualifier = some

[ my server exts ]
keyUsage = digitalSignature
extendedKeyUsage = codeSigning

EOF

echo "generating the private key ..."
openssl genrsa -des3 -passout pass:foobar -out server.key 2048

echo ""
echo "generating the CSR (certificate signing request) ..."
openssl req -new -passin pass:foobar -passout pass:foobar -key server.key -out server.csr -config myconfig.cnf -extensions 'my server exts'

echo ""
echo "generating the self-signed certificate ..."
openssl x509 -req -passin pass:foobar -days 6666 -in server.csr -signkey server.key -out server.crt -extfile myconfig.cnf -extensions 'my server exts'

echo ""
echo "convert crt + RSA private key into a PKCS12 (PFX) file ..."
openssl pkcs12 -export -passin pass:foobar -passout pass:foobar -in server.crt -inkey server.key -out server.pfx

echo ""
echo "importing the certificate ..."
sudo security import server.pfx -k /Library/Keychains/System.keychain -P foobar

现在您可以看到系统钥匙串中列出的证书：

签署gdb

sudo codesign -s VENTOS "$(which gdb)"

创建证书以在bash上在Mac OS X上签署GDB

1 个答案: