DigiNotar got hacked awhile back. And more and more issues seem to continue to surface as a result (most notably spoofing Google). Read this article for more info on it
, but I’m not gonna’ rehash it all right now. Instead, let’s correct it. To do so, we’ll use the security command. Then we’ll use the delete-certificate option along with the -Z operator, which allows inputing (or outputting when installing certificates) a SHA1 has of a certificate. Root Certificates (those that appear under the System Roots section of the Keychain Access application) are all located in the /System/Library/Keychains/SystemRootCertificates.keychain keychain and so we’ll specify that as well:
sudo security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C "/System/Library/Keychains/SystemRootCertificates.keychain"
And that’s it, push out the security command through ARD or a policy and you’re untrusting DigiNotar. To verify removal, use the find-certificate option and either attempt to find via the SHA1 hash (-Z again) or use the email address as follows:
security find-certificate -e firstname.lastname@example.org "/System/Library/Keychains/SystemRootCertificates.keychain"
Keep in mind that the certificate can always be re-added to the SystemRootCertificates.keychain when they get all their little issues sorted out.
To use the command line to install a package, use the following command:
installer -pkg ./<package name> -target/
When packaging it is worth note that Apple reserves some positional paremeters for your scripts. These are defined at http://developer.apple.com/mac/library/documentation/DeveloperTools/Conceptual/SoftwareDistribution/Install_Operations/Install_Operations.html#//apple_ref/doc/uid/10000145i-CH14-SW1
- $1: Path to the package
- $2: Path to the destination.
- $3: Installation volume.
- $4: Root directory