Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

mkcert/truststore_linux.go

Go to file
 
 
Cannot retrieve contributors at this time
99 lines (83 sloc) 3.07 KB
Raw Blame
Open in GitHub Desktop
// Copyright 2018 The mkcert Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"bytes"
"fmt"
"io/ioutil"
"log"
"os"
"path/filepath"
"strings"
)
var (
FirefoxProfiles = []string{os.Getenv("HOME") + "/.mozilla/firefox/*",
os.Getenv("HOME") + "/snap/firefox/common/.mozilla/firefox/*"}
NSSBrowsers = "Firefox and/or Chrome/Chromium"
SystemTrustFilename string
SystemTrustCommand []string
CertutilInstallHelp string
)
func init() {
switch {
case binaryExists("apt"):
CertutilInstallHelp = "apt install libnss3-tools"
case binaryExists("yum"):
CertutilInstallHelp = "yum install nss-tools"
case binaryExists("zypper"):
CertutilInstallHelp = "zypper install mozilla-nss-tools"
}
if pathExists("/etc/pki/ca-trust/source/anchors/") {
SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/%s.pem"
SystemTrustCommand = []string{"update-ca-trust", "extract"}
} else if pathExists("/usr/local/share/ca-certificates/") {
SystemTrustFilename = "/usr/local/share/ca-certificates/%s.crt"
SystemTrustCommand = []string{"update-ca-certificates"}
} else if pathExists("/etc/ca-certificates/trust-source/anchors/") {
SystemTrustFilename = "/etc/ca-certificates/trust-source/anchors/%s.crt"
SystemTrustCommand = []string{"trust", "extract-compat"}
} else if pathExists("/usr/share/pki/trust/anchors") {
SystemTrustFilename = "/usr/share/pki/trust/anchors/%s.pem"
SystemTrustCommand = []string{"update-ca-certificates"}
}
}
func (m *mkcert) systemTrustFilename() string {
return fmt.Sprintf(SystemTrustFilename, strings.Replace(m.caUniqueName(), " ", "_", -1))
}
func (m *mkcert) installPlatform() bool {
if SystemTrustCommand == nil {
log.Printf("Installing to the system store is not yet supported on this Linux 😣 but %s will still work.", NSSBrowsers)
log.Printf("You can also manually install the root certificate at %q.", filepath.Join(m.CAROOT, rootName))
return false
}
cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName))
fatalIfErr(err, "failed to read root certificate")
cmd := commandWithSudo("tee", m.systemTrustFilename())
cmd.Stdin = bytes.NewReader(cert)
out, err := cmd.CombinedOutput()
fatalIfCmdErr(err, "tee", out)
cmd = commandWithSudo(SystemTrustCommand...)
out, err = cmd.CombinedOutput()
fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
return true
}
func (m *mkcert) uninstallPlatform() bool {
if SystemTrustCommand == nil {
return false
}
cmd := commandWithSudo("rm", "-f", m.systemTrustFilename())
out, err := cmd.CombinedOutput()
fatalIfCmdErr(err, "rm", out)
// We used to install under non-unique filenames.
legacyFilename := fmt.Sprintf(SystemTrustFilename, "mkcert-rootCA")
if pathExists(legacyFilename) {
cmd := commandWithSudo("rm", "-f", legacyFilename)
out, err := cmd.CombinedOutput()
fatalIfCmdErr(err, "rm (legacy filename)", out)
}
cmd = commandWithSudo(SystemTrustCommand...)
out, err = cmd.CombinedOutput()
fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
return true
}