Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mkcert -install (v1.4.0) fails to run in Ubuntu 16.04: SEC_ERROR_READ_ONLY #192

Closed
rfay opened this issue Aug 19, 2019 · 4 comments · Fixed by #216
Closed

mkcert -install (v1.4.0) fails to run in Ubuntu 16.04: SEC_ERROR_READ_ONLY #192

rfay opened this issue Aug 19, 2019 · 4 comments · Fixed by #216

Comments

@rfay
Copy link

rfay commented Aug 19, 2019

Ubuntu 16.04, linuxbrew-installed mkcert v1.4.0, mkcert -install fails with certutil error:

mkcert -install
Created a new local CA at "/home/circleci/.local/share/mkcert" 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "certutil -A": exit status 255

certutil: function failed: SEC_ERROR_READ_ONLY: security library: read-only database.
@rfay rfay mentioned this issue Aug 19, 2019
Merged
@rfay
Copy link
Author

rfay commented Aug 19, 2019
edited

On Debian 9 and Debian 10 this doesn't seem to be a problem AFAICT
On Ubuntu 18.04, it prompts for sudo password and succeeds.
On Fedora 30 it is successful without need for sudo (apparently)

@rfay
Copy link
Author

rfay commented Aug 20, 2019

On Manjaro (and probably arch the same) using linuxbrew it prompts for sudo password successfully and works.

@rfay rfay mentioned this issue Aug 20, 2019
Closed
@rfay
Copy link
Author

rfay commented Aug 20, 2019

I think #193 will solve this problem in a fairly generic way. It might also be possible and simpler to always use sudo on certutil.

@rfay rfay mentioned this issue Aug 20, 2019
Merged
@topher200
Copy link

I'm experiencing this issue when testing an Azure pipeline on both Ubuntu 16.04 and 18.04.

+ mkcert -install --cert-file certificate.pem --key-file key.pem lh.wordstream.com
Created a new local CA at "/home/vsts/.local/share/mkcert" 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "certutil -A": exit status 255

certutil: function failed: SEC_ERROR_READ_ONLY: security library: read-only database.

Using @rfay's binaries from #193 resolved the issue for me.

wget https://github.com/rfay/mkcert/releases/download/v1.4.1-alpha1/mkcert-v1.4.1-alpha1-linux-amd64 -O bin/mkcert

FiloSottile added a commit that referenced this issue Nov 9, 2019
@FiloSottile
truststore_nss: retry certtool with sudo when it fails due to permiss…
0ddde5f 
…ions

Based on @rfay's investigation and fix.

Fixes #192
Closes #193
@FiloSottile FiloSottile mentioned this issue Nov 9, 2019
Merged
FiloSottile added a commit that referenced this issue Nov 9, 2019
@FiloSottile
truststore_nss: retry certtool with sudo when it fails due to permiss…
edc487d 
…ions

Based on @rfay's investigation and fix.

Fixes #192
Closes #193
FiloSottile added a commit that referenced this issue Nov 9, 2019
@FiloSottile
truststore_nss: retry certtool with sudo when it fails due to permiss…
28654f2 
…ions

Based on @rfay's investigation and fix.

Fixes #192
Closes #193
FiloSottile added a commit that referenced this issue Nov 9, 2019
@FiloSottile
truststore_nss: retry certtool with sudo when it fails due to permiss…
1b4ad6c 
…ions

Based on @rfay's investigation and fix.

Fixes #192
Closes #193
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

truststore_nss: retry certtool with sudo when it fails due to permissions FiloSottile/mkcert
2 participants
@rfay @topher200