Skip to content

linux: support chrome via nss/certutil#15

Closed
adamdecaf wants to merge 1 commit intoFiloSottile:masterfrom
adamdecaf:chrome-linux-via-nss
Closed

linux: support chrome via nss/certutil#15
adamdecaf wants to merge 1 commit intoFiloSottile:masterfrom
adamdecaf:chrome-linux-via-nss

Conversation

@adamdecaf
Copy link
Copy Markdown
Contributor

@adamdecaf adamdecaf commented Jun 28, 2018

Issue: #11

@adamdecaf adamdecaf force-pushed the chrome-linux-via-nss branch from 552653e to d5cf2a7 Compare June 28, 2018 15:10
@chlunde
Copy link
Copy Markdown
Contributor

chlunde commented Jun 28, 2018

Isn't "brew", "--prefix", "nss" failing on your system, so you get hasCertutil = false? I had to change

diff --git a/truststore_firefox.go b/truststore_firefox.go
index 2410f21..611791f 100644
--- a/truststore_firefox.go
+++ b/truststore_firefox.go
@@ -18,6 +18,12 @@ func init() {
        _, err := os.Stat(FirefoxPath)
        hasFirefox = !os.IsNotExist(err)
 
+       certutilPath, err = exec.LookPath("certutil")
+       if err == nil {
+               hasCertutil = true
+               return
+       }
+
        out, err := exec.Command("brew", "--prefix", "nss").Output()
        if err != nil {
                return

but even that fails, for some reason I have not checked:

mkcert$ ./mkcert -install
Using the local CA at "/home/chlunde/.local/share/mkcert" ✨
ERROR: failed to execute "certutil -A": exit status 255

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

@adamdecaf
Copy link
Copy Markdown
Contributor Author

adamdecaf commented Jun 29, 2018

My bad. I've got a fix incoming.

@adamdecaf adamdecaf force-pushed the chrome-linux-via-nss branch from d5cf2a7 to 8f8318a Compare June 29, 2018 16:34
@adamdecaf
Copy link
Copy Markdown
Contributor Author

adamdecaf commented Jun 29, 2018
edited
Loading

This worked for me locally, but I also created #18 to drop the log.Fatal which prevents the firefox/chrome installs.

Test runs 
root@ed7a4cef9c16:/# /mkcert -install
Using the local CA at "/root/.local/share/mkcert" ✨
  -install is not yet fully supported on Linux
You can manually install the root certificate at "/root/.local/share/mkcert/rootCA.pem" in the meantime.
The local CA is now installed in the Firefox trust store (requires restart)! 🦊

root@ed7a4cef9c16:/# /mkcert -install
Using the local CA at "/root/.local/share/mkcert" ✨
  -install is not yet fully supported on Linux
You can manually install the root certificate at "/root/.local/share/mkcert/rootCA.pem" in the meantime.
The local CA is now installed in the Chrome/Chromiumtrust store! 🦊

Edit: rebased after that PR was merged.

@adamdecaf adamdecaf force-pushed the chrome-linux-via-nss branch from 8f8318a to 21621ac Compare June 29, 2018 20:07
@FiloSottile
Copy link
Copy Markdown
Owner

FiloSottile commented Jul 4, 2018

@chlunde That's #12 and I would love help debugging that (see the issue).

@FiloSottile
Copy link
Copy Markdown
Owner

FiloSottile commented Jul 4, 2018

Thanks @adamdecaf, I used some of your code, but went for something a bit more DRY even if not as precise. Review and testing very welcome!

@adamdecaf
Copy link
Copy Markdown
Contributor Author

adamdecaf commented Jul 5, 2018

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adamdecaf @chlunde @FiloSottile