From 05189bc5fa658a2e4b90867b0575829f652453a2 Mon Sep 17 00:00:00 2001 From: Carl Henrik Lunde Date: Wed, 4 Jul 2018 04:46:39 +0200 Subject: [PATCH] Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. --- truststore_linux.go | 55 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 4 deletions(-) diff --git a/truststore_linux.go b/truststore_linux.go index 43f54c9..d2c092f 100644 --- a/truststore_linux.go +++ b/truststore_linux.go @@ -5,9 +5,13 @@ package main import ( + "bytes" + "io/ioutil" "log" "os" + "os/exec" "path/filepath" + "strings" ) var ( @@ -15,11 +19,54 @@ var ( FirefoxProfile = os.Getenv("HOME") + "/.mozilla/firefox/*" CertutilInstallHelp = `apt install libnss3-tools" or "yum install nss-tools` NSSBrowsers = "Firefox and/or Chrome/Chromium" + + SystemTrustFilename string + SystemTrustCommand []string ) -func (m *mkcert) installPlatform() { - log.Println(" -install is not yet fully supported on Linux 😣") - log.Printf("You can manually install the root certificate at %q in the meantime.", filepath.Join(m.CAROOT, rootName)) +func init() { + _, err := os.Stat("/etc/pki/ca-trust/source/anchors/") + if !os.IsNotExist(err) { + SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/mkcert-rootCA.pem" + SystemTrustCommand = []string{"update-ca-trust", "extract"} + return + } + + _, err = os.Stat("/usr/local/share/ca-certificates/") + if !os.IsNotExist(err) { + SystemTrustFilename = "/usr/local/share/ca-certificates/mkcert-rootCA.crt" + SystemTrustCommand = []string{"update-ca-certificates"} + } } -func (m *mkcert) uninstallPlatform() {} +func (m *mkcert) installPlatform() { + if SystemTrustCommand == nil { + log.Fatalf("-install is not yet supported on this Linux 😣\nYou can manually install the root certificate at %q in the meantime.", filepath.Join(m.CAROOT, rootName)) + } + + cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName)) + fatalIfErr(err, "failed to read root certificate") + + cmd := exec.Command("sudo", "tee", SystemTrustFilename) + cmd.Stdin = bytes.NewReader(cert) + out, err := cmd.CombinedOutput() + fatalIfCmdErr(err, "tee", out) + + cmd = exec.Command("sudo", SystemTrustCommand...) + out, err = cmd.CombinedOutput() + fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out) +} + +func (m *mkcert) uninstallPlatform() { + if SystemTrustCommand == nil { + log.Fatal("-uninstall is not yet supported on this Linux 😣") + } + + cmd := exec.Command("sudo", "rm", SystemTrustFilename) + out, err := cmd.CombinedOutput() + fatalIfCmdErr(err, "rm", out) + + cmd = exec.Command("sudo", SystemTrustCommand...) + out, err = cmd.CombinedOutput() + fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out) +}