truststore_nss: retry certtool with sudo when it fails due to permissions

Based on @rfay's investigation and fix. Fixes #192 Closes #193
2025-10-13 16:31:41 +08:00 · 2019-11-09 17:30:15 -05:00
parent 00ded1d014
commit 1b4ad6c774
2 changed files with 22 additions and 8 deletions
--- a/truststore_java.go
+++ b/truststore_java.go
@@ -87,7 +87,7 @@ func (m *mkcert) installJava() {
 		"-alias", m.caUniqueName(),
 	}

-	out, err := m.execKeytool(exec.Command(keytoolPath, args...))
+	out, err := execKeytool(exec.Command(keytoolPath, args...))
 	fatalIfCmdErr(err, "keytool -importcert", out)
 }

@@ -98,7 +98,7 @@ func (m *mkcert) uninstallJava() {
 		"-keystore", cacertsPath,
 		"-storepass", storePass,
 	}
-	out, err := m.execKeytool(exec.Command(keytoolPath, args...))
+	out, err := execKeytool(exec.Command(keytoolPath, args...))
 	if bytes.Contains(out, []byte("does not exist")) {
 		return // cert didn't exist
 	}
@@ -107,11 +107,11 @@ func (m *mkcert) uninstallJava() {

 // execKeytool will execute a "keytool" command and if needed re-execute
 // the command with commandWithSudo to work around file permissions.
-func (m *mkcert) execKeytool(cmd *exec.Cmd) ([]byte, error) {
+func execKeytool(cmd *exec.Cmd) ([]byte, error) {
 	out, err := cmd.CombinedOutput()
 	if err != nil && bytes.Contains(out, []byte("java.io.FileNotFoundException")) && runtime.GOOS != "windows" {
 		origArgs := cmd.Args[1:]
-		cmd = commandWithSudo(keytoolPath)
+		cmd = commandWithSudo(cmd.Path)
 		cmd.Args = append(cmd.Args, origArgs...)
 		cmd.Env = []string{
 			"JAVA_HOME=" + javaHome,