From 592400aab064e9c4e2bd9975bfe56343804aec17 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Sat, 2 Feb 2019 16:03:48 -0500 Subject: [PATCH] Add the TRUST_STORES environment variable Fixes #95 --- README.md | 2 ++ main.go | 39 +++++++++++++++++++++++++++++---------- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 09135e9..4bced36 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,8 @@ mkcert supports the following root stores: * Chrome and Chromium * Java (when `JAVA_HOME` is set) +To only install the local root CA into a subset of them, you can set the `TRUST_STORES` environment variable to a comma-separated list. Options are: "system", "java" and "nss" (includes Firefox). + ## Advanced topics ### Advanced options diff --git a/main.go b/main.go index 4549bae..0d41e33 100644 --- a/main.go +++ b/main.go @@ -16,6 +16,7 @@ import ( "path/filepath" "regexp" "runtime" + "strings" "golang.org/x/net/idna" ) @@ -61,6 +62,11 @@ const advancedUsage = `Advanced options: Set the CA certificate and key storage location. (This allows maintaining multiple local CAs in parallel.) + $TRUST_STORES (environment variable) + A comma-separated list of trust stores to install the local + root CA into. Options are: "system", "java" and "nss" (includes + Firefox). Autodetected by default. + ` func main() { @@ -140,15 +146,15 @@ func (m *mkcert) Run(args []string) { return } else { var warning bool - if !m.checkPlatform() { + if storeEnabled("system") && !m.checkPlatform() { warning = true log.Println("Warning: the local CA is not installed in the system trust store! ⚠️") } - if hasNSS && CertutilInstallHelp != "" && !m.checkNSS() { + if storeEnabled("nss") && hasNSS && CertutilInstallHelp != "" && !m.checkNSS() { warning = true log.Printf("Warning: the local CA is not installed in the %s trust store! ⚠️", NSSBrowsers) } - if hasJava && !m.checkJava() { + if storeEnabled("java") && hasJava && !m.checkJava() { warning = true log.Println("Warning: the local CA is not installed in the Java trust store! ⚠️") } @@ -209,14 +215,14 @@ func getCAROOT() string { func (m *mkcert) install() { var printed bool - if !m.checkPlatform() { + if storeEnabled("system") && !m.checkPlatform() { if m.installPlatform() { log.Print("The local CA is now installed in the system trust store! ⚡️") } m.ignoreCheckFailure = true // TODO: replace with a check for a successful install printed = true } - if hasNSS && !m.checkNSS() { + if storeEnabled("nss") && hasNSS && !m.checkNSS() { if hasCertutil && m.installNSS() { log.Printf("The local CA is now installed in the %s trust store (requires browser restart)! 🦊", NSSBrowsers) } else if CertutilInstallHelp == "" { @@ -227,7 +233,7 @@ func (m *mkcert) install() { } printed = true } - if hasJava && !m.checkJava() { + if storeEnabled("java") && hasJava && !m.checkJava() { if hasKeytool { m.installJava() log.Println("The local CA is now installed in Java's trust store! ☕️") @@ -242,7 +248,7 @@ func (m *mkcert) install() { } func (m *mkcert) uninstall() { - if hasNSS { + if storeEnabled("nss") && hasNSS { if hasCertutil { m.uninstallNSS() } else if CertutilInstallHelp != "" { @@ -252,7 +258,7 @@ func (m *mkcert) uninstall() { log.Print("") } } - if hasJava { + if storeEnabled("java") && hasJava { if hasKeytool { m.uninstallJava() } else { @@ -261,10 +267,10 @@ func (m *mkcert) uninstall() { log.Print("") } } - if m.uninstallPlatform() { + if storeEnabled("system") && m.uninstallPlatform() { log.Print("The local CA is now uninstalled from the system trust store(s)! 👋") log.Print("") - } else if hasCertutil { + } else if storeEnabled("nss") && hasCertutil { log.Printf("The local CA is now uninstalled from the %s trust store(s)! 👋", NSSBrowsers) log.Print("") } @@ -279,6 +285,19 @@ func (m *mkcert) checkPlatform() bool { return err == nil } +func storeEnabled(name string) bool { + stores := os.Getenv("TRUST_STORES") + if stores == "" { + return true + } + for _, store := range strings.Split(stores, ",") { + if store == name { + return true + } + } + return false +} + func fatalIfErr(err error, msg string) { if err != nil { log.Fatalf("ERROR: %s: %s", msg, err)