Initial commit and macOS install

2025-10-13 16:31:41 +08:00 · 2018-06-25 01:32:41 -04:00
commit cbca29dc62
28 changed files with 3620 additions and 0 deletions
--- a/truststore_darwin.go
+++ b/truststore_darwin.go
@@ -0,0 +1,98 @@
+package main
+
+import (
+	"bytes"
+	"encoding/asn1"
+	"io/ioutil"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/DHowett/go-plist"
+)
+
+// https://github.com/golang/go/issues/24652#issuecomment-399826583
+var trustSettings []interface{}
+var _, _ = plist.Unmarshal(trustSettingsData, &trustSettings)
+var trustSettingsData = []byte(`
+<array>
+	<dict>
+		<key>kSecTrustSettingsPolicy</key>
+		<data>
+		KoZIhvdjZAED
+		</data>
+		<key>kSecTrustSettingsPolicyName</key>
+		<string>sslServer</string>
+		<key>kSecTrustSettingsResult</key>
+		<integer>1</integer>
+	</dict>
+	<dict>
+		<key>kSecTrustSettingsPolicy</key>
+		<data>
+		KoZIhvdjZAEC
+		</data>
+		<key>kSecTrustSettingsPolicyName</key>
+		<string>basicX509</string>
+		<key>kSecTrustSettingsResult</key>
+		<integer>1</integer>
+	</dict>
+</array>
+`)
+
+func (m *mkcert) installPlatform() {
+	cmd := exec.Command("sudo", "security", "add-trusted-cert", "-d", "-k", "/Library/Keychains/System.keychain", filepath.Join(m.CAROOT, rootName))
+	out, err := cmd.CombinedOutput()
+	fatalIfCmdErr(err, "security add-trusted-cert", out)
+
+	// Make trustSettings explicit, as older Go does not know the defaults.
+	// https://github.com/golang/go/issues/24652
+
+	plistFile, err := ioutil.TempFile("", "trust-settings")
+	fatalIfErr(err, "failed to create temp file")
+	defer os.Remove(plistFile.Name())
+
+	cmd = exec.Command("sudo", "security", "trust-settings-export", "-d", plistFile.Name())
+	out, err = cmd.CombinedOutput()
+	fatalIfCmdErr(err, "security trust-settings-export", out)
+
+	plistData, err := ioutil.ReadFile(plistFile.Name())
+	fatalIfErr(err, "failed to read trust settings")
+	var plistRoot map[string]interface{}
+	_, err = plist.Unmarshal(plistData, &plistRoot)
+	fatalIfErr(err, "failed to parse trust settings")
+
+	rootSubjectASN1, _ := asn1.Marshal(rootSubject.ToRDNSequence())
+
+	if plistRoot["trustVersion"].(uint64) != 1 {
+		log.Fatalln("ERROR: unsupported trust settings version:", plistRoot["trustVersion"])
+	}
+	trustList := plistRoot["trustList"].(map[string]interface{})
+	for key := range trustList {
+		entry := trustList[key].(map[string]interface{})
+		if _, ok := entry["issuerName"]; !ok {
+			continue
+		}
+		issuerName := entry["issuerName"].([]byte)
+		if !bytes.Equal(rootSubjectASN1, issuerName) {
+			continue
+		}
+		entry["trustSettings"] = trustSettings
+		break
+	}
+
+	plistData, err = plist.MarshalIndent(plistRoot, plist.XMLFormat, "\t")
+	fatalIfErr(err, "failed to serialize trust settings")
+	err = ioutil.WriteFile(plistFile.Name(), plistData, 0600)
+	fatalIfErr(err, "failed to write trust settings")
+
+	cmd = exec.Command("sudo", "security", "trust-settings-import", "-d", plistFile.Name())
+	out, err = cmd.CombinedOutput()
+	fatalIfCmdErr(err, "security trust-settings-import", out)
+}
+
+func fatalIfCmdErr(err error, cmd string, out []byte) {
+	if err != nil {
+		log.Fatalf("ERROR: failed to execute \"%s\": %s\n\n%s\n", cmd, err, out)
+	}
+}