truststore_linux.go 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
  1. // Copyright 2018 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package main
  5. import (
  6. "bytes"
  7. "io/ioutil"
  8. "log"
  9. "os"
  10. "os/exec"
  11. "path/filepath"
  12. "strings"
  13. )
  14. var (
  15. FirefoxProfile = os.Getenv("HOME") + "/.mozilla/firefox/*"
  16. CertutilInstallHelp = `apt install libnss3-tools" or "yum install nss-tools`
  17. NSSBrowsers = "Firefox and/or Chrome/Chromium"
  18. SystemTrustFilename string
  19. SystemTrustCommand []string
  20. )
  21. func init() {
  22. if pathExists("/etc/pki/ca-trust/source/anchors/") {
  23. SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/mkcert-rootCA.pem"
  24. SystemTrustCommand = []string{"update-ca-trust", "extract"}
  25. } else if pathExists("/usr/local/share/ca-certificates/") {
  26. SystemTrustFilename = "/usr/local/share/ca-certificates/mkcert-rootCA.crt"
  27. SystemTrustCommand = []string{"update-ca-certificates"}
  28. } else if pathExists("/etc/ca-certificates/trust-source/anchors/") {
  29. SystemTrustFilename = "/etc/ca-certificates/trust-source/anchors/mkcert-rootCA.crt"
  30. SystemTrustCommand = []string{"trust", "extract-compat"}
  31. }
  32. if SystemTrustCommand != nil {
  33. _, err := exec.LookPath(SystemTrustCommand[0])
  34. if err != nil {
  35. SystemTrustCommand = nil
  36. }
  37. }
  38. }
  39. func pathExists(path string) bool {
  40. _, err := os.Stat(path)
  41. return err == nil
  42. }
  43. func (m *mkcert) installPlatform() bool {
  44. if SystemTrustCommand == nil {
  45. log.Printf("Installing to the system store is not yet supported on this Linux 😣 but %s will still work.", NSSBrowsers)
  46. log.Printf("You can also manually install the root certificate at %q.", filepath.Join(m.CAROOT, rootName))
  47. return false
  48. }
  49. cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName))
  50. fatalIfErr(err, "failed to read root certificate")
  51. cmd := CommandWithSudo("tee", SystemTrustFilename)
  52. cmd.Stdin = bytes.NewReader(cert)
  53. out, err := cmd.CombinedOutput()
  54. fatalIfCmdErr(err, "tee", out)
  55. cmd = CommandWithSudo(SystemTrustCommand...)
  56. out, err = cmd.CombinedOutput()
  57. fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
  58. return true
  59. }
  60. func (m *mkcert) uninstallPlatform() bool {
  61. if SystemTrustCommand == nil {
  62. return false
  63. }
  64. cmd := CommandWithSudo("rm", SystemTrustFilename)
  65. out, err := cmd.CombinedOutput()
  66. fatalIfCmdErr(err, "rm", out)
  67. cmd = CommandWithSudo(SystemTrustCommand...)
  68. out, err = cmd.CombinedOutput()
  69. fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
  70. return true
  71. }
  72. func CommandWithSudo(cmd ...string) *exec.Cmd {
  73. if _, err := exec.LookPath("sudo"); err != nil {
  74. return exec.Command(cmd[0], cmd[1:]...)
  75. }
  76. return exec.Command("sudo", append([]string{"--"}, cmd...)...)
  77. }