| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 |
- // Copyright 2018 The mkcert Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- package main
- import (
- "bytes"
- "fmt"
- "io/ioutil"
- "log"
- "os"
- "path/filepath"
- "strings"
- )
- var (
- FirefoxProfile = os.Getenv("HOME") + "/.mozilla/firefox/*"
- NSSBrowsers = "Firefox and/or Chrome/Chromium"
- SystemTrustFilename string
- SystemTrustCommand []string
- CertutilInstallHelp string
- )
- func init() {
- switch {
- case binaryExists("apt"):
- CertutilInstallHelp = "apt install libnss3-tools"
- case binaryExists("yum"):
- CertutilInstallHelp = "yum install nss-tools"
- case binaryExists("zypper"):
- CertutilInstallHelp = "zypper install mozilla-nss-tools"
- }
- if pathExists("/etc/pki/ca-trust/source/anchors/") {
- SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/%s.pem"
- SystemTrustCommand = []string{"update-ca-trust", "extract"}
- } else if pathExists("/usr/local/share/ca-certificates/") {
- SystemTrustFilename = "/usr/local/share/ca-certificates/%s.crt"
- SystemTrustCommand = []string{"update-ca-certificates"}
- } else if pathExists("/etc/ca-certificates/trust-source/anchors/") {
- SystemTrustFilename = "/etc/ca-certificates/trust-source/anchors/%s.crt"
- SystemTrustCommand = []string{"trust", "extract-compat"}
- } else if pathExists("/usr/share/pki/trust/anchors") {
- SystemTrustFilename = "/usr/share/pki/trust/anchors/%s.pem"
- SystemTrustCommand = []string{"update-ca-certificates"}
- }
- if SystemTrustCommand != nil && !binaryExists(SystemTrustCommand[0]) {
- SystemTrustCommand = nil
- }
- }
- func (m *mkcert) systemTrustFilename() string {
- return fmt.Sprintf(SystemTrustFilename, strings.Replace(m.caUniqueName(), " ", "_", -1))
- }
- func (m *mkcert) installPlatform() bool {
- if SystemTrustCommand == nil {
- log.Printf("Installing to the system store is not yet supported on this Linux 😣 but %s will still work.", NSSBrowsers)
- log.Printf("You can also manually install the root certificate at %q.", filepath.Join(m.CAROOT, rootName))
- return false
- }
- cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName))
- fatalIfErr(err, "failed to read root certificate")
- cmd := commandWithSudo("tee", m.systemTrustFilename())
- cmd.Stdin = bytes.NewReader(cert)
- out, err := cmd.CombinedOutput()
- fatalIfCmdErr(err, "tee", out)
- cmd = commandWithSudo(SystemTrustCommand...)
- out, err = cmd.CombinedOutput()
- fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
- return true
- }
- func (m *mkcert) uninstallPlatform() bool {
- if SystemTrustCommand == nil {
- return false
- }
- cmd := commandWithSudo("rm", "-f", m.systemTrustFilename())
- out, err := cmd.CombinedOutput()
- fatalIfCmdErr(err, "rm", out)
- // We used to install under non-unique filenames.
- legacyFilename := fmt.Sprintf(SystemTrustFilename, "mkcert-rootCA")
- if pathExists(legacyFilename) {
- cmd := commandWithSudo("rm", "-f", legacyFilename)
- out, err := cmd.CombinedOutput()
- fatalIfCmdErr(err, "rm (legacy filename)", out)
- }
- cmd = commandWithSudo(SystemTrustCommand...)
- out, err = cmd.CombinedOutput()
- fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
- return true
- }
|
