truststore_linux.go 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. // Copyright 2018 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package main
  5. import (
  6. "bytes"
  7. "fmt"
  8. "io/ioutil"
  9. "log"
  10. "os"
  11. "os/exec"
  12. "path/filepath"
  13. "strings"
  14. )
  15. var (
  16. FirefoxProfile = os.Getenv("HOME") + "/.mozilla/firefox/*"
  17. CertutilInstallHelp = `apt install libnss3-tools" or "yum install nss-tools" or "zypper install mozilla-nss-tools`
  18. NSSBrowsers = "Firefox and/or Chrome/Chromium"
  19. SystemTrustFilename string
  20. SystemTrustCommand []string
  21. )
  22. func init() {
  23. if pathExists("/etc/pki/ca-trust/source/anchors/") {
  24. SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/%s.pem"
  25. SystemTrustCommand = []string{"update-ca-trust", "extract"}
  26. } else if pathExists("/usr/local/share/ca-certificates/") {
  27. SystemTrustFilename = "/usr/local/share/ca-certificates/%s.crt"
  28. SystemTrustCommand = []string{"update-ca-certificates"}
  29. } else if pathExists("/etc/ca-certificates/trust-source/anchors/") {
  30. SystemTrustFilename = "/etc/ca-certificates/trust-source/anchors/%s.crt"
  31. SystemTrustCommand = []string{"trust", "extract-compat"}
  32. } else if pathExists("/usr/share/pki/trust/anchors") {
  33. SystemTrustFilename = "/usr/share/pki/trust/anchors/%s.pem"
  34. SystemTrustCommand = []string{"update-ca-certificates"}
  35. }
  36. if SystemTrustCommand != nil {
  37. _, err := exec.LookPath(SystemTrustCommand[0])
  38. if err != nil {
  39. SystemTrustCommand = nil
  40. }
  41. }
  42. }
  43. func pathExists(path string) bool {
  44. _, err := os.Stat(path)
  45. return err == nil
  46. }
  47. func (m *mkcert) systemTrustFilename() string {
  48. return fmt.Sprintf(SystemTrustFilename, strings.Replace(m.caUniqueName(), " ", "_", -1))
  49. }
  50. func (m *mkcert) installPlatform() bool {
  51. if SystemTrustCommand == nil {
  52. log.Printf("Installing to the system store is not yet supported on this Linux 😣 but %s will still work.", NSSBrowsers)
  53. log.Printf("You can also manually install the root certificate at %q.", filepath.Join(m.CAROOT, rootName))
  54. return false
  55. }
  56. cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName))
  57. fatalIfErr(err, "failed to read root certificate")
  58. cmd := CommandWithSudo("tee", m.systemTrustFilename())
  59. cmd.Stdin = bytes.NewReader(cert)
  60. out, err := cmd.CombinedOutput()
  61. fatalIfCmdErr(err, "tee", out)
  62. cmd = CommandWithSudo(SystemTrustCommand...)
  63. out, err = cmd.CombinedOutput()
  64. fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
  65. return true
  66. }
  67. func (m *mkcert) uninstallPlatform() bool {
  68. if SystemTrustCommand == nil {
  69. return false
  70. }
  71. cmd := CommandWithSudo("rm", "-f", m.systemTrustFilename())
  72. out, err := cmd.CombinedOutput()
  73. fatalIfCmdErr(err, "rm", out)
  74. // We used to install under non-unique filenames.
  75. legacyFilename := fmt.Sprintf(SystemTrustFilename, "mkcert-rootCA")
  76. if pathExists(legacyFilename) {
  77. cmd := CommandWithSudo("rm", "-f", legacyFilename)
  78. out, err := cmd.CombinedOutput()
  79. fatalIfCmdErr(err, "rm (legacy filename)", out)
  80. }
  81. cmd = CommandWithSudo(SystemTrustCommand...)
  82. out, err = cmd.CombinedOutput()
  83. fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)
  84. return true
  85. }
  86. func CommandWithSudo(cmd ...string) *exec.Cmd {
  87. if _, err := exec.LookPath("sudo"); err != nil {
  88. return exec.Command(cmd[0], cmd[1:]...)
  89. }
  90. return exec.Command("sudo", append([]string{"--"}, cmd...)...)
  91. }