mkcert/truststore_linux.go

// Copyright 2018 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package main

import (
	"bytes"
	"io/ioutil"
	"log"
	"os"
	"os/exec"
	"path/filepath"
	"strings"
)

var (
	FirefoxProfile      = os.Getenv("HOME") + "/.mozilla/firefox/*"
	CertutilInstallHelp = `apt install libnss3-tools" or "yum install nss-tools`
	NSSBrowsers         = "Firefox and/or Chrome/Chromium"

	SystemTrustFilename string
	SystemTrustCommand  []string
)

func init() {
	if pathExists("/etc/pki/ca-trust/source/anchors/") {
		SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/mkcert-rootCA.pem"
		SystemTrustCommand = []string{"update-ca-trust", "extract"}
	} else if pathExists("/usr/local/share/ca-certificates/") {
		SystemTrustFilename = "/usr/local/share/ca-certificates/mkcert-rootCA.crt"
		SystemTrustCommand = []string{"update-ca-certificates"}
	} else if pathExists("/etc/ca-certificates/trust-source/anchors/") {
		SystemTrustFilename = "/etc/ca-certificates/trust-source/anchors/mkcert-rootCA.crt"
		SystemTrustCommand = []string{"trust", "extract-compat"}
	}
	if SystemTrustCommand != nil {
		_, err := exec.LookPath(SystemTrustCommand[0])
		if err != nil {
			SystemTrustCommand = nil
		}
	}
}

func pathExists(path string) bool {
	_, err := os.Stat(path)
	return err == nil
}

func (m *mkcert) installPlatform() bool {
	if SystemTrustCommand == nil {
		log.Printf("Installing to the system store is not yet supported on this Linux 😣 but %s will still work.", NSSBrowsers)
		log.Printf("You can also manually install the root certificate at %q.", filepath.Join(m.CAROOT, rootName))
		return false
	}

	cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName))
	fatalIfErr(err, "failed to read root certificate")

	cmd := CommandWithSudo("tee", SystemTrustFilename)
	cmd.Stdin = bytes.NewReader(cert)
	out, err := cmd.CombinedOutput()
	fatalIfCmdErr(err, "tee", out)

	cmd = CommandWithSudo(SystemTrustCommand...)
	out, err = cmd.CombinedOutput()
	fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)

	return true
}

func (m *mkcert) uninstallPlatform() bool {
	if SystemTrustCommand == nil {
		return false
	}

	cmd := CommandWithSudo("rm", SystemTrustFilename)
	out, err := cmd.CombinedOutput()
	fatalIfCmdErr(err, "rm", out)

	cmd = CommandWithSudo(SystemTrustCommand...)
	out, err = cmd.CombinedOutput()
	fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)

	return true
}

func CommandWithSudo(cmd ...string) *exec.Cmd {
	if _, err := exec.LookPath("sudo"); err != nil {
		return exec.Command(cmd[0], cmd[1:]...)
	}
	return exec.Command("sudo", append([]string{"--"}, cmd...)...)
}
Add Linux stubs 2018-06-26 05:48:41 +00:00			`// Copyright 2018 The Go Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`package main`

			`import (`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`"bytes"`
			`"io/ioutil"`
Add Linux stubs 2018-06-26 05:48:41 +00:00			`"log"`
Add Firefox support Fixes #6 2018-06-28 05:29:20 +00:00			`"os"`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`"os/exec"`
Add Linux stubs 2018-06-26 05:48:41 +00:00			`"path/filepath"`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`"strings"`
Add Linux stubs 2018-06-26 05:48:41 +00:00			`)`

Add Firefox support Fixes #6 2018-06-28 05:29:20 +00:00			`var (`
			`FirefoxProfile = os.Getenv("HOME") + "/.mozilla/firefox/*"`
Add support for Chrome/Chromium on Linux Fixes #11 Closes #15 2018-07-04 02:26:37 +00:00			CertutilInstallHelp = `apt install libnss3-tools" or "yum install nss-tools`
			`NSSBrowsers = "Firefox and/or Chrome/Chromium"`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00
			`SystemTrustFilename string`
			`SystemTrustCommand []string`
Add Firefox support Fixes #6 2018-06-28 05:29:20 +00:00			`)`

Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`func init() {`
Support installing to system trust store for Arch-based distros (#57) 2018-08-19 22:36:14 +00:00			`if pathExists("/etc/pki/ca-trust/source/anchors/") {`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/mkcert-rootCA.pem"`
			`SystemTrustCommand = []string{"update-ca-trust", "extract"}`
Support installing to system trust store for Arch-based distros (#57) 2018-08-19 22:36:14 +00:00			`} else if pathExists("/usr/local/share/ca-certificates/") {`
			`SystemTrustFilename = "/usr/local/share/ca-certificates/mkcert-rootCA.crt"`
			`SystemTrustCommand = []string{"update-ca-certificates"}`
			`} else if pathExists("/etc/ca-certificates/trust-source/anchors/") {`
			`SystemTrustFilename = "/etc/ca-certificates/trust-source/anchors/mkcert-rootCA.crt"`
			`SystemTrustCommand = []string{"trust", "extract-compat"}`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`}`
Polish Linux system store support 2018-07-04 04:06:50 +00:00			`if SystemTrustCommand != nil {`
			`_, err := exec.LookPath(SystemTrustCommand[0])`
			`if err != nil {`
			`SystemTrustCommand = nil`
			`}`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`}`
			`}`

Support installing to system trust store for Arch-based distros (#57) 2018-08-19 22:36:14 +00:00			`func pathExists(path string) bool {`
			`_, err := os.Stat(path)`
			`return err == nil`
			`}`

Polish Linux system store support 2018-07-04 04:06:50 +00:00			`func (m *mkcert) installPlatform() bool {`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`if SystemTrustCommand == nil {`
Polish Linux system store support 2018-07-04 04:06:50 +00:00			`log.Printf("Installing to the system store is not yet supported on this Linux 😣 but %s will still work.", NSSBrowsers)`
			`log.Printf("You can also manually install the root certificate at %q.", filepath.Join(m.CAROOT, rootName))`
			`return false`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`}`

			`cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName))`
			`fatalIfErr(err, "failed to read root certificate")`

Polish Linux system store support 2018-07-04 04:06:50 +00:00			`cmd := CommandWithSudo("tee", SystemTrustFilename)`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`cmd.Stdin = bytes.NewReader(cert)`
			`out, err := cmd.CombinedOutput()`
			`fatalIfCmdErr(err, "tee", out)`

Polish Linux system store support 2018-07-04 04:06:50 +00:00			`cmd = CommandWithSudo(SystemTrustCommand...)`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`out, err = cmd.CombinedOutput()`
			`fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)`
Polish Linux system store support 2018-07-04 04:06:50 +00:00
			`return true`
Add Linux stubs 2018-06-26 05:48:41 +00:00			`}`

Polish Linux system store support 2018-07-04 04:06:50 +00:00			`func (m *mkcert) uninstallPlatform() bool {`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`if SystemTrustCommand == nil {`
Polish Linux system store support 2018-07-04 04:06:50 +00:00			`return false`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`}`

Polish Linux system store support 2018-07-04 04:06:50 +00:00			`cmd := CommandWithSudo("rm", SystemTrustFilename)`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`out, err := cmd.CombinedOutput()`
			`fatalIfCmdErr(err, "rm", out)`

Polish Linux system store support 2018-07-04 04:06:50 +00:00			`cmd = CommandWithSudo(SystemTrustCommand...)`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`out, err = cmd.CombinedOutput()`
			`fatalIfCmdErr(err, strings.Join(SystemTrustCommand, " "), out)`
Polish Linux system store support 2018-07-04 04:06:50 +00:00
			`return true`
			`}`

			`func CommandWithSudo(cmd ...string) *exec.Cmd {`
			`if _, err := exec.LookPath("sudo"); err != nil {`
			`return exec.Command(cmd[0], cmd[1:]...)`
			`}`
			`return exec.Command("sudo", append([]string{"--"}, cmd...)...)`
Add Linux system trust support (#2) Use update-ca-certificates on Debian/Ubuntu based systems, and update-ca-trust when detected on RHEL/CentOS/Fedora. 2018-07-04 02:46:39 +00:00			`}`