PenaDevops/mkcert
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

truststore_nss: retry certtool with sudo when it fails due to permissions

Browse Source 
Based on @rfay's investigation and fix.

Fixes #192
Closes #193
This commit is contained in:
Filippo Valsorda 2019-11-09 17:30:15 -05:00 committed by Filippo Valsorda
parent 00ded1d014
commit 1b4ad6c774
2 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
truststore_java.go
View File

@ -87,7 +87,7 @@ func (m *mkcert) installJava() {
"-alias", m.caUniqueName(), "-alias", m.caUniqueName(),
} }
out, err := m.execKeytool(exec.Command(keytoolPath, args...)) out, err := execKeytool(exec.Command(keytoolPath, args...))
fatalIfCmdErr(err, "keytool -importcert", out) fatalIfCmdErr(err, "keytool -importcert", out)
} }
@ -98,7 +98,7 @@ func (m *mkcert) uninstallJava() {
"-keystore", cacertsPath, "-keystore", cacertsPath,
"-storepass", storePass, "-storepass", storePass,
} }
out, err := m.execKeytool(exec.Command(keytoolPath, args...)) out, err := execKeytool(exec.Command(keytoolPath, args...))
if bytes.Contains(out, []byte("does not exist")) { if bytes.Contains(out, []byte("does not exist")) {
return // cert didn't exist return // cert didn't exist
} }
@ -107,11 +107,11 @@ func (m *mkcert) uninstallJava() {
// execKeytool will execute a "keytool" command and if needed re-execute // execKeytool will execute a "keytool" command and if needed re-execute
// the command with commandWithSudo to work around file permissions. // the command with commandWithSudo to work around file permissions.
func (m *mkcert) execKeytool(cmd *exec.Cmd) ([]byte, error) { func execKeytool(cmd *exec.Cmd) ([]byte, error) {
out, err := cmd.CombinedOutput() out, err := cmd.CombinedOutput()
if err != nil && bytes.Contains(out, []byte("java.io.FileNotFoundException")) && runtime.GOOS != "windows" { if err != nil && bytes.Contains(out, []byte("java.io.FileNotFoundException")) && runtime.GOOS != "windows" {
origArgs := cmd.Args[1:] origArgs := cmd.Args[1:]
cmd = commandWithSudo(keytoolPath) cmd = commandWithSudo(cmd.Path)
cmd.Args = append(cmd.Args, origArgs...) cmd.Args = append(cmd.Args, origArgs...)
cmd.Env = []string{ cmd.Env = []string{
"JAVA_HOME=" + javaHome, "JAVA_HOME=" + javaHome,

22
truststore_nss.go
View File

@ -5,6 +5,7 @@
package main package main
import ( import (
"bytes"
"log" "log"
"os" "os"
"os/exec" "os/exec"
@ -83,8 +84,8 @@ func (m *mkcert) checkNSS() bool {
func (m *mkcert) installNSS() bool { func (m *mkcert) installNSS() bool {
if m.forEachNSSProfile(func(profile string) { if m.forEachNSSProfile(func(profile string) {
cmd := exec.Command(certutilPath, "-A", "-d", profile, "-t", "C,,", "-n", m.caUniqueName(), "-i", filepath.Join(m.CAROOT, rootName)) cmd := exec.Command(certutilPath, "-A", "-d", profile, "-t", "C,,", "-n", m.caUniqueName(), "-i", filepath.Join(m.CAROOT, rootName))
out, err := cmd.CombinedOutput() out, err := execCertutil(cmd)
fatalIfCmdErr(err, "certutil -A", out) fatalIfCmdErr(err, "certutil -A -d "+profile, out)
}) == 0 { }) == 0 {
log.Printf("ERROR: no %s security databases found", NSSBrowsers) log.Printf("ERROR: no %s security databases found", NSSBrowsers)
return false return false
@ -104,11 +105,24 @@ func (m *mkcert) uninstallNSS() {
return return
} }
cmd := exec.Command(certutilPath, "-D", "-d", profile, "-n", m.caUniqueName()) cmd := exec.Command(certutilPath, "-D", "-d", profile, "-n", m.caUniqueName())
out, err := cmd.CombinedOutput() out, err := execCertutil(cmd)
fatalIfCmdErr(err, "certutil -D", out) fatalIfCmdErr(err, "certutil -D -d "+profile, out)
}) })
} }
// execCertutil will execute a "certutil" command and if needed re-execute
// the command with commandWithSudo to work around file permissions.
func execCertutil(cmd *exec.Cmd) ([]byte, error) {
out, err := cmd.CombinedOutput()
if err != nil && bytes.Contains(out, []byte("SEC_ERROR_READ_ONLY")) && runtime.GOOS != "windows" {
origArgs := cmd.Args[1:]
cmd = commandWithSudo(cmd.Path)
cmd.Args = append(cmd.Args, origArgs...)
out, err = cmd.CombinedOutput()
}
return out, err
}
func (m *mkcert) forEachNSSProfile(f func(profile string)) (found int) { func (m *mkcert) forEachNSSProfile(f func(profile string)) (found int) {
profiles, _ := filepath.Glob(FirefoxProfile) profiles, _ := filepath.Glob(FirefoxProfile)
profiles = append(profiles, nssDBs...) profiles = append(profiles, nssDBs...)