Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use sudo when necessary for certutil (Ubuntu 16.04 at least), fixes #192 #193

Closed
wants to merge 6 commits into from
Closed

Use sudo when necessary for certutil (Ubuntu 16.04 at least), fixes #192 #193

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
be53f09
Sudo must be used with certutil on Ubuntu 16.04
rfay Aug 20, 2019
82ba486
Improve certutil error message
rfay Aug 20, 2019
d7ae73b
Add x/sys/unix to vendor
rfay Aug 20, 2019
5195be5
Check permissions and use sudo for nss install/uninstall
rfay Aug 20, 2019
58ce116
Handle case of windows as well
rfay Aug 20, 2019
f7d2d8b
Build constraints for the first time
rfay Aug 20, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ module github.com/FiloSottile/mkcert

require (
golang.org/x/net v0.0.0-20180627171509-e514e69ffb8b
golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a
golang.org/x/text v0.3.0 // indirect
howett.net/plist v0.0.0-20181124034731-591f970eefbb
software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
golang.org/x/net v0.0.0-20180627171509-e514e69ffb8b h1:oXs/nlnyk1ue6g+mFGEHIuIaQIT28IgumdSIRMq2aJY=
golang.org/x/net v0.0.0-20180627171509-e514e69ffb8b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a h1:aYOabOQFp6Vj6W1F80affTUvO9UxmJRx8K0gsfABByQ=
golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down
14 changes: 14 additions & 0 deletions is_writable.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// +build linux darwin !windows

package main

import (
"golang.org/x/sys/unix"
)

func IsWritable(path string) bool {
if err := unix.Access(path, unix.W_OK); err == nil {
return true
}
return false
}
26 changes: 26 additions & 0 deletions is_writable_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
// +build windows

package main

import (
"os"
)

// thanks to https://stackoverflow.com/a/49148866/215713
func IsWritable(path string) bool {
info, err := os.Stat(path)
if err != nil {
return false
}

err = nil
if !info.IsDir() {
return false
}

// Check if the user bit is enabled in file permission
if info.Mode().Perm()&(1<<(uint(7))) == 0 {
return false
}
return true
}
33 changes: 23 additions & 10 deletions truststore_nss.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ func (m *mkcert) checkNSS() bool {
return false
}
success := true
if m.forEachNSSProfile(func(profile string) {
if m.forEachNSSProfile(func(profile string, path string) {
err := exec.Command(certutilPath, "-V", "-d", profile, "-u", "L", "-n", m.caUniqueName()).Run()
if err != nil {
success = false
Expand All @@ -81,10 +81,16 @@ func (m *mkcert) checkNSS() bool {
}

func (m *mkcert) installNSS() bool {
if m.forEachNSSProfile(func(profile string) {
cmd := exec.Command(certutilPath, "-A", "-d", profile, "-t", "C,,", "-n", m.caUniqueName(), "-i", filepath.Join(m.CAROOT, rootName))
if m.forEachNSSProfile(func(profile string, path string) {
// certutil must be sudoed on Ubuntu 16.04
cmdArgs := []string{certutilPath, "-A", "-d", profile, "-t", "C,,", "-n", m.caUniqueName(), "-i", filepath.Join(m.CAROOT, rootName)}
cmd := exec.Command(certutilPath, cmdArgs[1:]...)

if !IsWritable(path) {
cmd = commandWithSudo(cmdArgs...)
}
out, err := cmd.CombinedOutput()
fatalIfCmdErr(err, "certutil -A", out)
fatalIfCmdErr(err, strings.Join(cmdArgs, " "), out)
}) == 0 {
log.Printf("ERROR: no %s security databases found", NSSBrowsers)
return false
Expand All @@ -98,29 +104,36 @@ func (m *mkcert) installNSS() bool {
}

func (m *mkcert) uninstallNSS() {
m.forEachNSSProfile(func(profile string) {
m.forEachNSSProfile(func(profile string, path string) {
err := exec.Command(certutilPath, "-V", "-d", profile, "-u", "L", "-n", m.caUniqueName()).Run()
if err != nil {
return
}
cmd := exec.Command(certutilPath, "-D", "-d", profile, "-n", m.caUniqueName())

cmdArgs := []string{certutilPath, "-D", "-d", profile, "-n", m.caUniqueName()}
cmd := exec.Command(certutilPath, cmdArgs[1:]...)
if !IsWritable(path) {
cmd = commandWithSudo(cmdArgs...)
}

out, err := cmd.CombinedOutput()
fatalIfCmdErr(err, "certutil -D", out)

fatalIfCmdErr(err, strings.Join(cmdArgs, " "), out)
})
}

func (m *mkcert) forEachNSSProfile(f func(profile string)) (found int) {
func (m *mkcert) forEachNSSProfile(f func(profile string, path string)) (found int) {
profiles, _ := filepath.Glob(FirefoxProfile)
profiles = append(profiles, nssDBs...)
for _, profile := range profiles {
if stat, err := os.Stat(profile); err != nil || !stat.IsDir() {
continue
}
if pathExists(filepath.Join(profile, "cert9.db")) {
f("sql:" + profile)
f("sql:"+profile, profile)
found++
} else if pathExists(filepath.Join(profile, "cert8.db")) {
f("dbm:" + profile)
f("dbm:"+profile, profile)
found++
}
}
Expand Down
3 changes: 3 additions & 0 deletions vendor/golang.org/x/sys/AUTHORS
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions vendor/golang.org/x/sys/CONTRIBUTORS
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions vendor/golang.org/x/sys/LICENSE
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 22 additions & 0 deletions vendor/golang.org/x/sys/PATENTS
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions vendor/golang.org/x/sys/unix/.gitignore
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

173 changes: 173 additions & 0 deletions vendor/golang.org/x/sys/unix/README.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading