From cf7dc648c2ffbdabe983db64da8bcdcc418a4a47 Mon Sep 17 00:00:00 2001 From: qiu-x Date: Fri, 26 Nov 2021 19:17:39 +0100 Subject: [PATCH 1/2] Add FreeBSD `certctl` support --- truststore_freebsd.go | 103 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 truststore_freebsd.go diff --git a/truststore_freebsd.go b/truststore_freebsd.go new file mode 100644 index 0000000..99d37a8 --- /dev/null +++ b/truststore_freebsd.go @@ -0,0 +1,103 @@ +package truststore + +import ( + "bytes" + "crypto/x509" + "fmt" + "io/ioutil" + "log" + "os" + "os/exec" + "strings" +) + +var ( + // NSSProfile is the path of the Firefox profiles. + NSSProfile = os.Getenv("HOME") + "/.mozilla/firefox/*" + + // CertutilInstallHelp is the command to add NSS support. + CertutilInstallHelp = "" + + // SystemTrustFilename is the format used to name the root certificates. + SystemTrustFilename string + + // SystemTrustCommand is the command used to update the system truststore. + SystemTrustCommand []string +) + +func init() { + if !pathExists("/usr/local/etc/ssl/certs") { + err := os.Mkdir("/usr/local/etc/ssl/certs", 0755) + if err != nil { + SystemTrustCommand = nil + log.Fatal(err) + return + } + } + SystemTrustCommand = []string{"certctl", "rehash"} + SystemTrustFilename = "/usr/local/etc/ssl/certs/%s.crt" +} + +func pathExists(path string) bool { + _, err := os.Stat(path) + return err == nil +} + +func systemTrustFilename(cert *x509.Certificate) string { + return fmt.Sprintf(SystemTrustFilename, strings.Replace(uniqueName(cert), " ", "_", -1)) +} + +func installPlatform(filename string, cert *x509.Certificate) error { + if SystemTrustCommand == nil { + return ErrNotSupported + } + + data, err := ioutil.ReadFile(filename) + if err != nil { + return err + } + + cmd := CommandWithSudo("tee", systemTrustFilename(cert)) + cmd.Stdin = bytes.NewReader(data) + out, err := cmd.CombinedOutput() + if err != nil { + return NewCmdError(err, cmd, out) + } + + cmd = CommandWithSudo(SystemTrustCommand...) + out, err = cmd.CombinedOutput() + if err != nil { + return NewCmdError(err, cmd, out) + } + + debug("certificate installed properly in FreeBSD trusts") + return nil +} + +func uninstallPlatform(filename string, cert *x509.Certificate) error { + if SystemTrustCommand == nil { + return ErrNotSupported + } + + cmd := CommandWithSudo("rm", "-f", systemTrustFilename(cert)) + out, err := cmd.CombinedOutput() + if err != nil { + return NewCmdError(err, cmd, out) + } + + cmd = CommandWithSudo(SystemTrustCommand...) + out, err = cmd.CombinedOutput() + if err != nil { + return NewCmdError(err, cmd, out) + } + + debug("certificate uninstalled properly from FreeBSD trusts") + return nil +} + +func CommandWithSudo(cmd ...string) *exec.Cmd { + if _, err := exec.LookPath("sudo"); err != nil { + return exec.Command(cmd[0], cmd[1:]...) + } + return exec.Command("sudo", append([]string{"--"}, cmd...)...) +} From 46ca5e1cf0a5c9be71d33bc04183dc6ac9a39ece Mon Sep 17 00:00:00 2001 From: qiu-x Date: Fri, 26 Nov 2021 19:58:30 +0100 Subject: [PATCH 2/2] remove `log` import from `truststore_freebsd.go` --- truststore_freebsd.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/truststore_freebsd.go b/truststore_freebsd.go index 99d37a8..cebb07e 100644 --- a/truststore_freebsd.go +++ b/truststore_freebsd.go @@ -5,7 +5,6 @@ import ( "crypto/x509" "fmt" "io/ioutil" - "log" "os" "os/exec" "strings" @@ -30,7 +29,7 @@ func init() { err := os.Mkdir("/usr/local/etc/ssl/certs", 0755) if err != nil { SystemTrustCommand = nil - log.Fatal(err) + debug(err.Error()) return } }