Skip to content

Commit 281c560

Browse files
traviscampbellFiloSottile
traviscampbell
authored and
FiloSottile
committed
Support installing to system trust store for Arch-based distros (#57)
1 parent 047acfa commit 281c560

File tree

2 files changed

+15
-9
lines changed

2 files changed

+15
-9
lines changed

README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,8 @@ On Linux, install `certutil`
5050
sudo apt install libnss3-tools
5151
-or-
5252
sudo yum install nss-tools
53+
-or-
54+
sudo pacman -S nss
5355
```
5456
and install using [Linuxbrew](http://linuxbrew.sh/).
5557

@@ -87,7 +89,7 @@ mkcert supports the following root stores:
8789
* macOS system store
8890
* Windows system store
8991
* Linux variants that provide either
90-
* `update-ca-trust` (Fedora, RHEL, CentOS) or
92+
* `update-ca-trust` (Fedora, RHEL, CentOS, Arch) or
9193
* `update-ca-certificates` (Ubuntu, Debian)
9294
* Firefox (macOS and Linux only)
9395
* Chrome and Chromium

truststore_linux.go

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,15 @@ var (
2424
)
2525

2626
func init() {
27-
_, err := os.Stat("/etc/pki/ca-trust/source/anchors/")
28-
if err == nil {
27+
if pathExists("/etc/pki/ca-trust/source/anchors/") {
2928
SystemTrustFilename = "/etc/pki/ca-trust/source/anchors/mkcert-rootCA.pem"
3029
SystemTrustCommand = []string{"update-ca-trust", "extract"}
31-
} else {
32-
_, err = os.Stat("/usr/local/share/ca-certificates/")
33-
if err == nil {
34-
SystemTrustFilename = "/usr/local/share/ca-certificates/mkcert-rootCA.crt"
35-
SystemTrustCommand = []string{"update-ca-certificates"}
36-
}
30+
} else if pathExists("/usr/local/share/ca-certificates/") {
31+
SystemTrustFilename = "/usr/local/share/ca-certificates/mkcert-rootCA.crt"
32+
SystemTrustCommand = []string{"update-ca-certificates"}
33+
} else if pathExists("/etc/ca-certificates/trust-source/anchors/") {
34+
SystemTrustFilename = "/etc/ca-certificates/trust-source/anchors/mkcert-rootCA.crt"
35+
SystemTrustCommand = []string{"trust", "extract-compat"}
3736
}
3837
if SystemTrustCommand != nil {
3938
_, err := exec.LookPath(SystemTrustCommand[0])
@@ -43,6 +42,11 @@ func init() {
4342
}
4443
}
4544

45+
func pathExists(path string) bool {
46+
_, err := os.Stat(path)
47+
return err == nil
48+
}
49+
4650
func (m *mkcert) installPlatform() bool {
4751
if SystemTrustCommand == nil {
4852
log.Printf("Installing to the system store is not yet supported on this Linux 😣 but %s will still work.", NSSBrowsers)

0 commit comments

Comments
 (0)