Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
install_dev_certificate.clj
#!/usr/bin/env bash
set -eo pipefail
CERT_FILE="./certs/dev/dev-ca/rootCA.pem"
CERT_NAME="Nextjournal Development Root CA"
echo "Installing development Root CA into system store..."
if uname -a | grep -q Darwin; then
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $CERT_FILE
echo "Adding cert to java truststore"
sudo keytool -noprompt -keystore $(/usr/libexec/java_home)/lib/security/cacerts -storepass changeit -importcert -alias nextjournal_dev_ca -file certs/dev/dev-ca/rootCA.pem || true
elif uname -a | grep -q Ubuntu; then
sudo cp $CERT_FILE /usr/local/share/ca-certificates/dev_ca.crt
sudo update-ca-certificates
if ! which certutil >/dev/null 2>&1; then
echo
echo "certutil not found. Please install it with \"sudo apt-get install libnss3-tools\""
echo "and run this script again"
exit 1
fi
for cert_db in $(find ~/ -type f -name "cert9.db"); do
cert_dir=$(dirname ${cert_db});
echo "Installing certificate in firefox/chrome trust store ${cert_dir}"
certutil -A -n "${CERT_NAME}" -t "TCP,TCP,TCP" -i ${CERT_FILE} -d sql:${cert_dir}
done
else
echo "OS not supported"
exit 1
fi
echo "Certificate installed"
#!/usr/bin/env bb
(ns install-dev-certificate
"A line by line port of bin/install-dev-certificate"
(:require [babashka.fs :as fs]
[babashka.process :refer [sh]]
[babashka.tasks :refer [shell]]
[clojure.string :as str]))
(def CERT_FILE "./certs/dev/dev-ca/rootCA.pem")
(def CERT_NAME "Nextjournal Development Root CA")
(println "Installing development Root CA into system store...")
(def uname (:out (sh "uname -a")))
(cond
(str/includes? uname "Darwin")
(do
(shell (str "sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain " CERT_FILE))
(println "Adding cert to java truststore")
(if-let [java-home (some-> (or (System/getenv "JAVA_HOME")
(not-empty (:out (sh ["/usr/libexec/java_home"])))
(some->> (fs/which "java")
fs/real-path
fs/parent
fs/parent
str))
str/trim)]
(shell {:continue true}
(format "sudo keytool -noprompt -keystore %s/lib/security/cacerts -storepass changeit -importcert -alias nextjournal_dev_ca -file certs/dev/dev-ca/rootCA.pem"
java-home))
(do (println "No java install found.")
(System/exit 1))))
(str/includes? uname "Ubuntu")
(do (shell {:continue true}
(format "sudo cp %s /usr/local/share/ca-certificates/dev_ca.crt"
CERT_FILE))
(if-not (fs/which "certutil")
(do (println "certutil not found. Please install it with \"sudo apt-get install libnss3-tools\"")
(println "and run this script again")
(System/exit 1))
(doseq [cert-db (-> ;; could use fs/glob here, but searching the entire home
;; dir with find is probably faster and we can assume bash here, since linux
(sh "bash -c 'find ~/ -type f -name \"cert9.db\"")
:out str/split-lines)]
(let [cert-dir (fs/parent cert-db)]
(println "Installing certificate in firefox/chrome trust store:" cert-dir)
(shell "certutil -A -n" CERT_NAME "-t" "TCP,TCP,TCP" "-i" CERT_FILE "-d" (str "sql:" cert-dir))))))
:else (do (println "OS not supported")
(System/exit 1)))
(println "Certificate installed")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment