Tons of desktop fixes

author: Cullum Smith <cullum@sacredheartsc.com> 2024-10-18 16:44:57 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-10-18 16:47:56 -0400
commit: 5ef2aed3f3961b72699d9881ed09560f4d01371a (patch)
tree: 0a03131e31f9f2fe5762afab6d99319f742eb9b3 /files/usr/local/libexec/nss-trust-root-ca.common
parent: aa28ec7ef20517e994f01753e8c4e6fdd4d0643c (diff)
download: infrastructure-5ef2aed3f3961b72699d9881ed09560f4d01371a.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/files/usr/local/libexec/nss-trust-root-ca.common b/files/usr/local/libexec/nss-trust-root-ca.common
new file mode 100644
index 0000000..6a38a86
--- /dev/null
+++ b/files/usr/local/libexec/nss-trust-root-ca.common
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Chromium no longer trusts the system certificate store. Instead, it uses the
+# user's local NSS database, located at ~/.pki.
+#
+# This script adds our local root CA to the NSS DB, so that Chrome will trust it.
+
+cert_name="$(hostname -d) Root CA"
+cert_path=/usr/local/etc/ssl/certs/ca.crt
+nss_db_path="${HOME}/.pki/nssdb"
+
+mkdir -p "$nss_db_path"
+
+if ! certutil -d "sql:${nss_db_path}" -L -n "$cert_name" > /dev/null 2>&1; then
+  certutil -d "sql:${nss_db_path}" -A -t 'C,,' -n "$cert_name" -i "$cert_path"
+fi
author	Cullum Smith <cullum@sacredheartsc.com>	2024-10-18 16:44:57 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-10-18 16:47:56 -0400
commit	5ef2aed3f3961b72699d9881ed09560f4d01371a (patch)
tree	0a03131e31f9f2fe5762afab6d99319f742eb9b3 /files/usr/local/libexec/nss-trust-root-ca.common
parent	aa28ec7ef20517e994f01753e8c4e6fdd4d0643c (diff)
download	infrastructure-5ef2aed3f3961b72699d9881ed09560f4d01371a.tar.gz