From 5ef2aed3f3961b72699d9881ed09560f4d01371a Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Fri, 18 Oct 2024 16:44:57 -0400
Subject: Tons of desktop fixes

---
 files/usr/local/libexec/nss-trust-root-ca.common | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 files/usr/local/libexec/nss-trust-root-ca.common

(limited to 'files/usr/local/libexec/nss-trust-root-ca.common')

diff --git a/files/usr/local/libexec/nss-trust-root-ca.common b/files/usr/local/libexec/nss-trust-root-ca.common
new file mode 100644
index 0000000..6a38a86
--- /dev/null
+++ b/files/usr/local/libexec/nss-trust-root-ca.common
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Chromium no longer trusts the system certificate store. Instead, it uses the
+# user's local NSS database, located at ~/.pki.
+#
+# This script adds our local root CA to the NSS DB, so that Chrome will trust it.
+
+cert_name="$(hostname -d) Root CA"
+cert_path=/usr/local/etc/ssl/certs/ca.crt
+nss_db_path="${HOME}/.pki/nssdb"
+
+mkdir -p "$nss_db_path"
+
+if ! certutil -d "sql:${nss_db_path}" -L -n "$cert_name" > /dev/null 2>&1; then
+  certutil -d "sql:${nss_db_path}" -A -t 'C,,' -n "$cert_name" -i "$cert_path"
+fi
-- 
cgit v1.2.3