starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[PR #193] [CLOSED] Use sudo when necessary for certutil (Ubuntu 16.04 at least), fixes #192 #414

New issue
Closed
opened 2026-02-25 22:33:25 +03:00 by kerem · 0 comments
kerem commented 2026-02-25 22:33:25 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/FiloSottile/mkcert/pull/193
Author: @rfay
Created: 8/20/2019
Status: Closed

Base: masterHead: 20190820_sudo_certutil

📝 Commits (6)

  • be53f09 Sudo must be used with certutil on Ubuntu 16.04
  • 82ba486 Improve certutil error message
  • d7ae73b Add x/sys/unix to vendor
  • 5195be5 Check permissions and use sudo for nss install/uninstall
  • 58ce116 Handle case of windows as well
  • f7d2d8b Build constraints for the first time

📊 Changes

292 files changed (+229563 additions, -10 deletions)

View changed files

📝 go.mod (+1 -0)
📝 go.sum (+2 -0)
is_writable.go (+14 -0)
is_writable_windows.go (+26 -0)
📝 truststore_nss.go (+23 -10)
vendor/golang.org/x/sys/AUTHORS (+3 -0)
vendor/golang.org/x/sys/CONTRIBUTORS (+3 -0)
vendor/golang.org/x/sys/LICENSE (+27 -0)
vendor/golang.org/x/sys/PATENTS (+22 -0)
vendor/golang.org/x/sys/unix/.gitignore (+2 -0)
vendor/golang.org/x/sys/unix/README.md (+173 -0)
vendor/golang.org/x/sys/unix/affinity_linux.go (+128 -0)
vendor/golang.org/x/sys/unix/aliases.go (+14 -0)
vendor/golang.org/x/sys/unix/asm_aix_ppc64.s (+17 -0)
vendor/golang.org/x/sys/unix/asm_darwin_386.s (+29 -0)
vendor/golang.org/x/sys/unix/asm_darwin_amd64.s (+29 -0)
vendor/golang.org/x/sys/unix/asm_darwin_arm.s (+30 -0)
vendor/golang.org/x/sys/unix/asm_darwin_arm64.s (+30 -0)
vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s (+29 -0)
vendor/golang.org/x/sys/unix/asm_freebsd_386.s (+29 -0)

...and 80 more files

📄 Description

#192 points out that as of v1.4.0, certutil -A is not run with sufficient privileges. This seems to be a problem particularly on Ubuntu 16.04, but possibly on some other Debian-derivatives as well.

This PR checks to see if the path to the profile is writable; if it's not, it uses sudo to run certutil -A and certutil -D

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/FiloSottile/mkcert/pull/193 **Author:** [@rfay](https://github.com/rfay) **Created:** 8/20/2019 **Status:** ❌ Closed **Base:** `master` ← **Head:** `20190820_sudo_certutil` --- ### 📝 Commits (6) - [`be53f09`](https://github.com/FiloSottile/mkcert/commit/be53f098889f2d8ff3b4b68c4ed2cce536a7aaf6) Sudo must be used with certutil on Ubuntu 16.04 - [`82ba486`](https://github.com/FiloSottile/mkcert/commit/82ba4863ef1c6c2e281fcaea38c074cfd50974c3) Improve certutil error message - [`d7ae73b`](https://github.com/FiloSottile/mkcert/commit/d7ae73bd6017d611ab6af57d6c323e96666cb57a) Add x/sys/unix to vendor - [`5195be5`](https://github.com/FiloSottile/mkcert/commit/5195be501e85ccc76ab8b1a33391b6dcbc7a8af9) Check permissions and use sudo for nss install/uninstall - [`58ce116`](https://github.com/FiloSottile/mkcert/commit/58ce1169130a16cb6e368c98d8a16b964cd2545d) Handle case of windows as well - [`f7d2d8b`](https://github.com/FiloSottile/mkcert/commit/f7d2d8b3f27e6ec8ebd1afdfc1376ea11e2d0f5d) Build constraints for the first time ### 📊 Changes **292 files changed** (+229563 additions, -10 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+1 -0) 📝 `go.sum` (+2 -0) ➕ `is_writable.go` (+14 -0) ➕ `is_writable_windows.go` (+26 -0) 📝 `truststore_nss.go` (+23 -10) ➕ `vendor/golang.org/x/sys/AUTHORS` (+3 -0) ➕ `vendor/golang.org/x/sys/CONTRIBUTORS` (+3 -0) ➕ `vendor/golang.org/x/sys/LICENSE` (+27 -0) ➕ `vendor/golang.org/x/sys/PATENTS` (+22 -0) ➕ `vendor/golang.org/x/sys/unix/.gitignore` (+2 -0) ➕ `vendor/golang.org/x/sys/unix/README.md` (+173 -0) ➕ `vendor/golang.org/x/sys/unix/affinity_linux.go` (+128 -0) ➕ `vendor/golang.org/x/sys/unix/aliases.go` (+14 -0) ➕ `vendor/golang.org/x/sys/unix/asm_aix_ppc64.s` (+17 -0) ➕ `vendor/golang.org/x/sys/unix/asm_darwin_386.s` (+29 -0) ➕ `vendor/golang.org/x/sys/unix/asm_darwin_amd64.s` (+29 -0) ➕ `vendor/golang.org/x/sys/unix/asm_darwin_arm.s` (+30 -0) ➕ `vendor/golang.org/x/sys/unix/asm_darwin_arm64.s` (+30 -0) ➕ `vendor/golang.org/x/sys/unix/asm_dragonfly_amd64.s` (+29 -0) ➕ `vendor/golang.org/x/sys/unix/asm_freebsd_386.s` (+29 -0) _...and 80 more files_ </details> ### 📄 Description #192 points out that as of v1.4.0, `certutil -A` is not run with sufficient privileges. This seems to be a problem particularly on Ubuntu 16.04, but possibly on some other Debian-derivatives as well. This PR checks to see if the path to the profile is writable; if it's not, it uses sudo to run `certutil -A` and `certutil -D` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-25 22:33:25 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#414
No description provided.